Omniscia Morpho Audit

Auth Static Analysis Findings

AUT-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		Auth.sol:L17

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

src/Auth.sol

17constructor(address _owner, Authority _authority) {
18    owner = _owner;
19    authority = _authority;
20
21    emit OwnerUpdated(msg.sender, _owner);
22    emit AuthorityUpdated(msg.sender, _authority);
23}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Morpho team stated that they wish to retain the code as is and will redeploy their token should a mistake be made during the construction of the token. As a result, we consider this exhibit acknowledged.

Omniscia Morpho Audit

Auth Static Analysis Findings

Auth Static Analysis Findings

AUT-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

Code Style

Token.sol (TOK-M)

On this page