Omniscia Gravita Protocol Audit
AdminContract Static Analysis Findings
AdminContract Static Analysis Findings
ACT-01S: Data Location Optimization
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | AdminContract.sol:L211 |
Description:
The linked input argument is set as memory in an external function.
Example:
210function isWrappedMany(211 address[] memory _collaterals212) external view returns (bool[] memory wrapped) {Recommendation:
We advise it to be set as calldata optimizing its read-access gas cost.
Alleviation:
The argument's data location has been properly updated from memory to calldata, optimizing its read-access gas cost.
ACT-02S: Illegible Numeric Value Representations
| Type | Severity | Location |
|---|---|---|
| Code Style | | AdminContract.sol:L44-L45, L51, L321, L336, L366, L369, L415 |
Description:
The linked representations of numeric literals are sub-optimally represented decreasing the legibility of the codebase.
Example:
44uint256 public constant MCR_DEFAULT = 1100000000000000000; // 110%45uint256 public constant CCR_DEFAULT = 1500000000000000000; // 150%Recommendation:
To properly illustrate each value's purpose, we advise the following guidelines to be followed.
For values meant to depict fractions with a base of 1e18, we advise fractions to be utilized directly (i.e. 1e17 becomes 0.1e18) as they are supported.
For values meant to represent a percentage base, we advise each value to utilize the underscore (_) separator to discern the percentage decimal (i.e. 10000 becomes 100_00, 300 becomes 3_00 and so on).
Finally, for large numeric values we simply advise the underscore character to be utilized again to represent them (i.e. 1000000 becomes 1_000_000).
Alleviation:
All numeric denominations of the contract have been updated to either utilize the ether representation or the underscore-separated paradigm outlined in the exhibit. As such, we consider this exhibit fully alleviated.
ACT-03S: Inexistent Visibility Specifier
| Type | Severity | Location |
|---|---|---|
| Code Style | | AdminContract.sol:L69 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
69mapping(address => CollateralParams) collateralParams;Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation:
An internal visibility specifier has been introduced to the collateralParams contract member, ensuring that no inconsistencies can arise between compiler versions.
ACT-04S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AdminContract.sol:L134-L153 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
134function setAddresses(135 address _communityIssuanceAddress,136 address _activePoolAddress,137 address _defaultPoolAddress,138 address _stabilityPoolAddress,139 address _collSurplusPoolAddress,140 address _priceFeedAddress,141 address _shortTimelock,142 address _longTimelock143) external onlyOwner {144 require(!isInitialized);145 communityIssuance = ICommunityIssuance(_communityIssuanceAddress);146 activePool = IActivePool(_activePoolAddress);147 defaultPool = IDefaultPool(_defaultPoolAddress);148 stabilityPool = IStabilityPool(_stabilityPoolAddress);149 collSurplusPool = ICollSurplusPool(_collSurplusPoolAddress);150 priceFeed = IPriceFeed(_priceFeedAddress);151 shortTimelock = _shortTimelock;152 longTimelock = _longTimelock;153}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.