Pool Together 2.0

Off-Chain (Private)

Audited on 2019/10/16

No active critical issues

Summary

Overall, the code is well-written and documented, follows best practices and makes a good use of managed dependencies. We have not found any significant issues. We provide ideas for further code and documentation improvements. It is important to note that the the code assumes that the used Compound token contract is a "well-behaved" ERC20 token. Furthermore, although “randomization should be good enough for the time being”, admin can compute gross winnings because the APR and the balances are known. We were informed that improving randomization is a future work. Update: PoolTogether addressed our feedback as of commit 5b62307.

Project

PoolTogether

Multi-Chain

Issue (1)

	Low	Medium	High	Critical	Total
Not fixed	1	-	-	-	1
Fixed	-	-	-	-	0
Total	1	0	0	0	1

Contracts (9)

#	File Name
1	contracts/UniformRandomNumber.sol
2	contracts/test/Token.sol
3	contracts/Migrations.sol
4	contracts/test/ExposedDrawManager.sol
5	contracts/test/CErc20Mock.sol
6	contracts/Pool.sol
7	contracts/test/ExposedUniformRandomNumber.sol
8	contracts/compound/ICErc20.sol
9	contracts/DrawManager.sol

#	File Name
1	contracts/UniformRandomNumber.sol
2	contracts/test/Token.sol
3	contracts/Migrations.sol
4	contracts/test/ExposedDrawManager.sol
5	contracts/test/CErc20Mock.sol
6	contracts/Pool.sol
7	contracts/test/ExposedUniformRandomNumber.sol
8	contracts/compound/ICErc20.sol
9	contracts/DrawManager.sol

Pool Together 2.0

Summary

Issue (1)

Centralization of Powernot_fixed/low

Contracts (9)