Omniscia Gravita Protocol Audit
StabilityPool Static Analysis Findings
StabilityPool Static Analysis Findings
SPL-01S: Inexistent Visibility Specifier
| Type | Severity | Location |
|---|---|---|
| Code Style |  | StabilityPool.sol:L174 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
174mapping(address => Colls) pendingCollGains;Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation:
The pendingCollGains variable is no longer present in the codebase rendering this exhibit no longer applicable.
SPL-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | StabilityPool.sol:L242-L268 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
242function setAddresses(243 address _borrowerOperationsAddress,244 address _vesselManagerAddress,245 address _activePoolAddress,246 address _debtTokenAddress,247 address _sortedVesselsAddress,248 address _communityIssuanceAddress,249 address _adminContractAddress250) external initializer override {251 require(!isInitialized, "StabilityPool: Already initialized");252
253 isInitialized = true;254 __Ownable_init();255 __ReentrancyGuard_init();256
257 borrowerOperations = IBorrowerOperations(_borrowerOperationsAddress);258 vesselManager = IVesselManager(_vesselManagerAddress);259 activePool = IActivePool(_activePoolAddress);260 debtToken = IDebtToken(_debtTokenAddress);261 sortedVessels = ISortedVessels(_sortedVesselsAddress);262 communityIssuance = ICommunityIssuance(_communityIssuanceAddress);263 adminContract = IAdminContract(_adminContractAddress);264
265 P = DECIMAL_PRECISION;266
267 renounceOwnership();268}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.