hats-finance Blast-Futures-Exchange-0x97895c329b950755566ddcdad3395caaea395074 issues

hats-finance / Blast-Futures-Exchange-0x97895c329b950755566ddcdad3395caaea395074

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Audit Report Draft Update

#78 shayzluf opened 8 months ago
0
add report

#77 bahurum closed 9 months ago
0
EIP712 domain values not set in constructor

#76 hats-bug-reporter[bot] opened 9 months ago
7
removeRole function is public instead of internal

#75 hats-bug-reporter[bot] opened 9 months ago
1
addRole function is public instead of internal

#74 hats-bug-reporter[bot] opened 9 months ago
2
PoolDeposit.sol::Wrong multiple contribution logic

#73 hats-bug-reporter[bot] opened 9 months ago
1
User unable to withdraw remaining amount after partial withdrawal

#72 hats-bug-reporter[bot] opened 9 months ago
1
Lack of deposit threshold

#71 hats-bug-reporter[bot] opened 9 months ago
2
Lack of zero check

#70 hats-bug-reporter[bot] opened 9 months ago
1
An unbounded loop in the pooledDeposit function can potentially cause a self-inflicted denial-of-service (DoS) situation.

#69 hats-bug-reporter[bot] opened 9 months ago
2
Centralization Risk – Admin can change the signer

#68 hats-bug-reporter[bot] opened 9 months ago
1
Centralization Risk – Admin can withdraw all the balance

#67 hats-bug-reporter[bot] opened 9 months ago
1
Cross-chain replay attack

#66 hats-bug-reporter[bot] opened 9 months ago
1
Signature does not have expiration

#65 hats-bug-reporter[bot] opened 9 months ago
3
Unchecked Return Value in `_doDeposit` Function Leads to Incorrect Assumption of Success and Potential Loss of Funds

#64 hats-bug-reporter[bot] opened 9 months ago
1
In `PoolDeposit::contructor()`, allowing `owner` address to be set in the parameter `_owner` is not in congruence with the `onlyOwner()` modifier logic

#63 hats-bug-reporter[bot] opened 9 months ago
1
Bfx.sol::Attacker can drain all `paymentToken` from contract

#62 hats-bug-reporter[bot] opened 9 months ago
5
In `Bfx::withdraw()`, the trader can drain the funds by calling the function repeatedly using a new number everytime as input to the parameter `id`.

#61 hats-bug-reporter[bot] opened 9 months ago
3
# PoolDeposit::constructor , and PoolDeposit::setRabbit lacks zero address check that breaks contract functionality

#60 hats-bug-reporter[bot] opened 9 months ago
1
BfxVault::stake allows burning tokens to zero address if some special tokens are used

#59 hats-bug-reporter[bot] opened 9 months ago
1
# BfxVault::stake doesnt handle token with fee on transfer mechanism

#58 hats-bug-reporter[bot] opened 9 months ago
1
# Bfx::deposit doesnt handle token with fee on transfer mechanism

#57 hats-bug-reporter[bot] opened 9 months ago
1
Protocol will not work with tokens that do not return bool value on approve calls

#56 hats-bug-reporter[bot] opened 9 months ago
7
Incorrect Handling of External Call Return Data

#55 hats-bug-reporter[bot] opened 9 months ago
1
Add docs to competititon repo

#54 alex-sumner opened 9 months ago
0
Wrong implementation of constructor.

#53 hats-bug-reporter[bot] opened 9 months ago
2
Vulnerability in makeDeposit Function Allows Unauthorized Token Approvals

#52 hats-bug-reporter[bot] opened 9 months ago
2
Vulnerability in Withdraw Function Allows Locking of Remaining Tokens

#51 hats-bug-reporter[bot] opened 9 months ago
4
Floating Pragma issue.

#50 hats-bug-reporter[bot] opened 9 months ago
1
Vulnerability in withdrawTokensTo Function Allows Unauthorized Withdrawals to BFX Exchange

#49 hats-bug-reporter[bot] opened 9 months ago
1
Vulnerability in \_tokenCall Function Allows for Overwriting Success Status

#48 hats-bug-reporter[bot] opened 9 months ago
5
Vulnerability in pooledDeposit Function Enables Denial of Service (DoS) Attack

#47 hats-bug-reporter[bot] opened 9 months ago
3
Vulnerability in pooledDeposit Function Allows Misappropriation of Funds through Impersonation

#46 hats-bug-reporter[bot] opened 9 months ago
1
Vulnerability in individualDeposit Function Allows Misappropriation of Funds

#45 hats-bug-reporter[bot] opened 9 months ago
1
Owner can be admin even if removed from the role through BfxVault#makeOwnerAdmin

#44 hats-bug-reporter[bot] opened 9 months ago
2
Missing Token Balance Check in withdrawTokensTo()

#43 hats-bug-reporter[bot] opened 9 months ago
1
Bfx.withdraw() failed transactions are open to replay attack

#42 hats-bug-reporter[bot] opened 9 months ago
9
Missing approved to zero first.

#41 hats-bug-reporter[bot] opened 9 months ago
1
Missing approved to zero first.

#40 hats-bug-reporter[bot] opened 9 months ago
1
`totalAmount ` not updated after calling `withdrawTokensTo` function.

#39 hats-bug-reporter[bot] opened 9 months ago
1
emitting events without checking status of transaction can be misleading

#38 hats-bug-reporter[bot] opened 9 months ago
1
`TYPEHASH` passed in `Bfx.withdraw()` does not comply EIP-712 and will return incorrect `digest`

#37 hats-bug-reporter[bot] opened 9 months ago
2
Malicious user with ADMIN_ROLE can remove others from this role (including owner), resulting in having control of roles

#36 hats-bug-reporter[bot] opened 9 months ago
2
Functions is[ROLE] are not used inside BfxVault

#35 hats-bug-reporter[bot] opened 9 months ago
1
Lack of Balance Check in makeDeposit()

#34 hats-bug-reporter[bot] opened 9 months ago
1
Missing events for functions that change critical parameters

#33 hats-bug-reporter[bot] opened 9 months ago
0
Protocol is not compatible with USDB as a Rebasing tokens

#32 hats-bug-reporter[bot] opened 9 months ago
2
Use of Floating pragma

#31 hats-bug-reporter[bot] opened 9 months ago
1
Use of Floating pragma

#30 hats-bug-reporter[bot] opened 9 months ago
1
Trader Role has no functionality implemented in BfxVault.sol

#29 hats-bug-reporter[bot] opened 9 months ago
1