Omniscia vfat Audit
SickleFactory Static Analysis Findings
SickleFactory Static Analysis Findings
SFY-01S: Inexistent Event Emission
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | SickleFactory.sol:L70-L72 |
Description:
The linked function adjusts a sensitive contract variable yet does not emit an event for it.
Example:
70function setActive(bool active) external onlyAdmin {71 isActive = active;72}Recommendation:
We advise an event to be declared and correspondingly emitted to ensure off-chain processes can properly react to this system adjustment.
Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):
The vfat team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.
SFY-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization | | SickleFactory.sol:L56-L65 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
56constructor(57 address admin_,58 address sickleRegistry_,59 address sickleImplementation_,60 address previousFactory_61) Admin(admin_) {62 registry = SickleRegistry(sickleRegistry_);63 implementation = sickleImplementation_;64 previousFactory = SickleFactory(previousFactory_);65}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):
The vfat team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.