Omniscia Euler Finance Audit

LidoOracle Static Analysis Findings

LOE-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		LidoOracle.sol:L20-L23

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

src/adapter/lido/LidoOracle.sol

20constructor(address _stEth, address _wstEth) {
21    stEth = _stEth;
22    wstEth = _wstEth;
23}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Euler Finance team evaluated this exhibit and opted to acknowledge it as they intend to deploy oracles via factory contracts meant to mitigate human error.

Omniscia Euler Finance Audit

LidoOracle Static Analysis Findings

LidoOracle Static Analysis Findings

LOE-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

Governable.sol (GEL-S)

PythOracle.sol (POE-S)

On this page