Omniscia Tokemak Network Audit

Staking Static Analysis Findings

STA-01S: Inexistent Zero-Address Check

Type	Severity	Location
Input Sanitization	Minor	Staking.sol:L59, L62, L63, L65

Description:

The address input arguments of the initialize function remain unsanitized.

Example:

contracts/staking/Staking.sol

59function initialize(IERC20 _tokeToken, IManager _manager, address _treasury) public initializer {
60    __Context_init_unchained();
61    __Ownable_init_unchained();
62    tokeToken = _tokeToken;        
63    manager = _manager;
64    nextScheduleIndex = 0;
65    treasury = _treasury;
66
67    //We want to be sure the schedule used for LP staking is first
68    //because the order in which withdraws happen need to start with LP stakes
69    _addSchedule(StakingSchedule(0,1,1,true,true,0,true));
70
71}

Recommendation:

We advise proper sanitization to be enforced by ensuring that the inputs are not equal to the zero-address thus preventing misconfiguration of the system.

Alleviation:

Zero address checks are now properly applied for the configurational address arguments of the contract.

Omniscia Tokemak Network Audit

Staking Static Analysis Findings

Staking Static Analysis Findings

STA-01S: Inexistent Zero-Address Check

Description:

Example:

Recommendation:

Alleviation:

Redeem.sol (RED-S)

Toke.sol (TOK-S)

On this page