Omniscia Kwenta Audit

EscrowMigrator Static Analysis Findings

EMR-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		EscrowMigrator.sol:L88-L106

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/EscrowMigrator.sol

88constructor(
89    address _kwenta,
90    address _rewardEscrowV1,
91    address _rewardEscrowV2,
92    address _stakingRewardsV1,
93    address _stakingRewardsV2
94) {
95    if (_kwenta == address(0)) revert ZeroAddress();
96    if (_rewardEscrowV1 == address(0)) revert ZeroAddress();
97    if (_rewardEscrowV2 == address(0)) revert ZeroAddress();
98
99    kwenta = IKwenta(_kwenta);
100    rewardEscrowV1 = IRewardEscrow(_rewardEscrowV1);
101    rewardEscrowV2 = IRewardEscrowV2(_rewardEscrowV2);
102    stakingRewardsV1 = IStakingRewards(_stakingRewardsV1);
103    stakingRewardsV2 = IStakingRewardsV2(_stakingRewardsV2);
104
105    _disableInitializers();
106}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The _stakingRewardsV1 variable is no longer present as an input argument whilst the _stakingRewardsV2 argument is properly sanitized as non-zero, addressing this exhibit in full.

Omniscia Kwenta Audit

EscrowMigrator Static Analysis Findings

EscrowMigrator Static Analysis Findings

EMR-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

Code Style

EscrowMigrator.sol (EMR-M)

On this page