Audit

Security Audit

Centaur engaged Halborn on April 23rd to conduct a series of audits for Centaur Swap. The scope of the audit includes technical risks, assessment of vulnerabilities, economic and oracle attacks. A summary of the audit reports can be found on our medium.

Alternatively, you can download the three reports from Halborn's github:

Technical Audit https://github.com/HalbornSecurity/PublicReports/blob/master/CentaurSwap_Smart_Contract_Security_Audit_Halborn_v1_1.pdf

Economic Audit https://github.com/HalbornSecurity/PublicReports/blob/master/Financial%20Pentesting/CentaurSwap_Financial_Pentesting_Halborn_v1_1.pdf

Timelock and Multisig Audit https://github.com/HalbornSecurity/PublicReports/blob/master/Centaur_Timelock_Smart_Contract_Security_Audit_v1_1.pdf

Security Disclosures

We have been notified by Halborn that certain functions of the smart contract are not of the default standard or requires further disclosures to our users.

CentaurLPToken.sol

transferFrom functions differently from standard ERC-20 implementation.

Setting the allowance value to -1 or MAX UINT 256 on the CentaurLPToken contract will enable the spender to have access to all the user's token indefinitely until a new allowance is set (as opposed to the standard implementation where allowance will decrease on every transfer).

CentaurRouter.sol

addLiquidity function on the CentaurRouter contract has a _minLiquidity parameter which can be used by users for slippage tolerance.