Omniscia Bonq Audit
price-feed Static Analysis Findings
price-feed Static Analysis Findings
PRI-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | price-feed.sol:L43-L56 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/price-feed.sol
44constructor(45 address _collateralToken,46 address _stableCoin,47 address _routerAddress,48 address _ownerAddress49) {50 collateralToken = _collateralToken;51 stableCoin = _stableCoin;52 IRouter scopedRouter = IRouter(address(_routerAddress));53 router = scopedRouter;54 blockTimestampLast = block.timestamp;55 _transferOwnership(_ownerAddress);56}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The Bonq Protocol team has stated that they will not proceed with the price feed implementations that they currently have in place after the findings we have identified within the report. The price feeds they will instead utilize will be Chainlink and as such, we consider these exhibits nullified.