Omniscia Moby Audit
AuthorityUtil Static Analysis Findings
AuthorityUtil Static Analysis Findings
AUL-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AuthorityUtil.sol:L12-L15, L47-L50 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/AuthorityUtil.sol
47function setAuthority(IOptionsAuthority _newAuthority) external onlyAdmin {48 authority = _newAuthority;49 emit AuthorityUpdated(_newAuthority);50}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
All input argument(s) of the AuthorityUtil::__AuthorityUtil_init__, and AuthorityUtil::setAuthority functions are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.