Omniscia Maverick Protocol Audit

MaverickV2RewardRouter Static Analysis Findings

MVE-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		MaverickV2RewardRouter.sol:L37-L45

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

v2-rewards/contracts/MaverickV2RewardRouter.sol

37constructor(
38    IMaverickV2Factory _factory,
39    IWETH9 _weth,
40    IMaverickV2Position _position,
41    IMaverickV2BoostedPositionFactory _boostedPositionFactory,
42    IMaverickV2RewardFactory _rewardFactory
43) MaverickV2LiquidityManager(_factory, _weth, _position, _boostedPositionFactory) {
44    rewardFactory = _rewardFactory;
45}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (07ad29f773f16bdfbae3d97d3a7c2f9d64866093):

The Maverick Protocol team specified that they wish to acknowledge these exhibits as the contracts involved will either be deployed by a factory performing those validations or by the Maverick Protocol team directly which is expected to perform them manually.

As such, we consider this exhibit to be acknowledged.

Omniscia Maverick Protocol Audit

MaverickV2RewardRouter Static Analysis Findings

MaverickV2RewardRouter Static Analysis Findings

MVE-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation (07ad29f773f16bdfbae3d97d3a7c2f9d64866093):

MaverickV2RewardFactory.sol (MVF-S)

MaverickV2VotingEscrowFactory.sol (MVY-S)

On this page