Omniscia Moby Audit

FeeDistributor Static Analysis Findings

FeeDistributor Static Analysis Findings

FDR-01S: Inexistent Event Emissions

Description:

The linked functions adjust sensitive contract variables yet do not emit an event for it.

Example:

contracts/peripherals/FeeDistributor.sol
165function setTreasury(address _treasury) public onlyAdmin {
166 treasury = _treasury;
167}

Recommendation:

We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.

Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):

The SetTreasury, SetGT, SetRate, and SetDistributionPeriod events were introduced to the codebase and are correspondingly emitted in the FeeDistributor::setTreasury, FeeDistributor::setGT, FeeDistributor::setRate, and FeeDistributor::setDistributionPeriod functions respectively, addressing this exhibit in full.

FDR-02S: Suboptimal Event Declaration

Description:

The referenced event declaration does not have any indexed argument or have less than three indexed arguments that are a primitive type.

Example:

contracts/peripherals/FeeDistributor.sol
43event FeeDistribution(address receiver, uint256 amount);

Recommendation:

Apart from aiding off-chain integrators in consuming and filtering such an event, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declaration.

Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):

The indexed keyword has been properly introduced to the FeeDistribution event, optimizing its emission cost.

FDR-03S: Inexistent Sanitization of Input Addresses

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/peripherals/FeeDistributor.sol
45function initialize(
46 address _treasury,
47 address _gt,
48 address _controller,
49 address _sRewardDistributor,
50 address _mRewardDistributor,
51 address _lRewardDistributor,
52 address _weth,
53 IOptionsAuthority _authority
54) external initializer {
55 __Ownable_init();
56 __AuthorityUtil_init__(_authority);
57
58 treasury = _treasury;
59 gt = _gt;
60
61 controller = _controller;
62 sRewardDistributor = _sRewardDistributor;
63 mRewardDistributor = _mRewardDistributor;
64 lRewardDistributor = _lRewardDistributor;
65
66 weth = _weth;
67
68 treasuryRate = 20; // 20% to treasury
69 olpRewardRate = 50; // 50% to reward distributor
70 gtRate = 30; // 30% to GT(set as EOA temporarily)
71
72 distributionPeriod = 7 days;
73}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

All input arguments of the FeeDistributor::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.