# Flare FAssets | Mitigation Audit

## Reports by Severity

<details>

<summary>Low</summary>

* \#55242 \[SC-Low] `selfCloseExitTo` vulnerable to frontrunning griefing via `exit`
* \#55208 \[SC-Low] Executors receive a greater reward than the assigned value
* \#55002 \[SC-Low] Rewards claims increase pool collateral but do not notify `AssetManager` (stale CR/accounting after fix for #45893)
* \#54916 \[SC-Low] Minting cap can be surpassed via redemption fee

</details>

<details>

<summary>Insight</summary>

* \#54887 \[SC-Insight] Mitigation regression: pool token suffix length excludes valid 1- and 20-char values (the "fix" rejects valid edge-lengths and breaks agent creation)
* \#55230 \[SC-Insight] There is a Sub-gwei Executor-Fee can be Bypass and Freezes ETH in RedemptionRequests
* \#55241 \[SC-Insight] Insufficient validation of pool token suffix (allows consecutive hyphens) enables token symbol impersonation and user confusion
* \#55046 \[SC-Insight] Claimed rewards paid in legacy **wNat** after an upgrade are silently ignored by the balance-delta fix
* \#55174 \[SC-Insight] Over-assignment of payable in `claimAirdropDistribution` function could cause confusion regarding native token handling
* \#55025 \[SC-Insight] CoreVault refund failure can permanently freeze overpaid NAT on AssetManager
* \#54955 \[SC-Insight] Malicious Agents Can Trap Stakers by Raising Exit Collateral Ratio
* \#55049 \[SC-Insight] There is an issue related to msg.value Not Returned to Payer in Self-Close Exit

</details>

## Reports by Type

<details>

<summary>Smart Contract</summary>

* \#55242 \[SC-Low] `selfCloseExitTo` vulnerable to frontrunning griefing via `exit`
* \#54887 \[SC-Insight] Mitigation regression: pool token suffix length excludes valid 1- and 20-char values (the "fix" rejects valid edge-lengths and breaks agent creation)
* \#55208 \[SC-Low] Executors receive a greater reward than the assigned value
* \#55002 \[SC-Low] Rewards claims increase pool collateral but do not notify `AssetManager` (stale CR/accounting after fix for #45893)
* \#55230 \[SC-Insight] There is a Sub-gwei Executor-Fee can be Bypass and Freezes ETH in RedemptionRequests
* \#55241 \[SC-Insight] Insufficient validation of pool token suffix (allows consecutive hyphens) enables token symbol impersonation and user confusion
* \#55046 \[SC-Insight] Claimed rewards paid in legacy **wNat** after an upgrade are silently ignored by the balance-delta fix
* \#55174 \[SC-Insight] Over-assignment of payable in `claimAirdropDistribution` function could cause confusion regarding native token handling
* \#55025 \[SC-Insight] CoreVault refund failure can permanently freeze overpaid NAT on AssetManager
* \#54916 \[SC-Low] Minting cap can be surpassed via redemption fee
* \#54955 \[SC-Insight] Malicious Agents Can Trap Stakers by Raising Exit Collateral Ratio
* \#55049 \[SC-Insight] There is an issue related to msg.value Not Returned to Payer in Self-Close Exit

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/flare-fassets-or-mitigation-audit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.