CompliFi

Findings · 9

1. 1 Vault.changeState does not correctly emit the old state Informational
2. 2 Contracts used as dependencies do not track upstream changes Low
3. 3 Initialization functions can be front-run Low
4. 4 Lack of access modifiers on Vault.initialize leaves it susceptible to front-running Medium
5. 5 Lack of zero-value checks on functions Informational
6. 6 Solidity compiler optimizations can be problematic Informational
7. 7 Lack of contract and user documentation Informational
8. 8 Missing events for critical operations Informational
9. 9 Vault.constructor would benefit from an additional check of collateralSplit Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.