Omniscia 0xPhase Audit

CloneDiamond Static Analysis Findings

CDD-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		CloneDiamond.sol:L29-L41

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

diamond/Clone/CloneDiamond.sol

29constructor(
30  address owner_,
31  address target_,
32  address initializer_,
33  bytes memory initializerData_
34) {
35  _transferOwnership(owner_);
36  _setCloneDiamondTarget(target_);
37
38  if (initializerData_.length > 0) {
39    CallLib.delegateCallFunc(initializer_, initializerData_);
40  }
41}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):

All input addresses of the contact's CloneDiamond::constructor are sanitized as non-zero, preventing the contract from being misconfigured on deployment.

Omniscia 0xPhase Audit

CloneDiamond Static Analysis Findings

CloneDiamond Static Analysis Findings

CDD-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):

CashOracle.sol (COE-S)

DBV1.sol (DBV-S)

On this page