Pool Togethe Security Smart Contract Audit

Summary

Overall, the code is well-written and documented, follows best practices and makes a good use of managed dependencies. We have not found any significant issues. We provide ideas for further code and documentation improvements. It is important to note that the the code assumes that the used Compound token contract is a "well-behaved" ERC20 token. Furthermore, although “randomization should be good enough for the time being”, admin can compute gross winnings because the APR and the balances are known. We were informed that improving randomization is a future work. Update: PoolTogether addressed our feedback as of commit 5b62307.

Project

PoolTogether

Multi-Chain

1 active critical issue

Last audited on 2021/04/30

Auditor

287 audits on Trustblock

Multi-Tags

Issue (1)

	Low	Medium	High	Critical	Total
Not fixed	1	-	-	-	1
Fixed	-	-	-	-	0
Total	1	0	0	0	1

Contracts (9)

#	File Name
1	contracts/UniformRandomNumber.sol
2	contracts/test/Token.sol
3	contracts/Migrations.sol
4	contracts/test/ExposedDrawManager.sol
5	contracts/test/CErc20Mock.sol
6	contracts/Pool.sol
7	contracts/test/ExposedUniformRandomNumber.sol
8	contracts/compound/ICErc20.sol
9	contracts/DrawManager.sol

Pool Together 2.0

Summary

Issue (1)

Centralization of Powernot_fixed/low

Contracts (9)