Omniscia Powercity Audit
MultiTroveGetter Static Analysis Findings
MultiTroveGetter Static Analysis Findings
MTG-01S: Inexistent Sanitization of Input Addresses
Type | Severity | Location |
---|---|---|
Input Sanitization | MultiTroveGetter.sol:L25-L28 |
Description:
The linked function(s) accept address
arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor
implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
MultiTroveGetter.sol
25constructor(TroveManager _troveManager, ISortedTroves _sortedTroves) public {26 troveManager = _troveManager;27 sortedTroves = _sortedTroves;28}
Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address
specified is non-zero.
Alleviation (8bedd3b0df6387957e6b8f5d52507e776c1458b0):
Both input addresses of the contract's MultiTroveGetter::constructor
are adequately sanitized as non-zero, preventing the contract from being misconfigured during deployment.