Omniscia Evergon Labs Audit
ERC20FractionDataManagerFactoryClones Static Analysis Findings
ERC20FractionDataManagerFactoryClones Static Analysis Findings
ECF-01S: Inexistent Sanitization of Input Address
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | ERC20FractionDataManagerFactoryClones.sol:L21-L23 |
Description:
The linked function accepts an address argument yet does not properly sanitize it.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/dataManagers/ERC1155/linked-with-erc20-dm/ERC20FractionDataManagerFactoryClones.sol
21constructor(address _erc20FractionDataManager) {22 erc20FractionDataManagerImplementation = ERC20FractionDataManager(_erc20FractionDataManager);23}Recommendation:
We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.
Alleviation (c6b23c23d8bcd8cce85049ad959cbd711a37126b):
The input _erc20FractionDataManager address argument of the ERC20FractionDataManagerFactoryClones::constructor function is adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.