Omniscia Sheesha Finance Audit

EqiFI Manual Review Findings

EqiFI Manual Review Findings

EFI-01M: Improper Configuration Sanitization

TypeSeverityLocation
Input SanitizationMinorEqiFI.sol:L9-L32

Description:

The EqiFI contract improperly sanitizes the configurational values that are meant to be assigned to the BaseVesting contract implementation.

Example:

contracts/ETH/EqiFI.sol
16require(token_ != address(0), "Invalid reward token address");
17require(startDate_ != 0, "TGE timestamp can't be 0");
18require(vestingDuration_ > 0, "The vesting duration cannot be 0");
19require(
20 totalAllocatedAmount_ != 0,
21 "The number of tokens for distribution cannot be 0"
22);

Recommendation:

We advise additional checks to be imposed, such as the startDate_ to be a timestamp in the future, the amount unlocked between startDate and vestingTimeEnd to be below the total percentage and other similar logic checks.

Alleviation:

The configurational values of BaseVesting are now assigned by the contract's constructor instead of being done so on the contract level. Additionally, the BaseVesting implementation applies the necessary sanitization checks in their respective constructor functions thus alleviating this exhibit.