Omniscia Kyo Finance Audit

UniswapV2GaugeFactory Static Analysis Findings

UVY-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		UniswapV2GaugeFactory.sol:L26-L30

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/voting/uniswap-v2/UniswapV2GaugeFactory.sol

26constructor(IUniswapV2Factory uniswapFactory_, IERC4626TokenStreamSplitter rewardSource, ICodeStorage gaugeCreationCode_, ICodeStorage bribeCreationCode_) Voter(rewardSource) Ownable(msg.sender) {
27    uniswapFactory = uniswapFactory_;
28    gaugeCreationCode = gaugeCreationCode_;
29    bribeCreationCode = bribeCreationCode_;
30}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):

The Kyo Finance team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.

Omniscia Kyo Finance Audit

UniswapV2GaugeFactory Static Analysis Findings

UniswapV2GaugeFactory Static Analysis Findings

UVY-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):

SingleStreamConsumer.sol (SSC-S)

UniswapV3Factory.sol (UVF-S)

On this page