VendorFeesManager Static Analysis Findings

VFM-01S: Illegible Numeric Value Representation

Type	Severity	Location
Code Style		VendorFeesManager.sol:L77, L80

Description:

The linked representation of a numeric literal is sub-optimally represented decreasing the legibility of the codebase.

Example:

Copy
77return (_rawPayoutAmount * getCurrentRate(address(_pool))) / 1000000;

Recommendation:

To properly illustrate the value's purpose, we advise the following guidelines to be followed. For values meant to depict fractions with a base of 1e18, we advise fractions to be utilized directly (i.e. 1e17 becomes 0.1e18) as they are supported. For values meant to represent a percentage base, we advise each value to utilize the underscore (_) separator to discern the percentage decimal (i.e. 10000 becomes 100_00, 300 becomes 3_00 and so on). Finally, for large numeric values we simply advise the underscore character to be utilized again to represent them (i.e. 1000000 becomes 1_000_000).

Alleviation:

The special separator character has been introduced as advised, properly illustrating the decimal accuracy of the percentage value.

VFM-02S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		VendorFeesManager.sol:L43

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

Copy
43function initialize(IPoolFactory _factory) external initializer{
44    __Ownable_init();
45    __UUPSUpgradeable_init();
46    factory = _factory;
47}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation:

The input _factory address is now correctly sanitized yielding a ZeroAddress error in case of failure and alleviating this exhibit.