Omniscia Boson Protocol Audit

ProtocolDiamond Static Analysis Findings

PDD-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		ProtocolDiamond.sol:L35-L39

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/diamond/ProtocolDiamond.sol

35constructor(
36    IAccessControlUpgradeable _accessController,
37    IDiamondCut.FacetCut[] memory _facetCuts,
38    bytes4[] memory _interfaceIds
39) payable {
40    // Get the DiamondStorage struct
41    DiamondLib.DiamondStorage storage ds = DiamondLib.diamondStorage();
42
43    // Set the AccessController instance
44    ds.accessController = _accessController;
45
46    // Cut the diamond with the given facets
47    JewelerLib.diamondCut(_facetCuts, address(0), new bytes(0));
48
49    // Add supported interfaces
50    if (_interfaceIds.length > 0) {
51        for (uint8 x = 0; x < _interfaceIds.length; x++) {
52            DiamondLib.addSupportedInterface(_interfaceIds[x]);
53        }
54    }
55}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):

The _accessController input address is now properly sanitized in the referenced statements.

Omniscia Boson Protocol Audit

ProtocolDiamond Static Analysis Findings

ProtocolDiamond Static Analysis Findings

PDD-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):

OfferBase.sol (OBE-S)

ProtocolLib.sol (PLB-S)

On this page