Omniscia Bonq Audit

external-price-feed Static Analysis Findings

EXT-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		external-price-feed.sol:L39-L44

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/external-price-feed.sol

39constructor(address _collateralToken, address _ownerAddress) {
40  collateralToken = _collateralToken;
41  blockTimestampLast = block.timestamp;
42  _transferOwnership(_ownerAddress);
43  _grantRole(PRICE_FEED_ORACLE, _ownerAddress);
44}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Bonq Protocol team has stated that they will not proceed with the price feed implementations that they currently have in place after the findings we have identified within the report. The price feeds they will instead utilize will be Chainlink and as such, we consider these exhibits nullified.

Omniscia Bonq Audit

external-price-feed Static Analysis Findings

external-price-feed Static Analysis Findings

EXT-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

community-liquidation-pool.sol (COM-S)

mintable-token-owner.sol (MIT-S)

On this page