Primitive

Findings · 14

1. 1 Transfer operations may silently fail due to the lack of contract existence checks High
2. 2 Project dependencies contain vulnerabilities Medium
3. 3 Anyone could steal pool tokens’ earned interest Low
4. 4 Solidity compiler optimizations can be problematic Informational
5. 5 Lack of zero-value checks on functions Informational
6. 6 uint256.percentage() and int256.percentage() are not inverses of each other Undetermined
7. 7 Users can allocate tokens to a pool at the moment the pool reaches maturity Informational
8. 8 Possible front-running vulnerability during BUFFER time Undetermined
9. 9 Inconsistency in allocate and remove functions Informational
10. 10 Areas of the codebase that are inconsistent with the documentation Informational
11. 11 Allocate and remove are not exact inverses of each other Medium
12. 12 scaleToX64() and scalefromX64() are not inverses of each other Undetermined
13. 13 getCDF always returns output in the range of (0, 1) Undetermined
14. 14 Lack of data validation on withdrawal operations Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.