Omniscia Mitosis Audit
EETHDepositHelper Static Analysis Findings
EETHDepositHelper Static Analysis Findings
EET-01S: Inexistent Sanitization of Input Addresses
Type | Severity | Location |
---|---|---|
Input Sanitization | EETHDepositHelper.sol:L20-L25 |
Description:
The linked function(s) accept address
arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor
implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
src/helpers/EETHDepositHelper.sol
20function initialize(IeETH eETH_, IweETH weETH_) public initializer {21 __Ownable_init();22
23 _eETH = eETH_;24 _weETH = weETH_;25}
Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address
specified is non-zero.
Alleviation (58e8cc66dfa900c03c47df78f5170d9960005629):
All input arguments of the EETHDepositHelper::initialize
function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.