Omniscia Gnosis Guild Audit

Roles Static Analysis Findings

RSE-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		Roles.sol:L43-L46

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

packages/evm/contracts/Roles.sol

43constructor(address _owner, address _avatar, address _target) {
44    bytes memory initParams = abi.encode(_owner, _avatar, _target);
45    setUp(initParams);
46}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Gnosis Guild team evaluated this exhibit but has opted not to apply a remediation for it as an invalid address can be of many different values.

We would like to note that the reason the zero-address is protected in particular is that off-chain software will usually use "empty" values (i.e. 0x00..00) when malfunctioning, hence the recommended course of action.

In any case, we consider this exhibit safely acknowledged as it is trivial to re-deploy the contracts should the Gnosis Guild make a mistake.

Omniscia Gnosis Guild Audit

Roles Static Analysis Findings

Roles Static Analysis Findings

RSE-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

PermissionChecker.sol (PCR-S)

Integrity.sol (IYT-M)

On this page