Omniscia BlazeSwap Audit
BlazeSwapBasePair Static Analysis Findings
BlazeSwapBasePair Static Analysis Findings
BSB-01S: Inexistent Visibility Specifier
Type | Severity | Location |
---|---|---|
Code Style | BlazeSwapBasePair.sol:L22 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
22IBlazeSwapMath mc;
Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma
versions.
Alleviation:
The BlazeSwap team considered this exhibit but opted not to apply a remediation for it as they have stated they will not remediate any issues of minor severity and below.
BSB-02S: Inexistent Sanitization of Input Addresses
Type | Severity | Location |
---|---|---|
Input Sanitization | BlazeSwapBasePair.sol:L60, L61, L62 |
Description:
The linked function(s) accept address
arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor
implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
59function initialize(60 address _manager,61 address _token0,62 address _token163) public onlyParent {64 mc = IBlazeSwapBaseManager(_manager).mathContext();65 manager = _manager;66 token0 = _token0;67 token1 = _token1;68}
Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address
specified is non-zero.
Alleviation:
The initialize
function is solely invoked by the createPair
function of the BlazeSwapBaseFactory
and the input arguments are properly validated at the caller level. As a result, we consider this exhibit nullified.