Omniscia Tokemak Network Audit

Redeem Static Analysis Findings

Redeem Static Analysis Findings

RED-01S: Inexistent Zero-Address Check

TypeSeverityLocation
Input SanitizationMinorRedeem.sol:L27-L40

Description:

The input arguments of the Redeem contract's constructor are not properly sanitized.

Example:

contracts/redeem/Redeem.sol
27constructor(
28 address _fromToken,
29 address _toToken,
30 address _stakingContract,
31 uint256 _expirationBlock
32) public {
33 fromToken = _fromToken;
34 toToken = _toToken;
35 stakingContract = _stakingContract;
36 expirationBlock = _expirationBlock;
37
38 //Approve staking contract for toToken to allow for staking within convert()
39 IERC20(_toToken).safeApprove(_stakingContract, type(uint256).max);
40}

Recommendation:

We advise them to be properly evaluated against the zero-address to ensure no misconfiguration of the contract can occur.

Alleviation:

Zero-address checks are now properly applied for all configurational address arguments of the contract.