Primitive Hyper

Findings · 23

1. 1 Lack of zero-value checks on functions Informational
2. 2 Documentation discrepancy in computePriceWithChangeInTau Informational
3. 3 Risk of token theft due to possible integer underflow in slt High
4. 4 Risk of token theft due to unchecked type conversion High
5. 5 Users can swap without paying any fees Medium
6. 6 Swap function returns incorrectly scaled output token amount High
7. 7 Liquidity providers can withdraw total fees earned by a pool High
8. 8 Asset token price deviates from the price curve of the pool Undetermined
9. 9 New pair creation can overwrite existing pairs High
10. 10 Error in Invariant.getX Informational
11. 11 Pools with overflowing maturity dates can be created Low
12. 12 Minting funds to the Hyper contract arbitrarily increases the next caller’s balance Informational
13. 13 Pool strike price could be zero due to lack of lower bound check on maxTick High
14. 14 Rounding error allows liquidity to be added without depositing tokens High
15. 15 Attackers can sandwich changeParameters calls to steal funds High
16. 16 Limited precision in strike prices due to fixed tick spacing Low
17. 17 Functions that round by adding 1 result in unexpected behavior Informational
18. 18 Solidity compiler optimizations can be problematic Informational
19. 19 getAmountOut returns incorrect value when called by controller Low
20. 20 Mismatched base unit comparison can inflate limit tolerance Medium
21. 21 Incorrect implementation of edge cases in getY function Low
22. 22 Lack of proper bound handling for solstat functions Undetermined
23. 23 Attackers can steal funds by swapping in both directions High

Findings extracted from the published report PDF. See the full report below for details and remediation.