jellegerbrandy
commented
1 year ago We are aware of this, and we have consciously decided to not hardcode any specific route or depend on a specific oracle..
Closed lirona closed 1 year ago
jellegerbrandy
commented
1 year ago We are aware of this, and we have consciously decided to not hardcode any specific route or depend on a specific oracle..
SEVERITY: Low PATH: HATVaultsRegistry.sol:_swapTokenForHAT (L451-479) REMEDIATION: either have a _swapTokenForHAT call into the right controller contract that performs the swap (e.g. a UniswapV3 controller that finds the right pool) or to validate that the amount of HAT received is roughly equal to assets used according to some price oracle, this way you can validate that the value of assets in the contract stayed roughly the same after the external STATUS: DESCRIPTION: The function HATVaultsRegistry.sol:_swapTokenForHAT is called when the owner of the registry calls swapAndSend. All of the assets that are awarded as bounties for hackers will be approved to a contract address and subsequently an external call will be made to this contract with arbitrary call data, both values are given as parameters. The function does not validate that the funds will actually be used for swapping and as a result poses a centralization risk for rewards if the owner is compromised.