Omniscia Moby Audit
FeeDistributor Static Analysis Findings
FeeDistributor Static Analysis Findings
FDR-01S: Inexistent Event Emissions
Type | Severity | Location |
---|---|---|
Language Specific | FeeDistributor.sol:L165-L167, L169-L171, L173-L178, L180-L185 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
165function setTreasury(address _treasury) public onlyAdmin {166 treasury = _treasury;167}
Recommendation:
We advise an event
to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The SetTreasury
, SetGT
, SetRate
, and SetDistributionPeriod
events were introduced to the codebase and are correspondingly emitted in the FeeDistributor::setTreasury
, FeeDistributor::setGT
, FeeDistributor::setRate
, and FeeDistributor::setDistributionPeriod
functions respectively, addressing this exhibit in full.
FDR-02S: Suboptimal Event Declaration
Type | Severity | Location |
---|---|---|
Gas Optimization | FeeDistributor.sol:L43 |
Description:
The referenced event
declaration does not have any indexed
argument or have less than three indexed
arguments that are a primitive type.
Example:
43event FeeDistribution(address receiver, uint256 amount);
Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such an event, primitive types that are set as indexed
will result in a gas optimization due to reduced memory costs. As such, we advise the indexed
keyword to be introduced to up to three different primitive types in total optimizing the referenced event
declaration.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The indexed
keyword has been properly introduced to the FeeDistribution
event, optimizing its emission cost.
FDR-03S: Inexistent Sanitization of Input Addresses
Type | Severity | Location |
---|---|---|
Input Sanitization | FeeDistributor.sol:L45-L73 |
Description:
The linked function(s) accept address
arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor
implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
45function initialize(46 address _treasury,47 address _gt,48 address _controller,49 address _sRewardDistributor,50 address _mRewardDistributor,51 address _lRewardDistributor,52 address _weth,53 IOptionsAuthority _authority54) external initializer {55 __Ownable_init();56 __AuthorityUtil_init__(_authority);57
58 treasury = _treasury;59 gt = _gt;60
61 controller = _controller;62 sRewardDistributor = _sRewardDistributor;63 mRewardDistributor = _mRewardDistributor;64 lRewardDistributor = _lRewardDistributor;65
66 weth = _weth;67 68 treasuryRate = 20; // 20% to treasury69 olpRewardRate = 50; // 50% to reward distributor70 gtRate = 30; // 30% to GT(set as EOA temporarily)71
72 distributionPeriod = 7 days;73}
Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address
specified is non-zero.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
All input arguments of the FeeDistributor::initialize
function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.