Omniscia Gravita Protocol Audit
DebtToken Static Analysis Findings
DebtToken Static Analysis Findings
DTN-01S: Inexistent Event Emissions
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | DebtToken.sol:L88-L90, L92-L94 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
88function addWhitelist(address _address) external override onlyTimelock {89 whitelistedContracts[_address] = true;90}Recommendation:
We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation:
A WhitelistChanged event has been introduced to the DebtToken contract and is now correspondingly emitted in both referenced functions, alleviating this exhibit in full.
DTN-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | DebtToken.sol:L42-L52 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
42constructor(43 address _vesselManagerAddress,44 address _stabilityPoolAddress,45 address _borrowerOperationsAddress,46 address _timelockAddress47) ERC20("GRAI", "GRAI") {48 vesselManagerAddress = _vesselManagerAddress;49 timelockAddress = _timelockAddress;50 stabilityPool = IStabilityPool(_stabilityPoolAddress);51 borrowerOperationsAddress = _borrowerOperationsAddress;52}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.