Omniscia BlazeSwap Audit

BlazeSwapBasePair Static Analysis Findings

BlazeSwapBasePair Static Analysis Findings

BSB-01S: Inexistent Visibility Specifier

Description:

The linked variable has no visibility specifier explicitly set.

Example:

contracts/core/BlazeSwapBasePair.sol
22IBlazeSwapMath mc;

Recommendation:

We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.

Alleviation:

The BlazeSwap team considered this exhibit but opted not to apply a remediation for it as they have stated they will not remediate any issues of minor severity and below.

BSB-02S: Inexistent Sanitization of Input Addresses

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/core/BlazeSwapBasePair.sol
59function initialize(
60 address _manager,
61 address _token0,
62 address _token1
63) public onlyParent {
64 mc = IBlazeSwapBaseManager(_manager).mathContext();
65 manager = _manager;
66 token0 = _token0;
67 token1 = _token1;
68}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The initialize function is solely invoked by the createPair function of the BlazeSwapBaseFactory and the input arguments are properly validated at the caller level. As a result, we consider this exhibit nullified.