issues
search
hats-finance
/
Velvet-Capital-0x0bb0c08fd9eeaf190064f4c66f11d18182961f77
Core smart contracts of Velvet Capital
Other
0
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
`Rebalancing::removePortfolioToken` is unable to remove tokens
#43
hats-bug-reporter[bot]
opened
1 week ago
1
Portfolio tokens can never be withdrawn on behalf of another user
#42
hats-bug-reporter[bot]
opened
1 week ago
1
Non whitelisted Users can effortlessly bypass _beforeDepositCheck() due to flawed OR operator logic
#41
hats-bug-reporter[bot]
opened
1 week ago
1
No check for active Arbitrum Sequencer in `PriceOracle`
#40
hats-bug-reporter[bot]
opened
1 week ago
1
Removing a portfolio token will break performance fees
#39
hats-bug-reporter[bot]
opened
1 week ago
3
UniswapV2Handler uses block.timestamp as deadline parameter for swaps which could attract mev.
#38
hats-bug-reporter[bot]
opened
1 week ago
1
multiTokenSwapAndTransfer is not checking that the `balance` and `data._depositAmount` are same
#37
hats-bug-reporter[bot]
opened
1 week ago
1
DepositBatch - multiTokenSwapAndTransfer function tries to refund twice for the same token
#36
hats-bug-reporter[bot]
opened
1 week ago
1
Portfolio Token Price Can be Manipulated When Minting Performance Fee
#35
hats-bug-reporter[bot]
opened
1 week ago
4
Watermark is update only during the first deposit
#34
hats-bug-reporter[bot]
opened
1 week ago
1
Incomplete `TokenWhitelistManagement` implementation
#33
hats-bug-reporter[bot]
opened
1 week ago
0
UserWhitelistManagement wrong check, open for exceeding `whitelistLimit`
#32
hats-bug-reporter[bot]
opened
1 week ago
1
VaultManager does not properly enforce `_minMintAmount`
#31
hats-bug-reporter[bot]
opened
1 week ago
1
DepositBatch us not compatible with fee on transfer tokens
#30
hats-bug-reporter[bot]
opened
1 week ago
2
VaultManager.sol - low decimal tokens and dust amounts can avoid fees
#29
hats-bug-reporter[bot]
opened
1 week ago
1
No check if Arbitrum L2 sequencer is down in Chainlink feeds. Can lead to incorrect prices being consumed.
#28
hats-bug-reporter[bot]
opened
1 week ago
1
`PriceOracle` uses same stale period for all data feeds
#27
hats-bug-reporter[bot]
opened
1 week ago
1
DepositBatch does not null out approvals in the end
#26
hats-bug-reporter[bot]
opened
1 week ago
1
`indexed` Keyword in Events Causes Data Loss for Dynamic Array Variables
#25
hats-bug-reporter[bot]
opened
1 week ago
1
Anyone can initialize VelvetSafeModule
#24
hats-bug-reporter[bot]
opened
1 week ago
1
VaultManager.sol - hardcoded receiver could be block-listed
#23
hats-bug-reporter[bot]
opened
1 week ago
3
Missing Storage Gap for `AssetManagementConfig.sol` Upgradeable Contracts
#22
hats-bug-reporter[bot]
opened
1 week ago
2
Attacker can steal all portfolio assets due to silent overflow
#21
hats-bug-reporter[bot]
opened
1 week ago
2
Roles admin can not be set again
#20
hats-bug-reporter[bot]
opened
1 week ago
1
Portfolio manager can steal all funds at any time by removing all tokens
#19
hats-bug-reporter[bot]
opened
1 week ago
2
roles can be renounced by role address holders
#18
hats-bug-reporter[bot]
opened
1 week ago
2
Portfolio owner can front-run users and change `tokens`
#17
hats-bug-reporter[bot]
opened
1 week ago
4
First depositor can steal 2nd depositors money due to improper slippage protection
#16
hats-bug-reporter[bot]
opened
1 week ago
3
Token with more than 18 decimals isn't supported
#15
hats-bug-reporter[bot]
opened
1 week ago
6
Unhandled chainlink revert would lock price oracle access
#14
hats-bug-reporter[bot]
opened
1 week ago
1
Missing approve(0)
#13
hats-bug-reporter[bot]
opened
1 week ago
4
Attacker can block all deposits to a vault with abusing the cooldown period
#12
hats-bug-reporter[bot]
opened
1 week ago
8
Anyone can bypass whitelist restrictions with batch contracts
#11
hats-bug-reporter[bot]
opened
1 week ago
1
If token whitelisting is disabled, portfolio manager can DoS all deposits and withdraws
#10
hats-bug-reporter[bot]
opened
1 week ago
1
` PriceOracle::oracleExpirationThreshold ` uses same ` oracleExpirationThreshold ` for all the pricefeed.
#9
hats-bug-reporter[bot]
opened
1 week ago
2
Risk of Incorrect Price Feeds Due to Chainlink Oracle Circuit Breaker Activation
#8
hats-bug-reporter[bot]
opened
1 week ago
1
``VaultManager.sol`` - wrong address passed on ``_multiTokenDepositWithPermit``
#7
hats-bug-reporter[bot]
opened
1 week ago
2
Chainlink oracle will return the wrong price if the aggregator hits minAnswer
#6
hats-bug-reporter[bot]
opened
1 week ago
1
Permit calls can be front-ran and user deposits can be DoSed
#5
hats-bug-reporter[bot]
opened
1 week ago
3
asdasdasd
#4
hats-bug-reporter[bot]
opened
1 week ago
1
plain `approve` will impact `DepositBatch` for USDT token when multi-chain deployment active
#3
hats-bug-reporter[bot]
opened
1 week ago
2
Price Oracle will return the wrong price for asset if price hits below/above minAnswer/maxPrice
#2
hats-bug-reporter[bot]
opened
1 week ago
2
Test hats
#1
hats-bug-reporter[bot]
opened
1 week ago
0
Previous