Omniscia Kyber Network Audit

UniswapV4KEMHook Static Analysis Findings

UVK-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		UniswapV4KEMHook.sol:L32-L50

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

src/UniswapV4KEMHook.sol

32constructor(
33  IPoolManager _poolManager,
34  address initialOwner,
35  address[] memory initialClaimableAccounts,
36  address[] memory initialWhitelistedAccounts,
37  address initialQuoteSigner,
38  address initialEgRecipient
39)
40  BaseKEMHook(
41    initialOwner,
42    initialClaimableAccounts,
43    initialWhitelistedAccounts,
44    initialQuoteSigner,
45    initialEgRecipient
46  )
47{
48  poolManager = _poolManager;
49  Hooks.validateHookPermissions(IHooks(address(this)), getHookPermissions());
50}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation:

The Kyber Network team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.

Omniscia Kyber Network Audit

UniswapV4KEMHook Static Analysis Findings

UniswapV4KEMHook Static Analysis Findings

UVK-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation:

Code Style

BaseKEMHook.sol (BKE-M)

On this page