Huma Bounty
@Huma-Finance
LiveOn-chain credit platform where high-performing receivables meet with global capital.
Visit the docs for a complete project overview.
Smart Contracts in Scope
huma-contracts-v2
| Name (address link) | Repo |
|---|---|
| huma-contracts-v2 | https://github.com/00labs/huma-contracts-v2/tree/main |
Excluding mocks, tests, scripts, etc. Valid issues must satisfy one of the severity definitions below.
Deployed Contracts Celo
| Name | Celo Address |
|---|---|
| Calendar | 0x129686C98916c7fFF9cf9110127402D070183610 |
| HumaConfig | 0x9345cc5617F906C62bE1608680B9C0FC3e7707B0 |
| HumaConfigTimelock | 0x14B067bac6039429A11baf564db90eDBcc4E27F3 |
| PoolConfigImpl | 0x7b6b28434c74E6DB5ba5c9a71eA6ff7A6D5071A5 |
| PoolFeeManagerImpl | 0x3D143343FC4bF823365A38Fb76A89754C5C22f77 |
| PoolSafeImpl | 0xd2FFCC9f6797ce2D7B503DC3287c4cc4D7fde77F |
| FirstLossCoverImpl | 0x0D9b3ecd2B890651EF7dF65650b419a202D38FF4 |
| RiskAdjustedTranchesPolicyImpl | 0xe780653d7c03A5199B3c13b8c663fcE2CDd72562 |
| FixedSeniorYieldTranchesPolicyImpl | 0x86c3a14EE6f0B9BFeE1439a9b6eA191B565a3A0F |
| PoolImpl | 0xa6C59ce6c1E1A519EcE7ad0Eeead31D485C7C8A9 |
| EpochManagerImpl | 0x5aF84f6c8c6738417e6081677f186839294b5eEc |
| TrancheVaultImpl | 0xf26A071833032Ce57769fdf530E81A28f15671df |
| CreditLineImpl | 0x73c16Db24951135BC8A628185BdbfA79115793E5 |
| ReceivableBackedCreditLineImpl | 0xE265E07F9d18Df940A75CfFfEA51211F4f0C46cC |
| ReceivableFactoringCreditImpl | 0x2DF0091067B29Cbac6bD8C2cE15334dEFEE9738C |
| CreditDueManagerImpl | 0xe1Bd10Bba7DF72527dB2F6955d8A731844C8bf84 |
| CreditLineManagerImpl | 0xC98dEAA52Ba4848079aA0A4e48BEA6f0AcdC542c |
| ReceivableBackedCreditLineManagerImpl | 0xAD3FB6bB897f85125436a63a5b8c3Dfb5928Fa4e |
| ReceivableFactoringCreditManagerImpl | 0x7EF17831D7153b085ccDEFc02373234Baec16243 |
| ReceivableImpl | 0x8920C27a3D76daA004f373f78fa1Ed01B4940FbA |
| LibTimelockController | 0x41B1Dd4c2bbcff308Ef95210532B97DF87D8c053 |
| PoolFactoryImpl | 0x2DA34B43089F20c87770674fb7d8Fa5b5384534b |
| PoolFactory | 0x85c8dC49B8DaA709e65dd2182e500E8AC3CaA6C7 |
Severity Definitions
Smart Contracts
| Severity level | Impact: High | Impact: Medium |
|---|---|---|
| Likelihood:high | $50,000.00 | $25,000.00 |
| Likelihood:medium | $25,000.00 | $10,000.00 |
Issues in Scope
Critical
Complete, or near complete, loss of all funds in the protocol.
High
Meaningful, but limited, loss of funds. Examples include a single pool vulnerable to complete loss of funds, or partial loss of TVL across the protocol such as 15% loss, etc.
Medium
Privilege escalation and circumventing access controls not leading to loss of funds in a way that qualifies as a higher severity.
Out of Scope (all repositories)
Known Issues
Known issues from previous security reviews are considered out of scope. (Spearbit-Security-Review)
Specific Types of Issues
- Informational findings.
- Design choices related to protocol.
- Issues that are ultimately user errors and can easily be caught in the frontend. For example, transfers to
address(0). - Rounding errors. (E.g. yield calculation precision not leading to meaningful loss of funds.)
- Relatively high gas consumption.
- Centralization or admin risks.
All other issues acknowledged in the audits in the Spearbit-Security-Review
Prohibited Actions
- Live testing on public chains, including public mainnet deployments and public testnet deployments.
- We recommend testing on local forks, for example using foundry.
- Public disclosure of bugs without the consent of the protocol team.
- Conflict of Interest: any employee or contractor who currently works, or previously worked, with Huma Finance cannot participate in the Bug Bounty without prior approval. Examples include Huma contributors, security researchers who worked on Huma Finance code reviews, etc.
Total reward
$50,000
Findings submitted
13
Start date
Jul 5, 2024
Please sign in as a researcher to join the bounty.
Log in