Omniscia BlazeSwap Audit
BlazeSwapBasePair Static Analysis Findings
BlazeSwapBasePair Static Analysis Findings
BSB-01S: Inexistent Visibility Specifier
| Type | Severity | Location |
|---|---|---|
| Code Style |  | BlazeSwapBasePair.sol:L22 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
22IBlazeSwapMath mc;Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation:
The BlazeSwap team considered this exhibit but opted not to apply a remediation for it as they have stated they will not remediate any issues of minor severity and below.
BSB-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | BlazeSwapBasePair.sol:L60, L61, L62 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
59function initialize(60 address _manager,61 address _token0,62 address _token163) public onlyParent {64 mc = IBlazeSwapBaseManager(_manager).mathContext();65 manager = _manager;66 token0 = _token0;67 token1 = _token1;68}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The initialize function is solely invoked by the createPair function of the BlazeSwapBaseFactory and the input arguments are properly validated at the caller level. As a result, we consider this exhibit nullified.