Omniscia Tokemak Network Audit

Redeem Static Analysis Findings

RED-01S: Inexistent Zero-Address Check

Type	Severity	Location
Input Sanitization	Minor	Redeem.sol:L27-L40

Description:

The input arguments of the Redeem contract's constructor are not properly sanitized.

Example:

contracts/redeem/Redeem.sol

27constructor(
28    address _fromToken,
29    address _toToken,
30    address _stakingContract,
31    uint256 _expirationBlock
32) public {
33    fromToken = _fromToken;
34    toToken = _toToken;
35    stakingContract = _stakingContract;
36    expirationBlock = _expirationBlock;
37
38    //Approve staking contract for toToken to allow for staking within convert()
39    IERC20(_toToken).safeApprove(_stakingContract, type(uint256).max);
40}

Recommendation:

We advise them to be properly evaluated against the zero-address to ensure no misconfiguration of the contract can occur.

Alleviation:

Zero-address checks are now properly applied for all configurational address arguments of the contract.

Omniscia Tokemak Network Audit

Redeem Static Analysis Findings

Redeem Static Analysis Findings

RED-01S: Inexistent Zero-Address Check

Description:

Example:

Recommendation:

Alleviation:

Pool.sol (POO-S)

Staking.sol (STA-S)

On this page