Omniscia Vendor Finance Audit
VendorPoolFactory Static Analysis Findings
VendorPoolFactory Static Analysis Findings
VPF-01S: Mathematical Tautologies
| Type | Severity | Location |
|---|---|---|
| Code Style |  | VendorPoolFactory.sol:L305, L322 |
Description:
The linked conditionals are either fully or partially redundant as they validate a tautology such as an unsigned integer (uint) being greater-than-or-equal-to zero, a trait that cannot be broken.
Example:
305if (bal <= 0) {Recommendation:
We advise the conditionals to be removed from the codebase for the sake of brevity.
Alleviation:
The linked statements no longer exist in the codebase rendering this exhibit inapplicable.
VPF-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | VendorPoolFactory.sol:L98-L108 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
98function initialize(99 address _implementation,100 address _oracle,101 address _licenseEngine,102 address _feesManager,103 uint48 _protocolFee,104 uint48 _protocolColFee,105 address _treasury,106 address[] calldata _allowList,107 address _firstResponder108) external initializer {Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation:
All referenced addresses are now properly validated to be non-zero during the initialization of the contract as advised.