Omniscia Tokemak Network Audit

SushiswapControllerV1 Static Analysis Findings

SushiswapControllerV1 Static Analysis Findings

SCV-01S: Inexistent Validation of Address Argument

Description:

The linked address-like argument remains unsanitized in the codebase.

Example:

contracts/controllers/SushiswapControllerV1.sol
28constructor(
29 IUniswapV2Router02 router,
30 IUniswapV2Factory factory,
31 MasterChef masterchef,
32 address manager,
33 address _addressRegistry
34) public BaseController(manager, _addressRegistry) {
35 require(address(router) != address(0), "INVALID_ROUTER");
36 require(address(factory) != address(0), "INVALID_FACTORY");
37 SUSHISWAP_ROUTER = router;
38 SUSHISWAP_FACTORY = factory;
39 MASTERCHEF = masterchef;
40}

Recommendation:

We advise proper sanitization to be imposed on it by introducing a require check that validates it against the zero-address to prevent misconfiguration of the contract.

Alleviation:

Proper zero-address validation has been introduced for the linked variable.