Hyperdrive Security Roadmap Update #3: New Audit Report and Bug Bounty Program Launch
TL;DR
- To-date, Hyperdrive has undergone six audits and formal verifications
- The latest audit uncovered nine non-critical issues which were all addressed prior to launch
- There is now a public bug bounty program, hosted in partnership with Cantina for up to $100k to further enhance security, in which individuals can participate
- DELV is providing security monitoring and incident management services to Element DAO for their deployment of Hyperdrive over an initial 90 day period
Hyperdrive Audit Reports & Security Efforts Continue
Hyperdrive’s audit reports provide an in-depth analysis of the AMM, including findings and actions taken to solve or mitigate the audit-reported issues. Overall, Hyperdrive has gone through several rounds of audits (6) and formal verification. Today, we’re excited to also unveil a public bug bounty program with Cantina and share more of our security efforts supporting Element DAO’s Hyperdrive deployment.
Spearbit Audit (#4) Report (June 2024)
About The Auditor
Spearbit is a decentralized network of expert security engineers offering reviews and other security related services to Web3 companies with the goal of creating a stronger ecosystem. Their network has experience including but not limited to protocol design, smart contracts, and the Solidity compiler.
You can learn more about Spearbit here.
Summary of Findings
Spearbit’s audit dated June 2024 reviewed the Hyperdrive contracts (Commit hash: e9155984ed0997ead88e2e1d4ae44546bce703c8). Over the course of five days, the DELV team engaged with Spearbit to review the Hyperdrive protocol. In this period of time, a total of nine issues were found.
Spearbit’s Results:
You can read Spearbit’s full audit (#4) report here. Spearbit’s previous Hyperdrive Audits can be found here #3, here #2 and here #1.
Bug Bounty Program Launch with Cantina!
DELV aims to provide nothing but the best security for our software and is now motivating the community to also undertake their own security reviews of Hyperdrive in which we will happily reward individuals who provide responsible disclosures of qualifying vulnerabilities discovered within the codebase.
Learn more about the terms and conditions and discover how to participate in the Hyperdrive Bug Bounty program here.
Security Monitoring and Incident Management Services for Element DAO’s Hyperdrive Mainnet Deployment
With the recent launch of Element DAO’s Hyperdrive Deployment, we’re thrilled to be providing the Element DAO with our Security Monitoring and Incident Management Services. As a limited service provider to the DAO, DELV is currently monitoring, for a 90-day period, the health and safety of the Hyperdrive deployments. This includes, but is not limited to the following areas:
- Yield Source Hacks
- Hyperdrive Trading Vulnerabilities
- Hyperdrive Non-Trading Vulnerabilities
- Negative Interest Events (e.g., slashing events)
- Checkpoint Minting Failures
- Sunsetting Pools
For more information on the Element DAO’s Mainnet Launch, check out “Element DAO's Hyperdrive deployment is officially live on Mainnet!” and access the Hyperdrive UI at app.hyperdrive.box.
Summary
Our security efforts over the past year have resulted in the discovery of several bugs, including some critical and high-severity issues. The DELV team has taken actions to evaluate, mitigate, and address these issues, and we look forward to continuing to work with security partners as we build out new features and continue R&D for Hyperdrive.
In combination with six audit reports, formal verification, fuzzing, high coverage unit and integration testing, and now a continuous bug bounty program, we are working hard to build and earn public confidence in the security of Hyperdrive.
Join the DELV Community
Connect with us to stay updated on the latest news and developments:
- Twitter: @delv_tech
- Telegram: Delv Announcements TG
- Discord: delv.tech/discord
- GitHub: delvtech
Stay tuned for more news and announcements on Hyperdrive’s growth!
Sincerely,
The DELV Team