Sign in Subscribe

Hyperdrive Incident Report

DELV

3 min read
Hyperdrive Incident Report

Date of Discovery: March 23rd, 2025

Status: All pools paused. No known loss of funds.

Summary

On March 23rd, 2025, a vulnerability was identified in the Hyperdrive smart contracts that, under specific conditions, could allow a large liquidity provider (LP) to withdraw more value than they were entitled to. This issue stems from how the protocol calculates the present value of LP positions during liquidity removal in certain low-liquidity states.

While the vulnerability would have been costly to exploit, and was not actively abused, we took immediate steps to secure the protocol. All pools were paused to prevent any potential exploitation, and additional liquidity was added to each pool to ensure LPs could immediately exit.

Impact

  • We aren’t aware of any loss of funds.
  • The vulnerability was not exploited in the wild.
  • Liquidity was added to ensure LPs could withdraw immediately.
  • All pools were paused to prevent any potential abuse.

The vulnerability had the potential to allow a large LP to withdraw value at the expense of others during specific market conditions, but no malicious behavior was observed.

Technical Description

The vulnerability relates to how the protocol calculates the value of liquidity provider (LP) positions when liquidity is removed from a Hyperdrive pool. Specifically, the system attempts to simulate what would happen if all open positions were closed, in order to compute a fair "present value" for LPs exiting the pool.

This present value includes the current idle capital in the pool, adjusted by the expected impact of unwinding all open positions - which may be positive (in the case of net shorts) or negative (in the case of net longs).

When the pool is net long and liquidity is low, the protocol may be unable to simulate the full value of the outstanding long positions. In this case, the system marks any unpriceable long positions to zero. This fallback mechanism has the unintended effect of overstating the value of LP positions.  This is particularly true for large LPs exiting in these conditions because their share of open position exposure is undervalued.

As a result, LPs withdrawing liquidity during low-liquidity, net-long scenarios could extract more value than they should, leaving the remaining LPs with increased exposure and diminished value. While this behavior is expensive to exploit, it represents a critical asymmetry in the LP accounting logic and warranted immediate action.

The behavior that led to this vulnerability is part of a broader system intended to protect against other failure modes. The present value model is designed to reflect the current value of LP positions given market conditions, but it does not account for the future impact of those positions as they mature. In most cases, particularly when longs and shorts net out, this impact is acceptable. However, when liquidity is low and the pool is unbalanced, it may create edge cases where large LPs can exit early and offload risk onto remaining LPs. While the specific bug here was a direct result of how present value is calculated under a specific edge case, this incident also highlights the need to revisit assumptions around how LP exposure is valued over time.

Mitigation Measures

After confirming the vulnerability, we immediately:

  • Modeled the minimum liquidity needed to accommodate immediate LP exits
  • Injected additional capital into affected pools to meet those thresholds
  • Paused all pools to eliminate further exposure
  • Ensured LPs could withdraw safely and fairly without triggering the vulnerability

These actions were completed within the same day the issue was identified.

Acknowledgement

We’d like to thank 0x_Nick_, a longtime community member, for responsibly disclosing this vulnerability. Nick has been active in the Hyperdrive community since the beginning, and his careful attention to the protocol led to the discovery of this issue before it could be exploited.

We are classifying this as a critical vulnerability and will be awarding a bug bounty in recognition of his contribution to the safety and integrity of the protocol.

Next Steps

We are continuing to evaluate long-term options and will keep the community informed of any decisions related to the future of the protocol. While pools remain paused to new activity, users are still able to close positions and withdraw liquidity as usual. We’ll share updates as we determine the path forward.

Sign up to get our news early (and never miss an update)

Enter your email
Subscribe