-
Notifications
You must be signed in to change notification settings - Fork 3
Issues: hats-finance/Euro-Dollar-0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Bad pricing mechanism of This issue or pull request already exists
InvestToken::mint
and InvestToken::withdraw
causes infinite USDE minting bug
duplicate
#131
opened Nov 18, 2024 by
hats-bug-reporter
bot
Undefined Roles in initialize Function Could Disrupt Key Protocol Functions
invalid
This doesn't seem right
#130
opened Nov 15, 2024 by
hats-bug-reporter
bot
Unbounded Withdrawal Limits in ERC4626 Vault
invalid
This doesn't seem right
#129
opened Nov 15, 2024 by
hats-bug-reporter
bot
Precision Loss in Asset-to-Share Conversion Leading to Potential Fund Loss
invalid
This doesn't seem right
#128
opened Nov 15, 2024 by
hats-bug-reporter
bot
Price used to calculate shares can change between the time it is read and when the shares are minted
invalid
This doesn't seem right
#127
opened Nov 15, 2024 by
hats-bug-reporter
bot
Risk of stale price consumption in YieldOracle
invalid
This doesn't seem right
#126
opened Nov 15, 2024 by
hats-bug-reporter
bot
maxDeposit doesn't consider global and user-specific limits
invalid
This doesn't seem right
#125
opened Nov 15, 2024 by
hats-bug-reporter
bot
The strict inequality check in updateDelay verification creates an exploitable time window where multiple price updates can occur sequentially
invalid
This doesn't seem right
#124
opened Nov 14, 2024 by
hats-bug-reporter
bot
Oracle can manipulate asset prices by exploiting the update sequence, bypassing price increase limits and affecting share/asset conversions in the InvestToken vault.
invalid
This doesn't seem right
#123
opened Nov 14, 2024 by
hats-bug-reporter
bot
Potential DoS Risk in YieldOracle::updatePrice function if updateDelay too large
invalid
This doesn't seem right
#122
opened Nov 14, 2024 by
hats-bug-reporter
bot
Price Oracle Manipulation Enables Risk-Free Profit Through Share/Asset Conversion
invalid
This doesn't seem right
#121
opened Nov 13, 2024 by
hats-bug-reporter
bot
Oracle Price Manipulation Through Sequential Update Exploitation
invalid
This doesn't seem right
#120
opened Nov 13, 2024 by
hats-bug-reporter
bot
[INFORMATIONAL-1] Allowing Zero-Value Recovery (Lack of Amount Validation)
invalid
This doesn't seem right
#119
opened Nov 12, 2024 by
hats-bug-reporter
bot
[LOW-2] Missing Event Emissions for Key State Changes (Lack of Transparency and Auditing)
invalid
This doesn't seem right
#118
opened Nov 12, 2024 by
hats-bug-reporter
bot
[LOW-1] Price Update Allows Same Next and Current Price (Insufficient Price Bound Check)
invalid
This doesn't seem right
#117
opened Nov 12, 2024 by
hats-bug-reporter
bot
Validator::blacklist()
- Adding address(0)
to the blacklist accidentally, which is totally possible, will temporarily DoS most user-facing protocol functionality.
duplicate
#116
opened Nov 11, 2024 by
hats-bug-reporter
bot
Oracle's price update mechanism lacks cumulative increase controls, allowing gradual but significant price manipulation through a series of updates that each stay within bounds.
invalid
This doesn't seem right
#115
opened Nov 11, 2024 by
hats-bug-reporter
bot
Signature Validation Bypass in Token Burn Operations Enables Unauthorized Token Destruction
invalid
This doesn't seem right
#114
opened Nov 11, 2024 by
hats-bug-reporter
bot
Transfers may partially succeed/fail in unexpected ways, and balance updates may not reflect the intended transfer outcomes in ERC4626 Vault Implementation.
invalid
This doesn't seem right
#113
opened Nov 10, 2024 by
hats-bug-reporter
bot
Validation logic allows blacklisted accounts to bypass transfer restrictions through a logical flaw in the validation checks
invalid
This doesn't seem right
#112
opened Nov 10, 2024 by
hats-bug-reporter
bot
InvestToken::maxWithdraw() & maxRedeem()
- The bug can cause a temporary DoS of the following functionality for one or more affected user accounts: redeem()
, withdraw()
& recover().
invalid
#111
opened Nov 10, 2024 by
hats-bug-reporter
bot
Share Price Manipulation via Withdraw Function
invalid
This doesn't seem right
#110
opened Nov 10, 2024 by
hats-bug-reporter
bot
Loss of funds due to decimal precision inconsistency
invalid
This doesn't seem right
#109
opened Nov 8, 2024 by
hats-bug-reporter
bot
Users can maximize their asset returns by depositing when currentPrice is low and withdrawing when previousPrice is high, effectively extracting value from other vault depositors.
invalid
This doesn't seem right
#108
opened Nov 8, 2024 by
hats-bug-reporter
bot
Any user who deposits and withdraws within the same price window will lose funds due to this price mismatch between deposit and withdrawal calculations.
invalid
This doesn't seem right
#107
opened Nov 8, 2024 by
hats-bug-reporter
bot
Previous Next
ProTip!
Find all open issues with in progress development work with linked:pr.