Omniscia Bluejay Finance Audit
BondGovernor Static Analysis Findings
BondGovernor Static Analysis Findings
BGR-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | BondGovernor.sol:L26, L54 |
Description:
The linked address arguments affect sensitive contract variables yet remain unsanitized.
Example:
packages/contracts/contracts/BondGovernor.sol
26constructor(address _BLU, uint256 _maximumRatio) {27 BLU = IERC20(_BLU);28 minimumSize = WAD / 1000; // 1 thousandth of the token [wad]29 fees = WAD / 5; // 20% of sale proceeds [wad]30 maximumRatio = _maximumRatio;31}Recommendation:
We advise them to be sanitized against the zero-address (address(0)) to prevent misconfiguration of the contract.
Alleviation:
The Bluejay Finance team stated that they do not wish to sanitize the referenced input argument as the function is executed only once during the contract's lifetime. As a result, we consider this exhibit acknowledged.