Omniscia AllianceBlock Audit

MerkleDistributor Static Analysis Findings

MDR-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		MerkleDistributor.sol:L20-L23

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/MerkleDistributor.sol

20constructor(address token_, bytes32 merkleRoot_) {
21    token = token_;
22    merkleRoot = merkleRoot_;
23}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation:

The token_ input variable during the contract's constructor is now adequately sanitized and yields an InvalidToken error via revert if the sanitization fails, alleviating this exhibit in full.

Omniscia AllianceBlock Audit

MerkleDistributor Static Analysis Findings

MerkleDistributor Static Analysis Findings

MDR-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation:

Code Style

MerkleDistributorWithDeadline.sol (MDW-M)

On this page