Hyperliquid
App-chain perpetuals and spot exchange running on HyperBFT L1; primary TVL-bearing surface is the Bridge2 USDC bridge on Arbitrum and the L1 clearing vault.
DeploymentsArbitrum · $3.3B
01
Risk profile at a glance
1 red · 5 yellow · 7 green 02
Categories & evidence
184 factors · 13 categoriesCode & audits Green 16 25 of 25
RD-F-002 red Audit recency Bridge2: last full audit signed off November 2023 (Zellic follow-up patch review). As of 2026-05-07 that is approximately 891 days (29 months). Well above any reasonable recency threshold. L1: never audited - infinite recency gap. Bridge2 has no on-chain evidence of substantive code changes post-Nov 2023, but 891 days without re-audit at ~$3.58B Arbitrum bridge TVL (and ~$5.0B combined protocol TVL) is a meaningful gap. RD-F-001 yellow Audit scope mismatch Bridge2 surface: 3 audits (Cyfrin Mar 2023, Zellic Aug 2023, Zellic Nov 2023); last commit d7e66aa7 2023-11-28 'address audit comments'; no on-chain upgrades detected post-Nov 2023, so Bridge2 bytecode plausibly matches audited code. L1 surface: HyperCore binary has zero audits and is closed-source. At the protocol level the dominant TVL-bearing operational surface is categorically unaudited, constituting a material scope mismatch. RD-F-004 yellow Audit count Bridge2: 2 distinct firms — Cyfrin (Mar 2023) and Zellic (Aug 2023 + Nov 2023 patch review). The Nov 2023 Zellic report is a patch-review, not an independent full-scope second audit; total independent firm count is 2. L1: 0 audits. For a $4.7B TVL protocol, 2 firms covering only the bridge surface with no L1 audit is materially below peer expectation. RD-F-007 yellow Bug bounty presence & max payout Self-hosted bug bounty at bugbounty@hyperfoundation.org. Critical up to 1M USDC, High up to 50k USDC, Medium up to 10k USDC. KYC/KYB required. NOT on Immunefi or Cantina — no third-party verification of payout history or scope enforcement. RD-F-020 yellow EIP-712 domain separator missing chainId Bridge2/Signature.sol uses EIP-712 style message construction. Commit 97225667 'Fix 3.4 Signatures may be reused across different contracts' directly addresses cross-contract replay prevention, implying some form of contract-binding in the domain separator. Full domain separator construction (including chainId presence) not fully extractable from available sources without direct code diff of that commit. RD-F-023 yellow Constructor calls _disableInitializers() Bridge2.sol uses a constructor but does NOT call _disableInitializers(). Since Bridge2 does not use an initializer pattern (uses a real constructor), the OZ guidance is not structurally required — the constructor IS the initialization. However, defense-in-depth practice would still apply _disableInitializers() to prevent any future confusion. Slightly below best practice for a proxy-wrapped contract. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts The bug bounty program is self-hosted and describes scope as 'any bug that would cause an outage or logical error on nodes or API servers.' The scope does NOT explicitly enumerate Bridge2 or any Solidity contract addresses as in-scope. The L1 binary is mentioned via 'nodes' reference. $3.26B of USDC lives in Bridge2 but the bounty scope is framed around L1 node/API behavior, creating ambiguity over whether Bridge2 smart contract bugs are explicitly in scope. No Immunefi page with contract addresses to confirm. RD-F-009 gray Formal verification coverage No formal verification (Certora, Halmos, Kani, or equivalent) has been applied to Bridge2 or any Hyperliquid contract. No FV report referenced in the audit docs or GitHub. Web search found no Certora/Halmos/Mythril application to Hyperliquid. RD-F-010 gray Static-analyzer high-severity count No published Slither/Mythril/Semgrep analysis of Bridge2 deployed bytecode found in public sources. Manual audits (Zellic, Cyfrin) covered the same surface; automated tool output not separately disclosed. Bridge2 source is small (~400 LOC). Tool run needed for definitive score. RD-F-016 gray Divide-before-multiply pattern No published Slither output available. Bridge2 is primarily a signature-validation and fund-transfer contract with minimal arithmetic. Validator power calculations use proportional arithmetic, but no divide-before-multiply was identified during manual source review. Not confirmed without tool run. RD-F-018 gray Signed/unsigned arithmetic confusion Bridge2 uses Solidity 0.8.x with built-in overflow/underflow protection. uint64 power/threshold arithmetic is the main arithmetic surface; no signed-unsigned conversion paths found in manual review. Symbolic exec needed for full confirmation. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Bridge2 does NOT use UUPS proxy pattern. The AdminUpgradeabilityProxy pattern is used — upgrade authorization is via the proxy admin (Foundation multisig), not UUPS internal gate. Factor is N/A for the transparent/admin proxy pattern in use. RD-F-022 n/a Public initialize() without initializer modifier Bridge2.sol uses a constructor for all initialization. There is NO initialize() function in Bridge2.sol or Signature.sol. The AdminUpgradeabilityProxy pattern wraps Bridge2, but the implementation itself uses a constructor-only initialization path. Not applicable.
