Omniscia 0xPhase Audit
AdminUpgradeableProxy Static Analysis Findings
AdminUpgradeableProxy Static Analysis Findings
AUP-01S: Data Location Optimizations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | AdminUpgradeableProxy.sol:L47-L48 |
Description:
The linked input arguments are set as memory in external function(s).
Example:
45function upgradeTo(46 address _newImplementation,47 bytes memory _oldImplementationData,48 bytes memory _newImplementationData49) external onlyOwner {Recommendation:
We advise them to be set as calldata optimizing their read-access gas cost.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The referenced data location specifiers have been optimally set to calldata as advised.
AUP-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AdminUpgradeableProxy.sol:L26-L37 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
30constructor(address _owner, address _target, bytes memory _initialCall) {31 _setImplementation(_target);32 _initializeOwnership(_owner);33
34 if (_initialCall.length > 0) {35 CallLib.delegateCallFunc(address(this), _initialCall);36 }37}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
Both input addresses of the contact's AdminUpgradeableProxy::constructor are sanitized as non-zero, preventing the contract from being misconfigured on deployment.