Comment on page
Audit

Security Audit
Centaur engaged Halborn on April 23rd to conduct a series of audits for Centaur Swap. The scope of the audit includes technical risks, assessment of vulnerabilities, economic and oracle attacks. A summary of the audit reports can be found on our medium.
Alternatively, you can download the three reports from Halborn's github:
Technical Audit https://github.com/HalbornSecurity/PublicReports/blob/master/CentaurSwap_Smart_Contract_Security_Audit_Halborn_v1_1.pdf​
Economic Audit
https://github.com/HalbornSecurity/PublicReports/blob/master/Financial%20Pentesting/CentaurSwap_Financial_Pentesting_Halborn_v1_1.pdf​
Timelock and Multisig Audit
https://github.com/HalbornSecurity/PublicReports/blob/master/Centaur_Timelock_Smart_Contract_Security_Audit_v1_1.pdf​
​
Security Disclosures
We have been notified by Halborn that certain functions of the smart contract are not of the default standard or requires further disclosures to our users.
CentaurLPToken.sol
transferFrom functions differently from standard ERC-20 implementation. 
Setting the allowance value to -1 or MAX UINT 256 on the CentaurLPToken contract will enable the spender to have access to all the user's token indefinitely until a new allowance is set (as opposed to the standard implementation where allowance will decrease on every transfer).
CentaurRouter.sol
addLiquidity function on the CentaurRouter contract has a _minLiquidity parameter which can be used by users for slippage tolerance.
​
Last modified 2yr ago