Hats contracts
Contract name | Link | Modification |
|---|---|---|
HATVaults | Immutable | |
HATToken | Immutable | |
TokenLockFactory | Upgradable by Hats governance | |
HATTimelockController | Immutable
Owners can be changed with the default timelock (3 weeks) |
Oracles
Hats protocol does not rely on oracles. Vault token value are displayed for better UX only.
Front run attacks mitigation
Hats deposits have a withdrawal request period (currently set to 7 days) which prevent the depositors from front running the bounty payout function call. In addition to that the pendingApprovalClaim function that pauses the withdrawals in order to pay a bounty can be called only in a safety period(1 hour twice a day) a period where withdrawals are disabled. So even a depositor that have an active withdrawal request cant frontrun the bounty payout.
Timelock
Timelocks are handled by HATTimelockController contract that is based on openzeppelin-solidity/contracts/governance/TimelockController.sol default timeout is set to 3 weeks.
Flashloans
Hats functions are not susceptible to flashloans. Hats vaults swapBurnSend function can only be called by governance therefore it is not susceptible to price manipulation attack.
Pause controls
Hats contracts don't have pause controls. Hats vaults withdrawals cannot be stoped only deposits can be paused by Hats governance.
Last modified 11mo ago