Testing Scope

a. Functions Involved:

  • Swap: Users can use one token to exchange for another token as long as the trading pair is supported.

  • Add Liquidity: Users can add liquidity to a specific trading pair. Liquidity providers will get LPT (Liquidity provider token) as a certificate of their liquidity adding. They need the LPT to claim back their liquidity by removing liquidity.

  • LP Farming: There will be some Farming Pools opened under the LP Farming section. Users can stake corresponding LPT that is generated from their liquidity adding action to earn rewards from the farming. They can harvest rewards anytime they want or unstake LPT to finish the farming.

  • Staking: Users can stake required single asset to earn rewards from the staking section.

  • HMM: Hydra Market Maker Algorithm. HMM is an oracle-adjusted market maker algorithm that induces less impermanent loss for LPs. HMM will be supported in selected trading pairs shortly. The oracle that we currently refer to is Pyth Network (Devnet).

b. Prioritized Vulnerabilities:

We are especially interested in receiving feedback on the following vulnerability types:

  • Smart Contracts:

    • Re-entrancy

    • Logic errors, including user authentication errors

    • Trusting trust/dependency vulnerabilities

    • Novel governance attacks

    • Congestion and scalability, including running out of gas, block stuffing, susceptibility to frontrunning

    • Consensus failure

    • Cryptography problems, including signature malleability, susceptibility to replay attacks, weak randomness, weak encryption

    • Susceptibility to block timestamp manipulation

    • Missing access controls / unprotected internal or debugging interfaces

  • Web Application:

    • For web vulnerabilities, we are especially interested in those that cause direct and unequivocal loss or permanent locking of user funds. For example, a vulnerability that lets an attacker spoof transactions on Hydra’s web application, leading to theft of funds.

Last updated