hats-finance Catalyst-Exchange-0x3026c1ea29bf1280f99b41934b2cb65d053c9db4 issues

hats-finance / Catalyst-Exchange-0x3026c1ea29bf1280f99b41934b2cb65d053c9db4

Other

1 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Short-term freezing of user funds and loss of fees because of insufficient vault connection check

#87 hats-bug-reporter[bot] opened 9 months ago
1
The same message can be sent twice in a single block, make them non block unique.

#86 hats-bug-reporter[bot] opened 9 months ago
1
Cross-chain liquidity swaps can be executed with more vault tokens than the vault's token balance.

#85 hats-bug-reporter[bot] opened 9 months ago
7
Function returns "minU" instead of "U"

#84 hats-bug-reporter[bot] opened 9 months ago
3
calling finishSetup() before completing setup can render the vault as useless.

#83 hats-bug-reporter[bot] opened 9 months ago
6
Wormhole upgrade affects messages that can never be delivered

#82 hats-bug-reporter[bot] opened 9 months ago
4
processPacket and recoverAck can fail due to Wormhole guardian change

#81 hats-bug-reporter[bot] opened 9 months ago
11
A deployed vault can be deployed again.

#80 hats-bug-reporter[bot] opened 9 months ago
12
The first depositor can perform a vault inflation attack on the vaults

#79 hats-bug-reporter[bot] opened 9 months ago
1
Weights are not updated on each _update action but only when nearing the target time, due to precision loss

#78 hats-bug-reporter[bot] opened 9 months ago
2
ready() is not Enough to Assume The Vault is Safe

#77 hats-bug-reporter[bot] opened 9 months ago
3
Fund Loss/Gain When There are Different Amounts of Tokens Available in Connected Vaults (Pool) During Swaps

#76 hats-bug-reporter[bot] opened 10 months ago
9
Decoding of user supplied `calldata` can fail unexpectedly before making the `onCatalystCall` call

#75 hats-bug-reporter[bot] opened 10 months ago
2
Invalid messages can be submitted and processed due to a lack of validation bug.

#74 hats-bug-reporter[bot] opened 10 months ago
4
why people

#73 hats-bug-reporter[bot] opened 10 months ago
0
non-EVM and EVM chain ids can collide in the current wormhole implementation

#72 hats-bug-reporter[bot] opened 10 months ago
2
Permanent DoS attack vector on submit-message

#71 hats-bug-reporter[bot] opened 10 months ago
4
Acknowledgement processing can be `return bombed` due to use of `address.send` leading to loss of funds

#70 hats-bug-reporter[bot] opened 10 months ago
1
In the event of a hardfork, IncentivizedMockImplementation is susceptible to cross-chain signature replay

#69 hats-bug-reporter[bot] opened 10 months ago
7
There is no check against setting "minOut" to zero

#68 hats-bug-reporter[bot] opened 10 months ago
2
Wrong "fee" calculation can cause a user to receive zero amount

#67 hats-bug-reporter[bot] opened 10 months ago
5
Governance fee can be set to zero

#66 hats-bug-reporter[bot] opened 10 months ago
1
Arbitrium sequencer fail could lead to relayers' payouts being unfairly split

#64 hats-bug-reporter[bot] opened 10 months ago
2
Malicious vault owners can make users loose funds by frontrunning their txns

#62 hats-bug-reporter[bot] opened 10 months ago
3
Arbitrary external addresses in payload could allow for griefing of unexpecting relayers

#61 hats-bug-reporter[bot] opened 10 months ago
4
Signature Bypass when renounceOwnership() happens in IncentivizedMockEscrow.sol.

#60 hats-bug-reporter[bot] opened 10 months ago
4
_maxUnitCapacity can be breached and can crosschain receive assets action can be D0Sed

#59 hats-bug-reporter[bot] opened 10 months ago
2
Protocol can benefit illegally by draining the pool gradually through _vaultFee

#58 hats-bug-reporter[bot] opened 10 months ago
8
The localSwap function does not verify that the fromAsset and toAsset are different

#57 hats-bug-reporter[bot] opened 10 months ago
2
Enforcing a minimum on share output is not necessary when depositing

#56 hats-bug-reporter[bot] opened 10 months ago
1
A user can call the depositMixed function and mint shares without depositing any token

#55 hats-bug-reporter[bot] opened 10 months ago
7
Lack of access control on ``submitMessage`` can allow users to mint tokens for free

#54 hats-bug-reporter[bot] opened 10 months ago
7
The factory owner is not a timelock

#53 hats-bug-reporter[bot] opened 10 months ago
3
Governance fee is not sent to timelock

#52 hats-bug-reporter[bot] opened 10 months ago
1
`vaultTemplate` in CatalystFactory open for custom template while it should be whitelisted

#51 hats-bug-reporter[bot] opened 10 months ago
1
Incentive mechanism doesn't work on Arbitrum

#50 hats-bug-reporter[bot] opened 10 months ago
10
Signature replay allows user to mint any amount of tokens on a chosen destination chain

#49 hats-bug-reporter[bot] opened 10 months ago
4
Rounding error leads to loss of tokens when transferring tokens to the contract

#48 hats-bug-reporter[bot] opened 10 months ago
8
An underwriter can pay out multiple times for a single swap failure

#47 hats-bug-reporter[bot] opened 10 months ago
9
No access control on IncentivzedMessageEscrow's ``submitMessage`` can lead to a short-term dos of users

#46 hats-bug-reporter[bot] opened 10 months ago
9
Implementation contracts inherit from `openzeppelin-contracts` instead of `openzeppelin-contracts-upgradeable`

#45 hats-bug-reporter[bot] opened 10 months ago
2
`increaseBounty` gas check is too strict

#44 hats-bug-reporter[bot] opened 10 months ago
1
A malicious relayer(user) can intentionally call ``processPacket`` with insufficient gas to hit an OOG inside the try block

#43 hats-bug-reporter[bot] opened 10 months ago
1
User will be unable to withdraw tokens if his address is blacklisted in case of USDC/USDT

#42 hats-bug-reporter[bot] opened 10 months ago
2
Possible to drain Vault LPs due to unbounded weight differences

#41 hats-bug-reporter[bot] opened 10 months ago
3
CatalystVault LPs can be drained by deployer on whitelisted Vault

#40 hats-bug-reporter[bot] opened 10 months ago
9
User will get a smaller amount because of wrong calculation in weightedTokenAmount in the withdrawAll function

#39 hats-bug-reporter[bot] opened 10 months ago
10
Pool can be drained by providing fake fromAssets tokens by calling the localSwap function

#38 hats-bug-reporter[bot] opened 10 months ago
1
Swap transactions can be pending for long time due to missing deadline causing users fund loss

#37 hats-bug-reporter[bot] opened 10 months ago
1
Vaults can be created and used with zero governance fee

#36 hats-bug-reporter[bot] opened 10 months ago
1