Risks

For Users:

1. Caution: If a malicious user gets their hands on the private owner key, they may be able to perform malicious actions including draining the funds, ensuring relayers receive no funds, remove legitimate relayers, adding malicious relayers to the protocol and disallow further use of any token in the protocol

2. Like with any smart contract, There is a risk that a token contract blacklists Hinkal from using their token then people will not be able to deposit that token to Hinkal anymore. Furthermore, the token amounts already inside Hinkal will not be able to be withdrawn.

3. Caution: Please do not send direct transactions to Hinkal. All funds should be sent via transact methods. Any funds that are sent directly will be permanently lost.

4. Caution: Please always be careful to send trusted coins to Hinkal. Use of malicious coins with Hinkal may cause problems including users not being able to withdraw their balance of malicious funds.

5. Note: Sometimes in case an access token is blacklisted, your transactions may be reverted. This is a normal part of the process and reverted transactions can be safely posted again without any problem resulting from it.

6. Note: Certain checks such as the external action address check and the hook contract check can be bypassed in the smart contract. transactWithExternalActionAndHook() can be bypassed using transact(), transactWithExternalAction(), and transactWithHook(). transactWithHook() and transactWithExternalAction can both be bypassed using transact().

For Relayers:

1. Relayers are ethereum addresses that post transactions to Hinkal on the user’s behalf for some incentive. Please note that Relayers cannot be Smart Contracts. The address used for relaying Hinkal transactions should be used exclusively for that purpose.