Omniscia Alliance Block Audit
GovernanceFacet Static Analysis Findings
GovernanceFacet Static Analysis Findings
GFT-01S: Inexistent Zero Address Check
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | GovernanceFacet.sol:L33 |
Description:
The linked function accepts an address argument but does not properly sanitize it against the zero-address.
Example:
contracts/facets/GovernanceFacet.sol
27/**28 * @notice Adds/removes a member account29 * @param account_ The account to be modified30 * @param status_ Whether the account will be set as member or not31 * @param signatures_ The signatures of the validators authorizing this member update32 */33function updateMember(address account_, bool status_, bytes[] calldata signatures_)34 onlyConsensusNonce(computeMemberUpdateMessage(account_, status_), signatures_)35 external override36{37 LibGovernance.updateMember(account_, status_);38 emit MemberUpdated(account_, status_);39}Recommendation:
We advise such sanitization to be introduced to prevent misconfiguration of the contract.
Alleviation:
A zero-address check was properly introduced to the linked function. We should note that an error message does not accompany it and we advise it to be specified so, however, we consider this exhibit dealt with.