Omniscia Steadefi Audit
GMXPerpetualDEXLongManager Static Analysis Findings
GMXPerpetualDEXLongManager Static Analysis Findings
GMD-01S: Data Location Optimization
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | GMXPerpetualDEXLongManager.sol:L285 |
Description:
The linked input argument is set as memory in an external function.
Example:
285function compound(address[] memory _rewardTrackers) external {Recommendation:
We advise it to be set as calldata optimizing its read-access gas cost.
Alleviation (4325253d6de0ea91c1e9fb9e01d2e7e98f3d83a9):
The referenced data location was optimized as advised, adjusting its location from memory to calldata.
GMD-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | GMXPerpetualDEXLongManager.sol:L55-L62 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
54constructor(55 IGMXPerpetualDEXLongVault _vault,56 ILendingPool _tokenLendingPool,57 IGMXRewardRouterHandler _rewardRouterHandler,58 IGMXRewardRouter _rewardRouter,59 IGMXStakePool _stakePool,60 IGMXGLPManager _glpManager,61 IGMXRewardReader _rewardReader,62 IGMXVault _gmxVault63) {64 vault = _vault;65 tokenLendingPool = _tokenLendingPool;66 rewardRouterHandler = _rewardRouterHandler;67 rewardRouter = _rewardRouter;68 stakePool = _stakePool;69 glpManager = _glpManager;70 rewardReader = _rewardReader;71 gmxVault = _gmxVault;72 IERC20(rewardRouter.weth()).approve(address(glpManager), type(uint256).max);73 IERC20(token()).approve(address(glpManager), type(uint256).max);74 IERC20(token()).approve(address(tokenLendingPool), type(uint256).max);75}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (4325253d6de0ea91c1e9fb9e01d2e7e98f3d83a9):
The constructor of the GMXPerpetualDEXLongManager implementation adequately sanitizes its address input arguments in the latest implementation, ensuring that the contract cannot be misconfigured during its deployment.