Omniscia Morpho Labs Audit

SupplyVaultUpgradeable Static Analysis Findings

SRO-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		SupplyVaultUpgradeable.sol:L38, L39

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

src/compound/SupplyVaultUpgradeable.sol

37function __SupplyVaultUpgradeable_init(
38    address _morpho,
39    address _poolToken,
40    string calldata _name,
41    string calldata _symbol,
42    uint256 _initialDeposit
43) internal onlyInitializing returns (bool isEth, address wEth) {
44    ERC20 underlyingToken;
45    (isEth, wEth, underlyingToken) = __SupplyVaultUpgradeable_init_unchained(
46        _morpho,
47        _poolToken
48    );
49
50    __Ownable_init();
51    __ERC20_init(_name, _symbol);
52    __ERC4626UpgradeableSafe_init(ERC20Upgradeable(address(underlyingToken)), _initialDeposit);
53}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation:

The two input arguments are now adequately sanitized via a corresponding if-revert clause.

Omniscia Morpho Labs Audit

SupplyVaultUpgradeable Static Analysis Findings

SupplyVaultUpgradeable Static Analysis Findings

SRO-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation:

SupplyVaultUpgradeable.sol (SVU-S)

UniswapV2Swapper.sol (UVS-S)

On this page