Omniscia Sheesha Finance Audit
Fractal Manual Review Findings
Fractal Manual Review Findings
FRA-01M: Improper Configuration Sanitization
Type | Severity | Location |
---|---|---|
Input Sanitization | Minor | Fractal.sol:L9-L32 |
Description:
The Fractal
contract improperly sanitizes the configurational values that are meant to be assigned to the BaseVesting
contract implementation.
Example:
contracts/ETH/Fractal.sol
16require(token_ != address(0), "Invalid reward token address");17require(startDate_ != 0, "TGE timestamp can't be 0");18require(vestingDuration_ > 0, "The vesting duration cannot be 0");19require(20 totalAllocatedAmount_ != 0,21 "The number of tokens for distribution cannot be 0"22);
Recommendation:
We advise additional checks to be imposed, such as the startDate_
to be a timestamp in the future, the amount unlocked between startDate
and vestingTimeEnd
to be below the total percentage and other similar logic checks.
Alleviation:
The configurational values of BaseVesting
are now assigned by the contract's constructor
instead of being done so on the contract level. Additionally, the BaseVesting
implementation applies the necessary sanitization checks in their respective constructor
functions thus alleviating this exhibit.