Liquidswap is the first AMM (automated market maker) on the Aptos blockchain, created to enable safe and decentralized token swaps. The protocol uses smart contracts developed by the Pontem Network team, written in the Move language, and published on the Aptos mainnet.
Zellic conducted an audit for Pontem Network from October 10th to October 14th, 2022.
Our general overview of the code is that it was very well-organized and structured. The code coverage is high, with tests included for the vast majority of functions.
We applaud Pontem Network for their attention to detail and diligence in maintaining high code quality standards in the development of Liquidswap. The documentation was adequate, although it could be improved.
Zellic thoroughly reviewed the Liquidswap codebase to find protocol-breaking bugs as defined by the documentation and to find any technical issues outlined in the Methodology section (ref) of this document.
Specifically, taking into account Liquidswap's threat model, we focused heavily on issues that would break core invariants such as the liquidity pool market maker function values.
During our assessment on the scoped Liquidswap contracts, we discovered four findings. Fortunately, no critical issues were found. Of the four findings, all were of low severity.
Additionally, Zellic recorded its notes and observations, as well as sample specifications for Pontem Network's benefit in the Discussion section (ref) at the end of the document.