Privacy Pools v1 | Oxorio Audit Web Report

C-01	CRITICAL	FIXED	A dishonest prover can manipulate the proof in `IsNum2Bits`	`proofOfInnocence.circom`
C-02	CRITICAL	NO ISSUE	Possible bypass of validation through invalid input for membership proof	`proofOfInnocence.circom`
C-03	CRITICAL	ACKNOWLEDGED	Limitation of merkle tree for withdrawals in `PrivacyPool`	`PrivacyPool.sol` `MerkleTreeWithHistory.sol`
C-04	CRITICAL	NO ISSUE	User de-anonymization risk	`proofOfInnocence.circom"` `PrivacyPool.sol`
C-05	CRITICAL	ACKNOWLEDGED	Unverified transaction inclusion in `Step (PoI)`	`proofOfInnocence.circom`
C-06	CRITICAL	NO ISSUE	Lack of nullifier uniqueness check in `Step (PoI)`	`proofOfInnocence.circom`
C-07	CRITICAL	NO ISSUE	Missing output commitment validation in `Step (PoI)`	`proofOfInnocence.circom`
C-08	CRITICAL	NO ISSUE	Lack of sums validation in `Step (PoI)`	`proofOfInnocence.circom`
C-09	CRITICAL	NO ISSUE	Partial transaction history acceptance in `Step (PoI)`	`proofOfInnocence.circom`
C-10	CRITICAL	ACKNOWLEDGED	Fees may exceed the amount being sent in `PrivacyPool`	`PrivacyPool.sol` `ETHPrivacyPool.sol` `ERC20PrivacyPool.sol`
M-01	MAJOR	FIXED	Deposit amount logic inconsistency	`proofOfInnocence.circom`
M-02	MAJOR	ACKNOWLEDGED	Replay attack vulnerability in `PrivacyPool`	`PrivacyPool.sol"`
M-03	MAJOR	ACKNOWLEDGED	Unchecked transfers in `ERC20PrivacyPool`	`ERC20PrivacyPool.sol`
M-04	MAJOR	ACKNOWLEDGED	Actual token received amount isn't checked in `ERC20PrivacyPool`	`ERC20PrivacyPool.sol`
M-05	MAJOR	ACKNOWLEDGED	Shielded transfers are possible in the system
W-01	WARNING	ACKNOWLEDGED	Missing validation of the `_maximumDepositAmount` in `PrivacyPool`	`PrivacyPool.sol`
W-02	WARNING	ACKNOWLEDGED	Missing validations in `PrivacyPool`, `ERC20PrivacyPool`	`PrivacyPool.sol` `ERC20PrivacyPool.sol`
W-03	WARNING	ACKNOWLEDGED	Relayer address can be zero in `ERC20PrivacyPool`, `ETHPrivacyPool`	`ERC20PrivacyPool.sol` `ETHPrivacyPool.sol`
W-04	WARNING	ACKNOWLEDGED	No minimal value of withdrawal in `PrivacyPool`	`PrivacyPool.sol`
I-01	INFO	ACKNOWLEDGED	Floating pragma, experimental encoder in `ETHPrivacyPool`, `ERC20PrivacyPool`, `PrivacyPool`	`ERC20PrivacyPool.sol` `PrivacyPool.sol` `ETHPrivacyPool.sol`
I-02	INFO	ACKNOWLEDGED	Unused code in `proofOfInnocence.circom`	`proofOfInnocence.circom`
I-03	INFO	ACKNOWLEDGED	Usage of old Poseidon in `proofOfInnocence.circom`	`proofOfInnocence.circom`
I-04	INFO	ACKNOWLEDGED	Unused imports in `Step (PoI)`	`proofOfInnocence.circom`
I-05	INFO	ACKNOWLEDGED	Inefficient gas usage in `MerkleTreeWithHistory`	`MerkleTreeWithHistory.sol`
I-06	INFO	NO ISSUE	Use of custom errors for efficiency and improved information in `MerkleTreeWithHistory`	`MerkleTreeWithHistory.sol` `PrivacyPool.sol` `ETHPrivacyPool.sol` `ERC20PrivacyPool.sol`
I-07	INFO	NO ISSUE	No need to explicitly initialize variables with default values	`MerkleTreeWithHistory.sol` `PrivacyPool.sol`
I-08	INFO	NO ISSUE	Redundant event emissions in `PrivacyPool`	`PrivacyPool.sol`
I-09	INFO	ACKNOWLEDGED	Redundant storage padding in `PrivacyPool`	`PrivacyPool.sol`
I-10	INFO	ACKNOWLEDGED	Complex `require` logic consumes more gas in `PrivacyPool`	`PrivacyPool.sol`
I-11	INFO	ACKNOWLEDGED	Redundant condition in `PrivacyPool`	`PrivacyPool.sol`
I-12	INFO	ACKNOWLEDGED	Inefficient use of storage in `PrivacyPool`	`PrivacyPool.sol`

Please select finding