Omniscia Moby Audit

ViewAggregator Static Analysis Findings

VAR-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		ViewAggregator.sol:L29-L44

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/ViewAggregator.sol

29function initialize(
30    address _positionManager,
31    address _sOlpManager,
32    address _mOlpManager,
33    address _lOlpManager,
34    IOptionsAuthority _authority
35) public initializer {
36    __Ownable_init();
37    __AuthorityUtil_init__(_authority);
38
39    positionManager = IPositionManager(_positionManager);
40
41    sOlpManager = _sOlpManager;
42    mOlpManager = _mOlpManager;
43    lOlpManager = _lOlpManager;
44}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

All input arguments of the ViewAggregator::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.

Omniscia Moby Audit

ViewAggregator Static Analysis Findings

ViewAggregator Static Analysis Findings

VAR-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

VaultUtils.sol (VUS-S)

YieldToken.sol (YTN-S)

On this page