Omniscia Alliance Block Audit

OneStakerFeature Static Analysis Findings

OneStakerFeature Static Analysis Findings

OSF-01S: Inexistent Input Validation

Description:

The linked function does not validate the _staker input address against the zero address.

Example:

contracts/pool-features/OneStakerFeature.sol
10function setStaker(address _staker) public {
11 require(staker == address(0x0), "OneStakerFeature::setStaker staker was already sey");
12 staker = _staker;
13}

Recommendation:

We advise that such validation is introduced to ensure that the _staker address is not accidentally set to the zero address thus permitting re-setting it after the contract's deployment in contrast to what the require check of L11 is meant to guard against.

Alleviation:

A require check was introduced that ensures the staker is different than the zero-address.