Omniscia Impact Market Audit

StakingImplementation Static Analysis Findings

StakingImplementation Static Analysis Findings

SIN-01S: Inexistent Sanitization of Input Addresses

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/staking/StakingImplementation.sol
52function initialize(
53 IERC20 _PACT,
54 IMintableToken _SPACT,
55 IDonationMiner _donationMiner,
56 uint256 _cooldown
57) public initializer {
58 __Ownable_init();
59 __ReentrancyGuard_init();
60
61 PACT = _PACT;
62 SPACT = _SPACT;
63 donationMiner = _donationMiner;
64 cooldown = _cooldown;
65}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

Code has been added to perform zero-check input validation on the linked variables _PACT, _SPACT and _donationMiner properly.