kinetiq-contracts
Total reward
$5,000,000
Findings submitted
28
Start date
15 Sep 2025
Please sign in as a researcher to join the bounty.
Log inKinetiq is a liquid staking protocol built natively on Hyperliquid, enabling users to stake the native token of the Hyperliquid blockchain (HYPE) and receive Kinetiq Staked HYPE (kHYPE) in return.
kHYPE enables staking participation while retaining full liquidity and capital efficiency — earning staking rewards while staying active across DeFi.
Behind the scenes, all staked HYPE is automatically delegated to the top-performing Hyperliquid validators, selected by StakeHub— Kinetiq’s autonomous validator scoring and delegation system.
Scope
Please carefully review prior audits at https://audits.kinetiq.xyz prior to submitting your findings. DO NOT submit duplicate findings.
Contracts in-scope:
- kHYPE
- StakingManager
- StakingAccountant
- ValidatorManager
- PauserRegistry
- OracleManager
- OracleAdapter (DefaultOracle)
If you discover a vulnerability in any component that is not explicitly listed but poses a risk to user funds, user data, or the integrity of the system, you may submit it for consideration. The team will review such submissions on a case-by-case basis.
Prohibited Actions
-
No Unauthorized Testing on Production Environments:
Do not test vulnerabilities on mainnet or public testnet deployments without prior authorization. Use local test environments or private test setups. -
No Public Disclosure Without Consent:
Do not publicly disclose details of any vulnerability before it has been addressed and you have received written permission to disclose. -
No Exploitation or Data Exfiltration:
Do not exploit the vulnerability beyond the minimum steps necessary to demonstrate the issue. Do not access private data, engage in social engineering, or disrupt service. -
No Conflict of Interest:
Individuals currently or formerly employed by Kinetiq, or those who contributed to the development of the affected code, are ineligible to participate.
Disclosure Requirements
Please report vulnerabilities directly through the Spearbit/Cantina platform. Please include:
- A clear description of the vulnerability and its impact.
- Steps to reproduce the issue, ideally with a proof of concept.
- Details on the conditions under which the issue occurs.
- Potential implications if the vulnerability were exploited.
Reports should be made as soon as possible—ideally within 24 hours of discovery.
Eligibility
To be eligible for a reward, you must:
- Be the first to report a previously unknown, non-public vulnerability within the defined scope.
- Provide sufficient information to reproduce and fix the vulnerability.
- Not have exploited the vulnerability in any malicious manner.
- Not have disclosed the vulnerability to third parties before receiving permission.
- Comply with all Program rules and applicable laws.
You must also be of legal age in your jurisdiction and not be a resident in a country under sanctions or restrictions, as required by applicable laws.
Note: Kinetiq requires KYC prior to paying out a reward.
Severity and Rewards
Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.
Risk Classification Matrix
| Severity Level | Impact: Critical | Impact: High | Impact: Medium | Impact: Low |
|---|---|---|---|---|
| Likelihood: High | Critical | High | Medium | Low |
| Likelihood: Medium | High | High | Medium | Low |
| Likelihood: Low | Medium | Medium | Low | Informational |
Critical:
- Manipulation of governance voting result deviating from voted outcome and resulting in a direct change from intended effect of original results
- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
- Permanent freezing of funds
- Protocol insolvency
High:
- Theft of yield
- Permanent freezing of yield
Medium:
- Temporary freezing of funds for more than 1 week
- Smart contract unable to operate due to lack of token funds
- Unbounded gas consumption
Low:
- Contract functions affected but does not result in loss of fund or impact severely
- Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Payout Guidelines
| Severity | Maximum Payout |
|---|---|
| Critical | $5,000,000 |
| High | $50,000 |
| Medium | $5,000 |
| Low | $500 |
Note: Actual reward amounts are determined at Kinetiq’s sole discretion. Factors influencing payout include quality of report, completeness, and the severity and exploitability of the vulnerability.
Out of scope:
- Please refer to the docs for default out of scope guidelines
Other Terms
By submitting a report, you grant Kinetiq the rights necessary to investigate, mitigate, and disclose the vulnerability. Reward decisions and eligibility are at the sole discretion of Kinetiq. The terms, conditions, and scope of this Program may be revised at any time. All participants are responsible for reviewing the latest version before submitting a report.