Balancer Finance

Off-Chain (Private)
Audited on 2020/04/30
No active critical issues
Access report

Summary

Executive Summary In April 2020, Balancer asked us to conduct a security assessment of Balancer Finance - Balancer core: an automated portfolio manager, liquidity provider, and price sensor. We performed this assessment from May 4 to May 15, 2020. The assessment primarily focused on the high-level logic of balancer-core: BPool. The engagement was conducted by Alexander Wade and Shayan Eskandari, the total effort spent was 4 person-weeks. Scope Our review focused on the commit hash 5d70da92b1bebaa515254d00a9e064ecac9bd18e.

Issues (14)

Low
Medium
High
Critical
Total
Not fixed
131--14
Fixed
----0
Total1310014
Similar token-to-token swap methods can yield very different results
not_fixed/medium
No description
Commented code exists in BMath
not_fixed/low
No description
Consider implementing a minimum _totalWeight for unbind and rebind
not_fixed/low
No description
Disallow self-bound pools
not_fixed/low
No description
Ensure bound and rebound token values are exactly correct
not_fixed/low
No description
Include sanity-check for extcodesize on bound tokens
not_fixed/low
No description
Inconsistent require checks in AmountIn & AmountOut
not_fixed/low
No description
Max weight requirement in rebind is inaccurate
not_fixed/low
No description
PBT unique naming
not_fixed/low
No description
Perform more rigorous input validation across swap functions
not_fixed/low
No description
Remove unused code
not_fixed/low
No description
Restrict access to setController so that it may only be called before finalization
not_fixed/low
No description
Switch modifier order in BPool
not_fixed/low
No description
Use of modifiers for repeated checks
not_fixed/low
No description

Contracts (7)

#File Name
1

contracts/BMath.sol

2

contracts/BPool.sol

3

contracts/BColor.sol

4

contracts/BToken.sol

5

contracts/BNum.sol

6

contracts/BFactory.sol

7

contracts/BConst.sol