Testing Scope
a. Functions Involved:
Swap: Users can use one token to exchange for another token as long as the trading pair is supported.
Add Liquidity: Users can add liquidity to a specific trading pair. Liquidity providers will get LPT (Liquidity provider token) as a certificate of their liquidity adding. They need the LPT to claim back their liquidity by removing liquidity.
LP Farming: There will be some Farming Pools opened under the LP Farming section. Users can stake corresponding LPT that is generated from their liquidity adding action to earn rewards from the farming. They can harvest rewards anytime they want or unstake LPT to finish the farming.
Staking: Users can stake required single asset to earn rewards from the staking section.
HMM: Hydra Market Maker Algorithm. HMM is an oracle-adjusted market maker algorithm that induces less impermanent loss for LPs. HMM will be supported in selected trading pairs shortly. The oracle that we currently refer to is Pyth Network (Devnet).
b. Prioritized Vulnerabilities:
We are especially interested in receiving feedback on the following vulnerability types:
Smart Contracts:
Re-entrancy
Logic errors, including user authentication errors
Trusting trust/dependency vulnerabilities
Novel governance attacks
Congestion and scalability, including running out of gas, block stuffing, susceptibility to frontrunning
Consensus failure
Cryptography problems, including signature malleability, susceptibility to replay attacks, weak randomness, weak encryption
Susceptibility to block timestamp manipulation
Missing access controls / unprotected internal or debugging interfaces
Web Application:
For web vulnerabilities, we are especially interested in those that cause direct and unequivocal loss or permanent locking of user funds. For example, a vulnerability that lets an attacker spoof transactions on Hydra’s web application, leading to theft of funds.
Last updated