Omniscia 0xPhase Audit

ICreditAccount Static Analysis Findings

ICA-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		ICreditAccount.sol:L62

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

account/ICreditAccount.sol

55function initializeCreditAccountV1(
56  IDB db_
57) external initialize("v1") initializer {
58  __ERC721_init("Phase Credit Account", "CREDIT");
59  __ERC721Enumerable_init();
60  __ERC721Burnable_init();
61
62  db = db_;
63  manager = Manager(db_.getAddress("MANAGER"));
64}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):

The input address of the contract's initialization (CreditAccountStorageV1::initializeCreditAccountV1) mechanism is properly sanitized as non-zero, preventing it from being misconfigured during its initialization.

Omniscia 0xPhase Audit

ICreditAccount Static Analysis Findings

ICreditAccount Static Analysis Findings

ICA-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):

ElementBase.sol (EBE-S)

StorageUpgradeableProxy.sol (SUP-S)

On this page