hats-finance Velvet-Capital-0x0bb0c08fd9eeaf190064f4c66f11d18182961f77 issues

hats-finance / Velvet-Capital-0x0bb0c08fd9eeaf190064f4c66f11d18182961f77

Core smart contracts of Velvet Capital

Other

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Asset manager can be exempted paying fee on withdrawal by assigning their address as `assetManagerTreasury`

#86 hats-bug-reporter[bot] opened 1 hour ago
0
Lack of pausable feature on rebalance or setting weight open for front-run issues

#85 hats-bug-reporter[bot] opened 6 hours ago
0
Off-by-one timestamp error

#84 hats-bug-reporter[bot] opened 1 day ago
0
Transferring ownership of a Portfolio is not updated (reflected) on `PortfolioInfolList`

#83 hats-bug-reporter[bot] opened 1 day ago
0
Empty `revert()` statement

#82 hats-bug-reporter[bot] opened 1 day ago
1
Deprecated OpenZeppelin functions should not be used

#81 hats-bug-reporter[bot] opened 1 day ago
1
Unprotected initializer

#80 hats-bug-reporter[bot] opened 1 day ago
1
Using `block.timestamp` for swap deadline offers no protection

#79 hats-bug-reporter[bot] opened 1 day ago
1
Possible to drain DepositBatch, WithdrawBatch approver's token balance due improper input validation

#78 hats-bug-reporter[bot] opened 1 day ago
7
Wrong event is emitted when upgrading the token exclusion manager inside the PortfolioFactory contract

#77 hats-bug-reporter[bot] opened 2 days ago
0
Unsafe ERC20 Operation

#76 hats-bug-reporter[bot] opened 2 days ago
1
OOG on `claimRemovedTokens` loop due to potential large gap between `lastClaimedUserId` and `_currentSnapshotId`

#75 hats-bug-reporter[bot] opened 3 days ago
1
Rebase token, increasing or decreasing, resulting Potential Locked token in `tokenExclusionManager` or Last user unable to `claimRemovedTokens`

#74 hats-bug-reporter[bot] opened 3 days ago
2
`Safe` signers can disable `VelvetSafeModule`

#73 hats-bug-reporter[bot] opened 4 days ago
5
WithdrawBatch - multiTokenSwapAndWithdraw - token approval is missing from user

#72 hats-bug-reporter[bot] opened 4 days ago
1
Vault can never be initialised if `tokenWhitelistingEnabled = false`

#71 hats-bug-reporter[bot] opened 4 days ago
3
`multiTokenSwapAndTransfer` uses incorrect library function to send ETH - functionality is broken

#70 hats-bug-reporter[bot] opened 4 days ago
5
WithdrawBatch.sol - if the withdraw token specified is ETH, it isn't correctly sent to the user

#69 hats-bug-reporter[bot] opened 4 days ago
2
Bypass of `onlyPortfolioManager` calls

#68 hats-bug-reporter[bot] opened 5 days ago
1
Asset manager can completely drain all user funds from Vault

#67 hats-bug-reporter[bot] opened 5 days ago
3
Tokens with a maximum transfer logic could cause accounting issues on minting portfolio shares

#66 hats-bug-reporter[bot] opened 5 days ago
3
EnsoHandler.sol#multiTokenSwapAndTransfer() - swapped tokens would be received by the unintended address

#65 hats-bug-reporter[bot] opened 5 days ago
1
Asset manager can abuse minimum portfolio holding amount functionality

#64 hats-bug-reporter[bot] opened 5 days ago
2
Vault deployer can mint unlimited tokens to himself at vault initialization

#63 hats-bug-reporter[bot] opened 5 days ago
1
Users can bypass `_checkCoolDownPeriod` check to withdraw before remaining cooldown period

#62 hats-bug-reporter[bot] opened 5 days ago
6
Rebalancing : `updateWeights` could revert to due to strict check for swap. This would impact the timely rebalancing.

#61 hats-bug-reporter[bot] opened 6 days ago
1
Users Unable to Claim Removed Tokens Due to Transfer Failures in claimRemovedTokens Function

#60 hats-bug-reporter[bot] opened 1 week ago
1
Tokens can't be added to whitelist after initialisation

#59 hats-bug-reporter[bot] opened 1 week ago
1
Users can withdraw tokens when the protocol is paused due to inconsistant updates of states.

#58 hats-bug-reporter[bot] opened 1 week ago
1
CooldownManager : inconsistency in enforcing the minimum cooldownPeriod

#57 hats-bug-reporter[bot] opened 1 week ago
4
VaultManager.sol - user can never fully withdraw his collateral, due to portfolio fee inflation

#56 hats-bug-reporter[bot] opened 1 week ago
1
Precision loss in contracts/fee/FeeCalculations.sol#_calculateMintAmountForStreamingFees

#55 hats-bug-reporter[bot] opened 1 week ago
1
`multiTokenDepositFor()` function has no check for minPortfolioTokenHoldingAmount leading to loss of shares

#54 hats-bug-reporter[bot] opened 1 week ago
1
Owner can toggle pause/unpause of the protocol rapidly

#53 hats-bug-reporter[bot] opened 1 week ago
1
Passing of `_tokens` instead of `tokens` to the _resetPreviousTokenList() while calling updateTokenList() and initToken() function, causes updation of already existing tokens in previous list

#52 hats-bug-reporter[bot] opened 1 week ago
1
cooldown period can be extended by depositing small amount to other user

#51 hats-bug-reporter[bot] opened 1 week ago
3
Minimum portfolio holding check does not amount for token transfers

#50 hats-bug-reporter[bot] opened 1 week ago
1
DepositBatch : hardcoding the SWAP_TARGET address could not flexible when there is any upgrade or bug fixes

#49 hats-bug-reporter[bot] opened 1 week ago
2
DepositBatch : `multiTokenSwapAndTransfer` - swap can not happen as the allowance is not set to SWAP_TARGET

#48 hats-bug-reporter[bot] opened 1 week ago
2
Accrued Fees Not Minted before Fee Parameters Are Updated

#47 hats-bug-reporter[bot] opened 1 week ago
0
Deposit and Withdrawal Can Be DoSed

#46 hats-bug-reporter[bot] opened 1 week ago
1
updateHighWaterMark can never be set to 0

#45 hats-bug-reporter[bot] opened 1 week ago
0
VaultConfig.sol - adding new tokens would lead to users being unable to withdraw their underlying collateral

#44 hats-bug-reporter[bot] opened 1 week ago
1
`Rebalancing::removePortfolioToken` is unable to remove tokens

#43 hats-bug-reporter[bot] opened 1 week ago
1
Portfolio tokens can never be withdrawn on behalf of another user

#42 hats-bug-reporter[bot] opened 1 week ago
1
Non whitelisted Users can effortlessly bypass _beforeDepositCheck() due to flawed OR operator logic

#41 hats-bug-reporter[bot] opened 1 week ago
1
No check for active Arbitrum Sequencer in `PriceOracle`

#40 hats-bug-reporter[bot] opened 1 week ago
1
Removing a portfolio token will break performance fees

#39 hats-bug-reporter[bot] opened 1 week ago
3
UniswapV2Handler uses block.timestamp as deadline parameter for swaps which could attract mev.

#38 hats-bug-reporter[bot] opened 1 week ago
1
multiTokenSwapAndTransfer is not checking that the `balance` and `data._depositAmount` are same

#37 hats-bug-reporter[bot] opened 1 week ago
1