Omniscia Steer Protocol Audit

SteerPeriphery Static Analysis Findings

SteerPeriphery Static Analysis Findings

SPY-01S: Inexistent Event Emission

Description:

The linked function adjusts a sensitive contract variable yet does not emit an event for it.

Example:

contracts/SteerPeriphery.sol
125function setNodeConfig(string memory _nodeConfig) external onlyOwner {
126 nodeConfig = _nodeConfig;
127}

Recommendation:

We advise an event to be declared and correspondingly emitted to ensure off-chain processes can properly react to this system adjustment.

Alleviation (fbb15dfb5ea6fad8296e934a8eb87c9fc3ef13cd):

The NodeConfigUpdated event was introduced to the codebase and is correspondingly emitted in the SteerPeriphery::setNodeConfig function, addressing this exhibit in full.

SPY-02S: Inexistent Sanitization of Input Addresses

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/SteerPeriphery.sol
107function initialize(
108 address _strategyRegistry,
109 address _vaultRegistry,
110 address _gasVault,
111 address _stakingRewards,
112 string calldata _nodeConfig
113) external initializer {
114 __UUPSUpgradeable_init();
115 __Ownable_init();
116 strategyRegistry = _strategyRegistry;
117 vaultRegistry = _vaultRegistry;
118 gasVault = _gasVault;
119 stakingRewards = _stakingRewards;
120 nodeConfig = _nodeConfig;
121}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (fbb15dfb5ea6fad8296e934a8eb87c9fc3ef13cd):

All input arguments of the SteerPeriphery::initialize function are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.