AlgebraBaseLiquidityManager Static Analysis Findings

ABL-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		AlgebraBaseLiquidityManager.sol:L158-L163, L382-L393

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
382function deposit(
383    uint256 amount0Desired,
384    uint256 amount1Desired,
385    uint256 amount0Min,
386    uint256 amount1Min,
387    address to
388)
389    public
390    virtual
391    whenNotPaused
392    returns (uint256 shares, uint256 amount0Used, uint256 amount1Used)
393{

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):

All input argument(s) of the AlgebraBaseLiquidityManager::withdraw, and AlgebraBaseLiquidityManager::deposit functions are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.