HyperLabs Inc / hyperlend

HyperLend is a lending platform, aiming to become the main lending market on the Hyperliquid HyperEVM chain.

We have 3 different types of lending markets:

• Core pools: the codebase is a fork of Aave v3.0.2.
  Users can supply/borrow multiple tokens in a single pool.
• -Isolated pools: the codebase is a fork of Fraxlend V3.
  Each market has one token that can be supplied as collateral and one that can be borrowed, isolating the risk to a specific market instead of the entire protocol.
• P2P loans: users can request personalized loans (each loan has a custom collateral asset, borrowed asset, borrow amount, repayment amount, duration, and liquidation settings), and other users can then fill their requests.

This competition also includes another contract:

• HyperEVM oracle: a contract used to fetch price data from Hyperliquids HyperEVM system contract.

Prize distribution and scoring

• Total Prize Pool: $100,000

• Primary Prize Pool: $95,000

• The prize distribution has 2 possible triggers:

  • If one or more valid medium severity findings are found, the total pot size is $40,000
  • If one or more valid high severity findings are found, the total pot size is $100,000

• $5,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

  • 1st: $2.5k
  • 2nd: $1k
  • 3rd: $500
  • 4th: $500
  • 5th: $500

• Scoring described in the competition scoring page.

• Findings Severities described in detail on our docs page.

Documentation

• Core Pools (Aave V3.0.2 fork):
  • tech paper
  • codebase diffs: gist & description
• Isolated Pools (FraxLend V3 fork):
  • documentation
  • codebase diffs: gist & description
• P2P loans:
  • description
  • code walkthrough
• HyperEVM Oracle:
  • description
  • code walkthrough

Scope

Hyperlend Core

• Repository: https://github.com/hyperlendx/hyperlend-core
• Commit: eb1c180e09561b3272dc9cbe21f5a9328a3bef33
• Total LOC:
• Files: all files in contracts/
  • excluding: contracts/mocks/ and contracts/flashloan/
• Note: the codebase is an Aave v3.0.2 fork with very minor modifications

Hyperlend Isolated

• Repository: https://github.com/hyperlendx/hyperlend-isolated
• Commit: 52449fc85a5bd7409b74ef8201b2ee99ae1cd704
• Total LOC:
• Files: all files in contracts/
  • excluding: contracts/mocks/
• Note: the codebase is a fork of Fraxlend V3

Hyperlend P2P

• Repository: https://github.com/hyperlendx/hyperlend-p2p
• Commit: 3ba49b59ab0ce75cbf53214cc3806a4668ea5fa9
• Total LOC:
• Files: contracts/LendingP2P.sol

Hyperevm Oracle

• Repository: https://github.com/hyperlendx/hyperevm-oracle
• Commit: b76fedd9efed255ba2d4bf5bc51a463e71641f22
• Total LOC:
• Files: all files in contracts/
  • excluding: contracts/mocks/ and contracts/interfaces/

Build Instructions

All repositories are using Hardhat and include build instructions in the README. NodeJS is required to build the code.

Install dependencies: npm install

Compile code: npx hardhat compile

Run tests: npx hardhat test

• Basic POC test:
  • Basic tests are available in each repository under test/baseTest.js

Out of scope

• Exploits that rely on price manipulation on external markets
• Exploits caused by 3rd-party oracles providing invalid data
• Exploits only possible by permissioned entities (such as admin address passing wrong parameters to config functions or keepers submitting invalid prices).
• All pools/reserves are expected to have minimum liquidity at all times.
• Any problems arising from non-standard ERC20 tokens (such as rebasing, fee-on-transfer, ERC777...).
• Any issues mentioned/acknowledged in the code comments

• Automated findings by Lightchaser
  • Hyperevm Oracle report
  • Hyperlend Core report
  • Hyperlend Isolated report
  • Hyperlend P2P report

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.