Omniscia Steadefi Audit
TraderJoeYieldFarmReader Static Analysis Findings
TraderJoeYieldFarmReader Static Analysis Findings
TJF-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | TraderJoeYieldFarmReader.sol:L31-L35 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/vaults/trader-joe/TraderJoeYieldFarmReader.sol
31constructor(32 ITraderJoeYieldFarmVault _vault,33 ITraderJoeYieldFarmManager _manager,34 IChainLinkOracle _priceOracle35) {36 vault = _vault;37 manager = _manager;38 priceOracle = _priceOracle;39}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (4325253d6de0ea91c1e9fb9e01d2e7e98f3d83a9):
The constructor of the TraderJoeYieldFarmReader implementation adequately sanitizes its address input arguments in the latest implementation, ensuring that the contract cannot be misconfigured during its deployment.