Huma Finance / Huma Bounty
On-chain credit platform where high-performing receivables meet with global capital.
Visit the docs for a complete project overview.
Smart Contracts in Scope
huma-contracts-v2
| Name (address link) | Repo |
|---|---|
| huma-contracts-v2 | https://github.com/00labs/huma-contracts-v2/tree/main |
Excluding mocks, tests, scripts, etc. Valid issues must satisfy one of the severity definitions below.
Deployed Contracts Celo
| Name | Celo Address |
|---|---|
| Calendar | 0x129686C98916c7fFF9cf9110127402D070183610 |
| HumaConfig | 0x9345cc5617F906C62bE1608680B9C0FC3e7707B0 |
| HumaConfigTimelock | 0x14B067bac6039429A11baf564db90eDBcc4E27F3 |
| PoolConfigImpl | 0x7b6b28434c74E6DB5ba5c9a71eA6ff7A6D5071A5 |
| PoolFeeManagerImpl | 0x3D143343FC4bF823365A38Fb76A89754C5C22f77 |
| PoolSafeImpl | 0xd2FFCC9f6797ce2D7B503DC3287c4cc4D7fde77F |
| FirstLossCoverImpl | 0x0D9b3ecd2B890651EF7dF65650b419a202D38FF4 |
| RiskAdjustedTranchesPolicyImpl | 0xe780653d7c03A5199B3c13b8c663fcE2CDd72562 |
| FixedSeniorYieldTranchesPolicyImpl | 0x86c3a14EE6f0B9BFeE1439a9b6eA191B565a3A0F |
| PoolImpl | 0xa6C59ce6c1E1A519EcE7ad0Eeead31D485C7C8A9 |
| EpochManagerImpl | 0x5aF84f6c8c6738417e6081677f186839294b5eEc |
| TrancheVaultImpl | 0xf26A071833032Ce57769fdf530E81A28f15671df |
| CreditLineImpl | 0x73c16Db24951135BC8A628185BdbfA79115793E5 |
| ReceivableBackedCreditLineImpl | 0xE265E07F9d18Df940A75CfFfEA51211F4f0C46cC |
| ReceivableFactoringCreditImpl | 0x2DF0091067B29Cbac6bD8C2cE15334dEFEE9738C |
| CreditDueManagerImpl | 0xe1Bd10Bba7DF72527dB2F6955d8A731844C8bf84 |
| CreditLineManagerImpl | 0xC98dEAA52Ba4848079aA0A4e48BEA6f0AcdC542c |
| ReceivableBackedCreditLineManagerImpl | 0xAD3FB6bB897f85125436a63a5b8c3Dfb5928Fa4e |
| ReceivableFactoringCreditManagerImpl | 0x7EF17831D7153b085ccDEFc02373234Baec16243 |
| ReceivableImpl | 0x8920C27a3D76daA004f373f78fa1Ed01B4940FbA |
| LibTimelockController | 0x41B1Dd4c2bbcff308Ef95210532B97DF87D8c053 |
| PoolFactoryImpl | 0x2DA34B43089F20c87770674fb7d8Fa5b5384534b |
| PoolFactory | 0x85c8dC49B8DaA709e65dd2182e500E8AC3CaA6C7 |
Severity Definitions
Smart Contracts
| Severity level | Impact: High | Impact: Medium |
|---|---|---|
| Likelihood:high | $50,000.00 | $25,000.00 |
| Likelihood:medium | $25,000.00 | $10,000.00 |
Issues in Scope
Critical
Complete, or near complete, loss of all funds in the protocol.
High
Meaningful, but limited, loss of funds. Examples include a single pool vulnerable to complete loss of funds, or partial loss of TVL across the protocol such as 15% loss, etc.
Medium
Privilege escalation and circumventing access controls not leading to loss of funds in a way that qualifies as a higher severity.
Out of Scope (all repositories)
Known Issues
Known issues from previous security reviews are considered out of scope. (Spearbit-Security-Review)
Specific Types of Issues
- Informational findings.
- Design choices related to protocol.
- Issues that are ultimately user errors and can easily be caught in the frontend. For example, transfers to
address(0). - Rounding errors. (E.g. yield calculation precision not leading to meaningful loss of funds.)
- Relatively high gas consumption.
- Centralization or admin risks.
All other issues acknowledged in the audits in the Spearbit-Security-Review
Prohibited Actions
- Live testing on public chains, including public mainnet deployments and public testnet deployments.
- We recommend testing on local forks, for example using foundry.
- Public disclosure of bugs without the consent of the protocol team.
- Conflict of Interest: any employee or contractor who currently works, or previously worked, with Huma Finance cannot participate in the Bug Bounty without prior approval. Examples include Huma contributors, security researchers who worked on Huma Finance code reviews, etc.
Summary
Status
LiveTotal reward:
$50,000 USDC
Start date:
5 Jul 2024 10:00pm (local time)