Bug Bounty
The Hyperlend Bug Bounty Program invites security researchers and developers to help protect the protocol. We value the community’s role in ensuring the safety of user assets and the stability of our lending markets.
Submission Process
To qualify for a reward, please follow these steps:
Report: Write a detailed report including the potential impact and a technical description of the vulnerability.
PoC: Include a Proof of Concept or a set of reproduction steps (e.g., a Foundry test or Hardhat script).
Contact: Submit your report by opening a ticket in our Official Discord server: https://discord.gg/HhbANtPPT6
First-to-Report: If multiple researchers find the same bug, only the first valid report will be rewarded.
Rewards: Payouts are made in USDC (or protocol-native tokens) on Hyperliquid based on the severity of the finding.
Ineligibility Criteria:
Reports based on "theoretical" risks without a clear path to exploitation.
Issues requiring physical access to a user’s device or "jailbroken" hardware.
Vulnerabilities in third-party integrations (e.g., an external DEX where collateral is swapped) that Hyperlend does not control.
UI/UX "papercuts" or minor spelling errors that do not impact security or financial logic.
Market risks inherent to DeFi (e.g., loss of collateral value due to standard market volatility).
Classification & Rewards
Rewards are determined by the Hyperlend team based on the Impact and Likelihood.
Last updated