Omniscia Steer Protocol Audit
VaultRegistry Static Analysis Findings
VaultRegistry Static Analysis Findings
VRY-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | VaultRegistry.sol:L119-L147 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/VaultRegistry.sol
119function initialize(120 address payable _orchestrator,121 address _strategyRegistry,122 address _internalGovernance,123 address _whitelistRegistry124) public initializer {125 __UUPSUpgradeable_init();126 __Ownable_init();127 __AccessControl_init();128 __Pausable_init();129
130 // Instantiate the orchestrator131 orchestrator = IOrchestrator(_orchestrator);132 internalGovernance = _internalGovernance;133
134 // Instantiate the strategy registry135 strategyRegistry = IStrategyRegistry(_strategyRegistry);136
137 // Record misc addresses138 whitelistRegistry = _whitelistRegistry;139
140 // Access Control Setup141 // Grant pauser, beacon creator, and ERC165 editor roles to Steer multisig142 _setupRole(PAUSER_ROLE, _msgSender()); // Grant pauser role to Steer multisig143 _setupRole(BEACON_CREATOR, _msgSender()); // Grant beacon creator role to Steer multisig144 _setupRole(INTERFACE_EDITOR, _msgSender()); // Grant ERC165 editor role to Steer multisig145 // Grant admin role to internal governance (for now)146 _setupRole(DEFAULT_ADMIN_ROLE, internalGovernance);147}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (200f275c40cbd4798f4a416c044ea726755d4741):
All referenced input arguments are adequately sanitized as non-zero per our recommendation.