Audit
Security Audit
Centaur engaged Halborn on April 23rd to conduct a series of audits for Centaur Swap. The scope of the audit includes technical risks, assessment of vulnerabilities, economic and oracle attacks. A summary of the audit reports can be found on our medium.
Alternatively, you can download the three reports from Halborn's github:
Technical Audit https://github.com/HalbornSecurity/PublicReports/blob/master/CentaurSwap_Smart_Contract_Security_Audit_Halborn_v1_1.pdf
Economic Audit https://github.com/HalbornSecurity/PublicReports/blob/master/Financial%20Pentesting/CentaurSwap_Financial_Pentesting_Halborn_v1_1.pdf
Timelock and Multisig Audit https://github.com/HalbornSecurity/PublicReports/blob/master/Centaur_Timelock_Smart_Contract_Security_Audit_v1_1.pdf
Security Disclosures
We have been notified by Halborn that certain functions of the smart contract are not of the default standard or requires further disclosures to our users.
CentaurLPToken.sol
transferFrom functions differently from standard ERC-20 implementation.
Setting the allowance value to -1 or MAX UINT 256 on the CentaurLPToken contract will enable the spender to have access to all the user's token indefinitely until a new allowance is set (as opposed to the standard implementation where allowance will decrease on every transfer).
CentaurRouter.sol
.png?alt=media&token=7261cf78-185f-4ba2-ac84-83f7b5accfbb)
addLiquidity function on the CentaurRouter contract has a _minLiquidity parameter which can be used by users for slippage tolerance.