Omniscia Tokemak Network Audit

Staking Static Analysis Findings

Staking Static Analysis Findings

STA-01S: Inexistent Zero-Address Check

TypeSeverityLocation
Input SanitizationMinorStaking.sol:L59, L62, L63, L65

Description:

The address input arguments of the initialize function remain unsanitized.

Example:

contracts/staking/Staking.sol
59function initialize(IERC20 _tokeToken, IManager _manager, address _treasury) public initializer {
60 __Context_init_unchained();
61 __Ownable_init_unchained();
62 tokeToken = _tokeToken;
63 manager = _manager;
64 nextScheduleIndex = 0;
65 treasury = _treasury;
66
67 //We want to be sure the schedule used for LP staking is first
68 //because the order in which withdraws happen need to start with LP stakes
69 _addSchedule(StakingSchedule(0,1,1,true,true,0,true));
70
71}

Recommendation:

We advise proper sanitization to be enforced by ensuring that the inputs are not equal to the zero-address thus preventing misconfiguration of the system.

Alleviation:

Zero address checks are now properly applied for the configurational address arguments of the contract.