Omniscia Gravita Protocol Audit
VesselManager Static Analysis Findings
VesselManager Static Analysis Findings
VMR-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | VesselManager.sol:L124-L147 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/VesselManager.sol
124function setAddresses(125 address _borrowerOperationsAddress,126 address _stabilityPoolAddress,127 address _gasPoolAddress,128 address _collSurplusPoolAddress,129 address _debtTokenAddress,130 address _feeCollectorAddress,131 address _sortedVesselsAddress,132 address _vesselManagerOperationsAddress,133 address _adminContractAddress134) external override initializer {135 require(!isInitialized, "Already initialized");136 isInitialized = true;137 __Ownable_init();138 borrowerOperations = _borrowerOperationsAddress;139 stabilityPool = IStabilityPool(_stabilityPoolAddress);140 gasPoolAddress = _gasPoolAddress;141 collSurplusPool = ICollSurplusPool(_collSurplusPoolAddress);142 debtToken = IDebtToken(_debtTokenAddress);143 feeCollector = IFeeCollector(_feeCollectorAddress);144 sortedVessels = ISortedVessels(_sortedVesselsAddress);145 vesselManagerOperations = IVesselManagerOperations(_vesselManagerOperationsAddress);146 adminContract = IAdminContract(_adminContractAddress);147}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
The Gravita Protocol team has opted to not apply a remediation for this exhibit thus rendering it acknowledged.