Critical-risk tools in Waiaas
46 of the 126 tools in Waiaas are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_orderDestructiveCancel an existing XRPL DEX offer by its sequence number
-
hl_cancel_orderDestructiveCancel one or all orders for a market on Hyperliquid
-
pm_cancel_allDestructiveCancel all active Polymarket CLOB orders optionally by market
-
pm_cancel_orderDestructiveCancel an active Polymarket CLOB order by ID
-
remove_liquidityDestructiveRemove liquidity from a Pendle market by burning LP tokens
-
dex_swapFinancialExecute DEX swap via D
-
execute_actionFinancialExecute a DeFi action (swap, bridge, stake, unstake, lend_supply, lend_borrow, lend_repay, lend_withdraw, etc.) through the action provider system. Call get_provider_status firs...
-
aave_withdrawFinancialWithdraw supplied collateral from Aave V3 lending pool. Use amount=
-
drift_withdraw_marginFinancialWithdraw excess collateral from Drift V2 margin account to wallet
-
hl_sub_transferFinancialTransfer USDC between master account and sub-account
-
hl_transfer_usdcFinancialTransfer USDC between Spot and Perp accounts on Hyperliquid
-
kamino_withdrawFinancialWithdraw supplied collateral from Kamino K-Lend. Use amount=
-
transfer_nftFinancialtransfer_nft
-
aave_borrowFinancialBorrow an asset from Aave V3 lending pool against deposited collateral (variable rate)
-
aave_repayFinancialRepay borrowed debt on Aave V3 lending pool. Use amount=
-
aave_supplyFinancialSupply (deposit) an ERC-20 token as collateral to Aave V3 lending pool
-
bridgeFinancialSimple cross-chain bridge via LI.FI. Transfers same token between chains (e.g., USDC from Ethereum to Arbitrum)
-
buy_ptFinancialBuy PT (Principal Token) from a Pendle market for fixed yield at maturity
-
buy_ytFinancialBuy YT (Yield Token) from a Pendle market for leveraged yield exposure
-
cross_swapFinancialCross-chain bridge and swap via LI.FI aggregator. Moves tokens between different chains (e.g., SOL to Base USDC)
-
erc8128_sign_requestFinancialerc8128_sign_request
-
hl_place_orderFinancialPlace a conditional order (stop-loss or take-profit) on Hyperliquid
-
hl_spot_buyFinancialPlace a spot buy order on Hyperliquid (market or limit)
-
hl_spot_sellFinancialPlace a spot sell order on Hyperliquid (market or limit)
-
kamino_borrowFinancialBorrow an asset from Kamino K-Lend against deposited collateral on Solana
-
kamino_repayFinancialRepay borrowed debt on Kamino K-Lend. Use amount=
-
kamino_supplyFinancialSupply (deposit) an SPL token as collateral to Kamino K-Lend lending market
-
limit_orderFinancialPlace a limit order on the XRPL DEX orderbook with expiration
-
pm_buyFinancialBuy outcome tokens on Polymarket prediction market
-
pm_redeem_positionsFinancialRedeem winning tokens after market resolution for USDC collateral
-
pm_sellFinancialSell outcome tokens on Polymarket prediction market
-
pm_split_positionFinancialSplit USDC collateral into outcome token sets on CTF contract
-
redeem_ptFinancialRedeem PT tokens: market sell before maturity or redeem underlying after maturity
-
stakeFinancialStake SOL to receive JitoSOL via Jito Stake Pool (DepositSol). Immediate, no lock-up.
-
swapFinancialSwap tokens on Solana via Jupiter aggregator with slippage protection and Jito MEV tips
-
unstakeFinancialWithdraw SOL from Jito Stake Pool by burning JitoSOL (WithdrawSol). Epoch boundary delay.
-
drift_close_positionFinancialClose a perpetual position on Drift V2 (full close or partial close with size parameter)
-
drift_modify_positionFinancialModify an existing perpetual position on Drift V2 by changing size or limit price
-
drift_open_positionFinancialOpen a leveraged perpetual position (LONG or SHORT) on Drift V2 with market or limit order
-
hl_close_positionFinancialClose a perpetual position on Hyperliquid (full or partial close)
-
hl_create_sub_accountFinancialCreate a new Hyperliquid sub-account
-
hl_open_positionFinancialOpen a leveraged perpetual position on Hyperliquid with market or limit order
-
hl_set_margin_modeFinancialSwitch between Cross and Isolated margin mode on Hyperliquid
-
pm_merge_positionsFinancialMerge outcome token sets back to USDC collateral on CTF contract
-
send_batchFinancialsend_batch
-
send_tokenFinancialsend_token
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.