Omniscia Moby Audit
BasePositionManager Static Analysis Findings
BasePositionManager Static Analysis Findings
BPM-01S: Illegible Numeric Value Representation
| Type | Severity | Location |
|---|---|---|
| Code Style |  | BasePositionManager.sol:L48 |
Description:
The linked representation of a numeric literal is sub-optimally represented decreasing the legibility of the codebase.
Example:
48ethTransferGasLimit = 500 * 1000;Recommendation:
To properly illustrate the value's purpose, we advise the following guidelines to be followed.
For values meant to depict fractions with a base of 1e18, we advise fractions to be utilized directly (i.e. 1e17 becomes 0.1e18) as they are supported.
For values meant to represent a percentage base, we advise each value to utilize the underscore (_) separator to discern the percentage decimal (i.e. 10000 becomes 100_00, 300 becomes 3_00 and so on).
Finally, for large numeric values we simply advise the underscore character to be utilized again to represent them (i.e. 1000000 becomes 1_000_000).
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The referenced multiplication has been replaced by its result, and its result is represented according to the underscore-based style guideline we established rendering this exhibit addressed.
BPM-02S: Suboptimal Event Declaration
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | BasePositionManager.sol:L32 |
Description:
The referenced event declaration does not have any indexed argument or have less than three indexed arguments that are a primitive type.
Example:
32event SetEthTransferGasLimit(uint256 ethTransferGasLimit);Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such an event, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declaration.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The indexed keyword has been properly introduced to the SetEthTransferGasLimit event, optimizing its emission cost.
BPM-03S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | BasePositionManager.sol:L34-L49 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
34function __BasePositionManager_init__(35 address _optionsMarket,36 address _controller,37 address _weth,38 IOptionsAuthority _authority39) public initializer {40 __ReentrancyGuard_init();41 __AuthorityUtil_init__(_authority);42
43 weth = _weth;44
45 optionsMarket = _optionsMarket;46 controller = _controller;47
48 ethTransferGasLimit = 500 * 1000;49}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
All input arguments of the BasePositionManager::__BasePositionManager_init__ function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.