AllianceBlockToken Static Analysis Findings

ABT-01S: Data Location Optimizations

Type	Severity	Location
Gas Optimization		AllianceBlockToken.sol:L99

Description:

The linked input arguments are set as memory in external function(s).

Example:

Copy
99function batchMint(address[] memory recipients, uint256[] memory values) public returns (bool) {

Recommendation:

We advise them to be set as calldata optimizing their read-access gas cost.

Alleviation (5bde836b591caa6c3dfd47b79f323317a26c8a0d):

Both referenced data locations have been set to calldata optimizing the function's gas cost.

ABT-02S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		AllianceBlockToken.sol:L16

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
16function init(string memory name, string memory symbol, address admin, address minter, uint256 cap_) public initializer {
17    __ERC20_init_unchained(name, symbol);
18    __ERC20Snapshot_init_unchained();
19    __ERC20Permit_init(name);
20    __Pausable_init_unchained();
21    __AllianceBlockToken_init_unchained(cap_);
22    // We don't use __ERC20PresetMinterPauser_init_unchained to avoid giving permisions to _msgSender
23    _setupRole(DEFAULT_ADMIN_ROLE, admin);
24    _setupRole(MINTER_ROLE, admin);
25    _setupRole(PAUSER_ROLE, admin);
26    _setupRole(MINTER_ROLE, minter);
27}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (5bde836b591caa6c3dfd47b79f323317a26c8a0d):

The minter variable has been removed from the init function and the admin variable is now properly sanitized as non-zero rendering this exhibit alleviated.