Omniscia Moby Audit

OptionsToken Static Analysis Findings

OTN-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		OptionsToken.sol:L36-L52

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/tokens/OptionsToken.sol

36function initialize(
37    string memory _tokenName, // "BTC-USD Options", "ETH-USD Options"
38    address _tokenUnderlyingAsset,
39    address _optionsMarket,
40    address _vaultPriceFeed,
41    IOptionsAuthority _authority
42) public initializer {
43    __Ownable_init();
44    __ReentrancyGuard_init();
45    __AuthorityUtil_init__(_authority);
46
47    _name = _tokenName;
48    _underlyingAsset = _tokenUnderlyingAsset;
49
50    optionsMarket = _optionsMarket;
51    vaultPriceFeed = _vaultPriceFeed;
52}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

All input arguments of the OptionsToken::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.

Omniscia Moby Audit

OptionsToken Static Analysis Findings

OptionsToken Static Analysis Findings

OTN-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

OptionsMarket.sol (OMT-S)

PositionManager.sol (PMR-S)

On this page