CrocSwap V2
Summary
CrocSwap is a decentralized exchange protocol that allows for two-sided AMMs combining concentrated and ambient constant-product liquidity on any arbitrary pair of blockchain assets. Although the code well-documented, it is very complex. This audit provides additional findings and was performed after the previous Quantstamp audit and fix review. Hence, any unfixed findings from the previous report, still apply. In the current audit we have found a few issues, though they are either of low, informational, or undetermined severity. Low severity issues include the violation of checks-effects-interactions pattern, missing input validation, potential overlows and underflows. Although the code appears to be protected from reentrancies, it is important to keep in mind that the effectiveness of protections may change as the code evolves. Also, we point out a few places where return values are ignored. Finally, the code relies on oracles which may have significant impact on CrocSwap. We recommend addressing all the issues. **Update:** CrocSwap addressed all the issues as of commit `511476`.
Issues (12)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 4 | - | - | - | 4 |
Fixed | 8 | - | - | - | 8 |
| Total | 12 | 0 | 0 | 0 | 12 |