RewardDistributor Static Analysis Findings

RDR-01S: Suboptimal Event Declarations

Type	Severity	Location
Gas Optimization		RewardDistributor.sol:L26, L27

Description:

The referenced event declarations do not have any indexed argument or have less than three indexed arguments that are a primitive type.

Example:

Copy
26event Distribute(uint256 amount);

Recommendation:

Apart from aiding off-chain integrators in consuming and filtering such events, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declarations.

Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):

The indexed keyword has been properly introduced to the referenced events, optimizing their emission cost.

RDR-02S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		RewardDistributor.sol:L29-L40

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
29function initialize(
30    address _rewardToken,
31    address _rewardTracker,
32    IOptionsAuthority _authority
33) external initializer {
34    __Ownable_init();
35    __ReentrancyGuard_init();
36    __AuthorityUtil_init__(_authority);
37    
38    rewardToken = _rewardToken;
39    rewardTracker = _rewardTracker;
40}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

All input arguments of the RewardDistributor::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.