# Hats contracts

| Contract name | Link                                                                                                                                                           | Modification |
| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| **HATVaults** | <p><a href="https://etherscan.io/address/0x571f39d351513146248AcafA9D0509319A327C4D"><https://etherscan.io/address/0x571f39d351513146248AcafA9D0509319A327C4D> |              |

<br>
<br></a></p> | Immutable                                                                         |
| **HATToken**              | [https://etherscan.io/address/0x685D939C8FE6CCe02f3C7Cbc37d024E99570812c](https://etherscan.io/address/0x685D939C8FE6CCe02f3C7Cbc37d024E99570812c)                             | Immutable                                                                         |
| **TokenLockFactory**      | <p><a href="https://etherscan.io/address/0x2c7dAec5B1C6157C2b37B2505d5D57d6D075E39E">https://etherscan.io/address/0x2c7dAec5B1C6157C2b37B2505d5D57d6D075E39E
<br>
</a></p>     | Upgradable by Hats governance                                                     |
| **HATTimelockController** | <p><a href="https://etherscan.io/address/0xFd4255F16378306CA83E37015Df01a1700DAc296">https://etherscan.io/address/0xFd4255F16378306CA83E37015Df01a1700DAc296</a><br></p>       | <p>Immutable<br><br>Owners can be changed with the default timelock (3 weeks)</p> |

**Oracles**\
Hats protocol does not rely on oracles. Vault token value are displayed for better UX only.

**Front run attacks mitigation**\
Hats deposits have a withdrawal request period (currently set to 7 days) which prevent the depositors from front running the bounty payout function call. In addition to that the pendingApprovalClaim function that pauses the withdrawals in order to pay a bounty can be called only in a safety period(1 hour twice a day) a period where withdrawals are disabled. So even a depositor that have an active withdrawal request cant frontrun the bounty payout.&#x20;

**Timelock**\
Timelocks are handled by HATTimelockController contract that is based on openzeppelin-solidity/contracts/governance/TimelockController.sol default timeout is set to 3 weeks.\
\
**Flashloans**\
Hats functions are not susceptible to flashloans. Hats vaults swapBurnSend function can only be called by governance therefore it is not susceptible to price manipulation attack.

**Pause controls**\
Hats contracts don't have pause controls. Hats vaults withdrawals cannot be stoped only deposits can be paused by Hats governance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hats.finance/contracts-and-audit/hats-contracts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.