Omniscia Gravita Protocol Audit

ActivePool Static Analysis Findings

ActivePool Static Analysis Findings

APL-01S: Inexistent Sanitization of Input Addresses

TypeSeverityLocation
Input SanitizationActivePool.sol:L84-L106

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/ActivePool.sol
84function setAddresses(
85    address _borrowerOperationsAddress,
86    address _collSurplusPoolAddress,
87    address _defaultPoolAddress,
88    address _stabilityPoolAddress,
89    address _vesselManagerAddress,
90    address _vesselManagerOperationsAddress
91) external initializer {
92    require(!isInitialized, "Already initialized");
93    isInitialized = true;
94

95    __Ownable_init();
96    __ReentrancyGuard_init();
97

98    borrowerOperationsAddress = _borrowerOperationsAddress;
99    collSurplusPool = ICollSurplusPool(_collSurplusPoolAddress);
100    defaultPool = IDefaultPool(_defaultPoolAddress);
101    stabilityPoolAddress = _stabilityPoolAddress;
102    vesselManagerAddress = _vesselManagerAddress;
103    vesselManagerOperationsAddress = _vesselManagerOperationsAddress;
104

105    renounceOwnership();
106}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.

Prev

Code Style

Next

AdminContract.sol (ACT-S)

On this page