Omniscia Xcaliswap Audit

VotingEscrow Static Analysis Findings

VEW-01S: Inexistent Sanitization of Input Address

Type	Severity	Location
Input Sanitization		VotingEscrow.sol:L118-L120

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

contracts/periphery/VotingEscrow.sol

118constructor(
119    address token_addr
120) {
121    token = token_addr;
122    voter = msg.sender;
123    point_history[0].blk = block.number;
124    point_history[0].ts = block.timestamp;
125
126    supportedInterfaces[ERC165_INTERFACE_ID] = true;
127    supportedInterfaces[ERC721_INTERFACE_ID] = true;
128    supportedInterfaces[ERC721_METADATA_INTERFACE_ID] = true;
129
130    // mint-ish
131    emit Transfer(address(0), address(this), tokenId);
132    // burn-ish
133    emit Transfer(address(this), address(0), tokenId);
134}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

Alleviation:

The Xcaliswap team has introduced a require check ensuring that the address specified is non-zero.

Omniscia Xcaliswap Audit

VotingEscrow Static Analysis Findings

VotingEscrow Static Analysis Findings

VEW-01S: Inexistent Sanitization of Input Address

Description:

Impact:

Example:

Recommendation:

Alleviation:

VotingDist.sol (VDT-S)

Bribe.sol (BEB-M)

On this page