Omniscia Moby Audit
RewardRouterV2 Static Analysis Findings
RewardRouterV2 Static Analysis Findings
RRV-01S: Suboptimal Event Declarations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | RewardRouterV2.sol:L30, L31 |
Description:
The referenced event declarations do not have any indexed argument or have less than three indexed arguments that are a primitive type.
Example:
30event StakeOlp(address account, uint256 amount);Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such events, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declarations.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
The indexed keyword has been introduced to both referenced event declarations per our recommendation, addressing this exhibit.
RRV-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | RewardRouterV2.sol:L37-L53 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
37function initialize(38 address _weth,39 address _olp,40 address _feeOlpTracker,41 address _olpManager,42 IOptionsAuthority _authority43) external initializer {44 __Ownable_init();45 __ReentrancyGuard_init();46 __AuthorityUtil_init__(_authority);47
48 weth = _weth;49 olp = _olp;50
51 feeOlpTracker = _feeOlpTracker;52 olpManager = _olpManager;53}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
All input arguments of the RewardRouterV2::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.