Omniscia Tangible Audit
RealtyOracleV2 Static Analysis Findings
RealtyOracleV2 Static Analysis Findings
ROV-01S: Inexistent Event Emissions
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | RealtyOracleV2.sol:L212-L214, L220-L222, L228-L230 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
212function setCurrencyFeed(address _currencyFeed) external onlyTangibleLabs {213 currencyFeed = ICurrencyFeedV2(_currencyFeed);214}Recommendation:
We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (2ad448279d9e8e4b6edd94bcd2eb22129b6f7357):
An appropriate event has been declared for each referenced function and is correspondingly emitted during its execution, rendering this exhibit fully addressed.
ROV-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | RealtyOracleV2.sol:L212-L214, L220-L222, L228-L230 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
212function setCurrencyFeed(address _currencyFeed) external onlyTangibleLabs {213 currencyFeed = ICurrencyFeedV2(_currencyFeed);214}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (2ad448279d9e8e4b6edd94bcd2eb22129b6f7357):
All input argument(s) of the RealtyOracleTangibleV2::setCurrencyFeed, RealtyOracleTangibleV2::setChainlinkOracle, and RealtyOracleTangibleV2::setNotificationDispatcher functions are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.