Awesome
HydraDX-security
A collection of security resources relating to the HydraDX blockchain:
- Audit Reports
- Critical Vulnerability Reports
- Invariants Specification
- Mitigation Mechanisms - a set of mechanisms designed to safeguard against economic exploits
- Threat Modelling - a collection of known attack vectors
Audit Reports
April 2024 - Code4rena Challenge
Conducted by 27 independent security researchers that participated in an audit challenge on Code4rena.
Scope: Omnipool, Stablepools, Oracles, Circuit Breaker.
Read the full report in this repo or on the Code4rena website.
July 2023 - Stableswap Security Audit by Runtime Verification
Conducted by Runtime Verification, published in June 2022.
Read the full report here.
June 2023 - EMA Oracle Security Audit by Runtime Verification
Conducted by Runtime Verification, published in June 2022.
Read the full report here.
September 2022 - Omnipool Security Audit by Runtime Verification
Conducted by Runtime Verification, published in September 2022.
Read the full report here.
March 2022 - Omnipool Economic and Mathematical Audit by Blockscience
Conducted by BlockScience, published in March 2022.
Addendum by the HydraDX team elaborating on some changes which were made after the audit was finished (pp 41 et seq), published in November 2022.
Read the full report here.
Invariants Specification
You can find the specification of the following groups of invariants:
- System-level invariants - these relate to the global state of the system and must always hold
- Function-level invariants - these must hold in relation to the execution of specific state-transition functions (extrinsics)