Address audit comments

- Emit event when Tornado ownership changes
 - Disallow setting feeToSetter to 0 address
 - Disallow setting feeTo to 0 address
 - Use more SafeMath
 - Set MIN_PROTOCOL_FEE_DIVISOR to constant
 - Add additional unit tests

contracts/FeeManager.sol

@@ -2,7 +2,7 @@ pragma solidity 0.5.17;
 
 contract FeeManager {
   // Maximum fee of 0.5%
-  uint256 public MIN_PROTOCOL_FEE_DIVISOR = 200;
+  uint256 constant public MIN_PROTOCOL_FEE_DIVISOR = 200;
 
   address public feeTo;
   address public feeToSetter;
@@ -10,27 +10,28 @@ contract FeeManager {
 
   constructor(address _feeToSetter) public {
     feeToSetter = _feeToSetter;
-    protocolFeeDivisor = 0;
   }
 
   function setFeeTo(address _feeTo) external {
-      require(msg.sender == feeToSetter, 'Poof: FORBIDDEN');
+      require(msg.sender == feeToSetter, 'FeeManager: FORBIDDEN');
+      require(_feeTo != address(0), 'FeeManager: new feeTo is the zero address');
       feeTo = _feeTo;
   }
 
   function setFeeToSetter(address _feeToSetter) external {
-      require(msg.sender == feeToSetter, 'Poof: FORBIDDEN');
+      require(msg.sender == feeToSetter, 'FeeManager: FORBIDDEN');
+      require(_feeToSetter != address(0), 'FeeManager: new feeToSetter is the zero address');
       feeToSetter = _feeToSetter;
   }
 
   function setProtocolFeeDivisor(uint256 _protocolFeeDivisor) external {
-      require(msg.sender == feeToSetter, 'Poof: FORBIDDEN');
-      require(_protocolFeeDivisor >= MIN_PROTOCOL_FEE_DIVISOR, 'Poof: Protocol fee too high');
+      require(msg.sender == feeToSetter, 'FeeManager: FORBIDDEN');
+      require(_protocolFeeDivisor >= MIN_PROTOCOL_FEE_DIVISOR, 'FeeManager: Protocol fee too high');
       protocolFeeDivisor = _protocolFeeDivisor;
   }
 
   function clearFee() external {
-      require(msg.sender == feeToSetter, 'Poof: FORBIDDEN');
+      require(msg.sender == feeToSetter, 'FeeManager: FORBIDDEN');
       protocolFeeDivisor = 0;
   }
 }