Omniscia Steadefi Audit
GMXPerpetualDEXLongReader Static Analysis Findings
GMXPerpetualDEXLongReader Static Analysis Findings
GMP-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | GMXPerpetualDEXLongReader.sol:L35-L38 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/vaults/gmx/GMXPerpetualDEXLongReader.sol
34constructor(35 IGMXPerpetualDEXLongVault _vault,36 IGMXPerpetualDEXLongManager _manager,37 IChainLinkOracle _priceOracle,38 IGMXGLPManager _glpManager39) {40 vault = _vault;41 manager = _manager;42 priceOracle = _priceOracle;43 glpManager = _glpManager;44}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (4325253d6de0ea91c1e9fb9e01d2e7e98f3d83a9):
The two out of four address input arguments that remain in the updated contract's constructor are now adequately sanitized as non-zero, preventing it from being misconfigured during its deployment.