AbstractCCIPMessagingUpgradeable Static Analysis Findings

ACC-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		AbstractCCIPMessagingUpgradeable.sol: • I-1: L128-L131 • I-2: L140-L143

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
128function setCCIPRouter(address _ccipRouter) public onlyOwner {
129    ccipRouter = _ccipRouter;
130    emit CCIPRouterUpdated(_ccipRouter);
131}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (c5b31e01e4d5cf94e0ef3523780c4aac764127bf):

The Avant Protocol team evaluated this exhibit and clarified that the AbstractCCIPMessagingUpgradeable implementation is meant to support a dynamic LayerZero and CCIP scenario by toggling the swiftest pathway while disabling its alternative.

As disabling the CCIP pathway in particular is performed by configuring the relevant router and whitelisted peer entries to the zero-address, we consider this exhibit to be an improper recommendation and thus nullified.