Omniscia Arcade XYZ Audit
OwnableERC721 Static Analysis Findings
OwnableERC721 Static Analysis Findings
OER-01S: Inexistent Event Emission
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | OwnableERC721.sol:L44-L46 |
Description:
The linked function adjusts a sensitive contract variable yet does not emit an event for it.
Example:
44function _setNFT(address _ownershipToken) internal {45 ownershipToken = _ownershipToken;46}Recommendation:
We advise an event to be declared and correspondingly emitted to ensure off-chain processes can properly react to this system adjustment.
Alleviation (7a4e1dc948e94ded7385dbb74818bcf93ecc207c):
The SetOwnershipToken event has been introduced to the OwnableERC721 contract and is correspondingly emitted in the OwnableERC721::_setNFT function, addressing this exhibit in full.
OER-02S: Inexistent Sanitization of Input Address
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | OwnableERC721.sol:L44-L46 |
Description:
The linked function accepts an address argument yet does not properly sanitize it.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
44function _setNFT(address _ownershipToken) internal {45 ownershipToken = _ownershipToken;46}Recommendation:
We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.
Alleviation (7a4e1dc948e94ded7385dbb74818bcf93ecc207c):
The Arcade XYZ team evaluated this exhibit and opted to retain the current behaviour of the codebase.