QuickSwapBaseLiquidityManager Static Analysis Findings

QSB-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		QuickSwapBaseLiquidityManager.sol:L161-L166, L384-L390

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
384function deposit(
385    uint256 amount0Desired,
386    uint256 amount1Desired,
387    uint256 amount0Min,
388    uint256 amount1Min,
389    address to
390)
391    public
392    virtual
393    whenNotPaused
394    returns (uint256 shares, uint256 amount0Used, uint256 amount1Used)
395{

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):

All input argument(s) of the QuickSwapBaseLiquidityManager::withdraw, and QuickSwapBaseLiquidityManager::deposit functions are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.