Centaur engaged Halborn on April 23rd to conduct a security audit of Centaur Swap. The scope of the audit includes technical risks and assessment of vulnerabilities. A separate audit is planned for economic / oracle attacks. You can find the audit report over here.
We have been notified by Halborn that certain functions of the smart contract are not of the default standard or requires further disclosures to our users.
transferFrom functions differently from standard ERC-20 implementation.
Setting the allowance value to -1 or MAX UINT 256 on the CentaurLPToken contract will enable the spender to have access to all the user's token indefinitely until a new allowance is set (as opposed to the standard implementation where allowance will decrease on every transfer).
addLiquidity function on the CentaurRouter contract has a _minLiquidity parameter which can be used by users for slippage tolerance.