Omniscia Gravita Protocol Audit

PriceFeed Static Analysis Findings

PFD-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		PriceFeed.sol:L54-L67

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/PriceFeed.sol

54function setAddresses(
55    address _adminContract,
56    address _rethToken,
57    address _stethToken,
58    address _wstethToken
59) external initializer {
60    require(!isInitialized);
61    isInitialized = true;
62    __Ownable_init();
63    adminContract = _adminContract;
64    rethToken = _rethToken;
65    stethToken = _stethToken;
66    wstethToken = _wstethToken;
67}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.

Omniscia Gravita Protocol Audit

PriceFeed Static Analysis Findings

PriceFeed Static Analysis Findings

PFD-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

GravitaMath.sol (GMH-S)

SortedVessels.sol (SVS-S)

On this page