Hats.finance
  • Welcome to Hats Finance
    • Overview
    • FAQs
    • Audit Competitions
    • Skin-in-the-Game Audits
    • Bug Bounties
    • Audit Frame Game
    • Complete Audit Cycle
  • FOR PROJECTS
    • Requesting an Audit
    • The Auditing Process
    • Preparing for an Audit Competition
    • Setting Up a Bug Bounty
    • Pricing Structures
  • FOR SECURITY RESEARCHERS
    • Participating in Audit Competitions
    • Submission Guide
    • Evaluating the Severity of Submissions
    • Becoming a Lead Auditor
  • FOR COMMUNITY
    • Governance
    • Tokenomics
    • $HAT Airdrop
  • MISCELLANEOUS
    • Risk factors & Disclaimers
    • Glossary
    • Terms of use
    • Cookies Policy
    • Privacy Policy
  • CURATOR PROGRAM
    • Curator Terms & Conditions
  • Contracts & Audit
    • Hats contracts
    • Hats audit
  • CTF
    • FAQ
  • Socials
  • Github
  • Discord
  • Twitter
  • Telegram
  • NFT
    • TERMS OF SALE OF NFTs
  • Design resources
    • Branding kit
Powered by GitBook
On this page

Was this helpful?

  1. Contracts & Audit

Hats contracts

PreviousCurator Terms & ConditionsNextFAQ

Last updated 9 months ago

Was this helpful?

Contract name
Link
Modification

HATVaults

Immutable

HATToken

Immutable

TokenLockFactory

Upgradable by Hats governance

HATTimelockController

Immutable Owners can be changed with the default timelock (3 weeks)

Oracles Hats protocol does not rely on oracles. Vault token value are displayed for better UX only.

Front run attacks mitigation Hats deposits have a withdrawal request period (currently set to 7 days) which prevent the depositors from front running the bounty payout function call. In addition to that the pendingApprovalClaim function that pauses the withdrawals in order to pay a bounty can be called only in a safety period(1 hour twice a day) a period where withdrawals are disabled. So even a depositor that have an active withdrawal request cant frontrun the bounty payout.

Timelock Timelocks are handled by HATTimelockController contract that is based on openzeppelin-solidity/contracts/governance/TimelockController.sol default timeout is set to 3 weeks. Flashloans Hats functions are not susceptible to flashloans. Hats vaults swapBurnSend function can only be called by governance therefore it is not susceptible to price manipulation attack.

Pause controls Hats contracts don't have pause controls. Hats vaults withdrawals cannot be stoped only deposits can be paused by Hats governance.

https://etherscan.io/address/0x571f39d351513146248AcafA9D0509319A327C4D
https://etherscan.io/address/0x685D939C8FE6CCe02f3C7Cbc37d024E99570812c
https://etherscan.io/address/0x2c7dAec5B1C6157C2b37B2505d5D57d6D075E39E
https://etherscan.io/address/0xFd4255F16378306CA83E37015Df01a1700DAc296