Omniscia Tangible Audit

FactoryV2 Static Analysis Findings

FV2-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		FactoryV2.sol:L242-L254

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/FactoryV2.sol

242function initialize(address _defaultUSDToken, address _tangibleLabs) external initializer {
243    require(_defaultUSDToken != address(0), "UZ");
244    __Ownable_init(msg.sender);
245
246    defUSD = IERC20(_defaultUSDToken);
247    paymentTokens[IERC20(_defaultUSDToken)] = true;
248
249    tangibleLabs = _tangibleLabs;
250    categoryMinter[_tangibleLabs] = true;
251    categoryOwnerPaymentAddress[_tangibleLabs] = _tangibleLabs;
252
253    emit ContractUpdated(uint256(FACT_ADDRESSES.LABS), address(0), _tangibleLabs);
254}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (2ad448279d9e8e4b6edd94bcd2eb22129b6f7357):

The input _tangibleLabs address argument of the FactoryV2::initialize function is adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.

Omniscia Tangible Audit

FactoryV2 Static Analysis Findings

FactoryV2 Static Analysis Findings

FV2-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation (2ad448279d9e8e4b6edd94bcd2eb22129b6f7357):

CurrencyFeedV2.sol (CFV-S)

MarketplaceV2.sol (MV2-S)

On this page