Omniscia vfat Audit

SwapLib Static Analysis Findings

SwapLib Static Analysis Findings

SLB-01S: Inexistent Sanitization of Input Address

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/libraries/SwapLib.sol
18constructor(
19    ConnectorRegistry connectorRegistry_
20) {
21    connectorRegistry = connectorRegistry_;
22}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):

The vfat team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.

SLB-02S: Inexistent Visibility Specifier

TypeSeverityLocation
Code StyleSwapLib.sol:L16

Description:

The linked variable has no visibility specifier explicitly set.

Example:

contracts/libraries/SwapLib.sol
16ConnectorRegistry immutable connectorRegistry;

Recommendation:

We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.

Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):

The vfat team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.

Prev

SuperchainGaugeRegistry.sol (SGR-S)

Next

SweepStrategy.sol (SSY-S)

On this page