Omniscia Gravita Protocol Audit

BorrowerOperations Static Analysis Findings

BorrowerOperations Static Analysis Findings

BOS-01S: Inexistent Sanitization of Input Addresses

TypeSeverityLocation
Input SanitizationBorrowerOperations.sol:L91-L111

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/BorrowerOperations.sol
91function setAddresses(
92    address _vesselManagerAddress,
93    address _stabilityPoolAddress,
94    address _gasPoolAddress,
95    address _collSurplusPoolAddress,
96    address _sortedVesselsAddress,
97    address _debtTokenAddress,
98    address _feeCollectorAddress,
99    address _adminContractAddress
100) external override {
101    require(!isInitialized, "Already initialized");
102    isInitialized = true;
103    vesselManager = IVesselManager(_vesselManagerAddress);
104    stabilityPool = IStabilityPool(_stabilityPoolAddress);
105    gasPoolAddress = _gasPoolAddress;
106    collSurplusPool = ICollSurplusPool(_collSurplusPoolAddress);
107    sortedVessels = ISortedVessels(_sortedVesselsAddress);
108    debtToken = IDebtToken(_debtTokenAddress);
109    feeCollector = IFeeCollector(_feeCollectorAddress);
110    adminContract = IAdminContract(_adminContractAddress);
111}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.

Prev

AdminContract.sol (ACT-S)

Next

CollSurplusPool.sol (CSP-S)

On this page