Omniscia Teahouse Finance Audit

TeaVaultV3PortfolioHelper Static Analysis Findings

TVH-01S: Inexistent Sanitization of Input Addresses

Type	Severity	Location
Input Sanitization		TeaVaultV3PortfolioHelper.sol:L34-L40

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/TeaVaultV3PortfolioHelper.sol

34constructor(address _weth9, address _aavePool) {
35    weth9 = IWETH9(_weth9);
36    aavePool = IPool(_aavePool);
37    vault = address(0x1);
38
39    swapper = new Swapper();
40}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

Alleviation (302b96f324a88038a0872015466cd43783c14543):

The _weth9 input argument of the TeaVaultV3PortfolioHelper::constructor is validated as non-zero while the _aavePool argument remains without validation.

The Teahouse Finance team stated that some blockchains may not have an Aave pool defined and as such they wish to not validate it which we consider correct behaviour. Based on the aforementioned, we consider this exhibit fully alleviated.

Omniscia Teahouse Finance Audit

TeaVaultV3PortfolioHelper Static Analysis Findings

TeaVaultV3PortfolioHelper Static Analysis Findings

TVH-01S: Inexistent Sanitization of Input Addresses

Description:

Impact:

Example:

Recommendation:

Alleviation (302b96f324a88038a0872015466cd43783c14543):

TeaVaultV3Portfolio.sol (TVV-S)

AaveATokenOracle.sol (AAT-M)

On this page