Omniscia Myso Finance Audit

LenderVaultFactory Static Analysis Findings

LVF-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		LenderVaultFactory.sol:L14-L17

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/peer-to-peer/LenderVaultFactory.sol

14constructor(address _addressRegistry, address _lenderVaultImpl) {
15    addressRegistry = _addressRegistry;
16    lenderVaultImpl = _lenderVaultImpl;
17}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):

Both input variables of the LenderVaultFactory::constructor are properly sanitized against the zero address in the latest implementation, ensuring that the contract cannot be accidentally misconfigured during its deployment.

Omniscia Myso Finance Audit

LenderVaultFactory Static Analysis Findings

LenderVaultFactory Static Analysis Findings

LVF-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):

FundingPool.sol (FPL-S)

LenderVaultImpl.sol (LVI-S)

On this page