Omniscia vfat Audit
LendingStrategy Static Analysis Findings
LendingStrategy Static Analysis Findings
LSY-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | LendingStrategy.sol:L51-L64 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
contracts/strategies/LendingStrategy.sol
51constructor(52 SickleFactory factory,53 ConnectorRegistry connectorRegistry,54 FlashloanStrategy flashloanStrategy,55 Libraries memory libraries56)57 FlashloanInitiator(flashloanStrategy)58 StrategyModule(factory, connectorRegistry)59{60 transferLib = libraries.transferLib;61 zapLib = libraries.zapLib;62 feesLib = libraries.feesLib;63 strategyAddress = address(this);64}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):
The vfat team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.