Omniscia 0xPhase Audit
VaultInitializer Static Analysis Findings
VaultInitializer Static Analysis Findings
VIR-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | VaultInitializer.sol:L41-L98 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
vault/diamond/VaultInitializer.sol
41function initializeVaultV1(42 IDB db_,43 Storage varStorage_,44 IERC20 asset_,45 IOracle priceOracle_,46 IInterest interest_,47 uint256 initialMaxMint_,48 uint256 initialMaxCollateralRatio_,49 uint256 initialBorrowFee_,50 uint256 initialLiquidationFee_,51 uint256 initialHealthTargetMinimum_,52 uint256 initialHealthTargetMaximum_,53 address adapter_,54 bytes memory adapterData_55) external initialize("v1") {Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
All input addresses of the contact's VaultInitializer::constructor are sanitized as non-zero, preventing the contract from being misconfigured on deployment.