Omniscia SaucerSwap Audit
UniswapV3Factory Static Analysis Findings
UniswapV3Factory Static Analysis Findings
UVF-01S: Illegible Numeric Value Representations
| Type | Severity | Location |
|---|---|---|
| Code Style |  | UniswapV3Factory.sol:L32, L33, L34, L35, L36, L37, L80 |
Description:
The linked representations of numeric literals are sub-optimally represented decreasing the legibility of the codebase.
Example:
32feeAmountTickSpacing[500] = 10;Recommendation:
To properly illustrate each value's purpose, we advise the following guidelines to be followed.
For values meant to depict fractions with a base of 1e18, we advise fractions to be utilized directly (i.e. 1e17 becomes 0.1e18) as they are supported.
For values meant to represent a percentage base, we advise each value to utilize the underscore (_) separator to discern the percentage decimal (i.e. 10000 becomes 100_00, 300 becomes 3_00 and so on).
Finally, for large numeric values we simply advise the underscore character to be utilized again to represent them (i.e. 1000000 becomes 1_000_000).
Alleviation (3248d1d2fdfa6e1e270ff27db8eefb13dcb55c40):
The SaucerSwap team evaluated this exhibit and opted to acknowledge it.
UVF-02S: Inexistent Event Emissions
| Type | Severity | Location |
|---|---|---|
| Language Specific | | UniswapV3Factory.sol:L72-L75, L92-L95, L98-L101 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
72function setRentPayer(address _rentPayer) external override {73 require(msg.sender == owner);74 rentPayer = _rentPayer;75}Recommendation:
We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (3248d1d2fdfa6e1e270ff27db8eefb13dcb55c40):
The SaucerSwap team evaluated this exhibit and opted to acknowledge it.
UVF-03S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | UniswapV3Factory.sol:L65-L69, L72-L75 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
65function setOwner(address _owner) external override {66 require(msg.sender == owner);67 emit OwnerChanged(owner, _owner);68 owner = _owner;69}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (3248d1d2fdfa6e1e270ff27db8eefb13dcb55c40):
The SaucerSwap team evaluated this exhibit and opted to acknowledge it.