Omniscia Euler Finance Audit
EVCClient Static Analysis Findings
EVCClient Static Analysis Findings
EVC-01S: Inexistent Sanitization of Input Address
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | EVCClient.sol:L28-L30 |
Description:
The linked function accepts an address argument yet does not properly sanitize it.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
28constructor(address _evc) {29 evc = IEVC(_evc);30}Recommendation:
We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The code was updated to utilize a newly introduced AddressUtils contract that will verify the address contains code instead, acting as a superset of the non-zero check and providing better sanitization of the referenced argument.
EVC-02S: Inexistent Visibility Specifier
| Type | Severity | Location |
|---|---|---|
| Code Style | | EVCClient.sol:L18 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
18IEVC immutable evc;Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The internal visibility specifier has been introduced to the referenced variable, preventing potential compilation discrepancies and addressing this exhibit.