Omniscia Euler Finance Audit
GenericFactory Static Analysis Findings
GenericFactory Static Analysis Findings
GFY-01S: Inexistent Sanitization of Input Address
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | GenericFactory.sol:L65-L73 |
Description:
The linked function accepts an address argument yet does not properly sanitize it.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
65constructor(address admin) {66 emit Genesis();67
68 reentrancyLock = REENTRANCYLOCK__UNLOCKED;69
70 upgradeAdmin = admin;71
72 emit SetUpgradeAdmin(admin);73}Recommendation:
We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The input admin address argument of the GenericFactory::constructor function is adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.
GFY-02S: Inexistent Visibility Specifiers
| Type | Severity | Location |
|---|---|---|
| Code Style | | GenericFactory.sol:L15, L16 |
Description:
The linked variables have no visibility specifier explicitly set.
Example:
15uint256 constant REENTRANCYLOCK__UNLOCKED = 1;Recommendation:
We advise them to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The internal visibility specifier has been introduced to all referenced variables, preventing potential compilation discrepancies and addressing this exhibit.
GFY-03S: Multiple Top-Level Declarations
| Type | Severity | Location |
|---|---|---|
| Code Style | | GenericFactory.sol:L8, L12 |
Description:
The referenced file contains multiple top-level declarations that decrease the legibility of the codebase.
Example:
8interface IComponent {9 function initialize(address creator) external;10}11
12contract GenericFactory is MetaProxyDeployer {Recommendation:
We advise all highlighted top-level declarations to be split into their respective code files, avoiding unnecessary imports as well as increasing the legibility of the codebase.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The Euler Finance team evaluated this exhibit and opted to retain the current declaration structure as they do not consider the IComponent declaration to be reducing the overall file's legibility.