RD-F-003 green Resolved-without-proof findings Commit history shows explicit fix commits referencing Zellic Aug 2023 findings 3.1–3.6 and 4.3. Each finding maps to a specific commit (e5b7e068, 8c4a182a, 1c8d3333, 97225667, b198269c, 57df1c10). No evidence of unresolved medium+ findings. Resolution is consistent with audited code being the deployed state post-Nov 2023.
RD-F-005 green Audit firm tier Zellic is a Tier-1 / top-tier smart contract audit firm known for high-quality bridge security work. Cyfrin is a well-regarded boutique with a strong track record. Both are credible.
RD-F-006 green Audit-to-deploy gap Cyfrin engagement: Mar 10–24, 2023; Bridge v1 predecessor deployed March 2023. Zellic Nov 2023 patch review followed by 'address audit comments' commit d7e66aa7 Nov 28, 2023 — suggesting same-week deploy. The final Bridge2 deployment for the Nov 2023 version appears within days of audit sign-off. No >60-day drift detected for Bridge2 EVM surface.
RD-F-008 green Ignored bounty disclosure No evidence in public post-mortems that a disclosed vulnerability was reported and not actioned before an exploit. The bridge outage (Oct 2024) was an RPC edge case, not a prior-disclosed bug. JELLY incident was a market manipulation exploit, not a code vulnerability.
RD-F-011 green SELFDESTRUCT reachable from non-admin path Bridge2.sol source analysis confirms NO selfdestruct opcode anywhere in Bridge2.sol or Signature.sol. Contract is designed for persistence.
RD-F-012 green delegatecall with user-controlled target Bridge2.sol source analysis confirms NO delegatecall usage anywhere in the contract. Direct function calls only.
RD-F-013 green Arbitrary call with user-controlled target Bridge2 uses SafeERC20 for USDC transfers (whitelisted target by address), not arbitrary call with user-controlled target. No arbitrary .call(target, data) pattern found.
RD-F-014 green Reentrancy guard on external-calling functions Bridge2 imports OZ ReentrancyGuard. The nonReentrant modifier is applied to batchedRequestWithdrawals(), batchedFinalizeWithdrawals(), and batchedDepositWithPermit() — all three externally-calling state-mutating functions.
RD-F-015 green ERC-777/1155/721 hook without reentrancy guard Bridge2 integrates only native USDC (ERC-20 only, no callbacks). No ERC-777, ERC-1155, or ERC-721 token standards used. The nonReentrant guard also covers the ERC-20 transfer path.
RD-F-017 green Mixed-decimals math without explicit scaling Bridge2 handles a single token (USDC, 6 decimals) with no cross-token arithmetic. No mixed-decimals risk.
RD-F-019 green ecrecover zero-address return unchecked Signature.sol recoverSigner() function explicitly calls ecrecover(digest, sig.v, bytes32(sig.r), bytes32(sig.s)) and then checks require(signerRecovered != address(0), 'Invalid signature, recovered the zero address'). Zero-address guard is present.
RD-F-024 green Code complexity vs audit coverage Bridge2.sol is approximately 400–500 LOC. Signature.sol is ~50 LOC. Total codebase under 600 LOC with 3 audit engagements. LOC/audit-day ratio is well within credible audit coverage range for the Bridge2 EVM surface. L1 binary complexity is unknowable but Bridge2 is the assessed surface.
Governance & admin Yellow 35 24 of 24
RD-F-032 red Timelock duration on upgrades No timelock on Bridge2 proxy admin upgrades. Foundation multisig can replace Bridge2 implementation immediately after signature collection — zero delay. The disputePeriodSeconds (~200 seconds for validator-set updates) is a challenge window for withdrawals only, NOT an upgrade timelock. Data cache confirms timelock_address: null. RD-F-033 red Timelock on sensitive actions No action in Bridge2 routes through a governance timelock: (a) Proxy admin upgrade — no timelock; (b) invalidateWithdrawals() — cold-validator quorum, no time delay; (c) changeDisputePeriodSeconds() — cold-validator quorum, no timelock; (d) changeLockerThreshold() — cold-validator quorum, no timelock. 200-second dispute queue on withdrawals is operational safety, not governance timelock. RD-F-047 red Governance token concentration (Gini) Hyper Foundation operates 5 validators with >50% of staked HYPE. Team HYPE allocation is ~23.8% of total supply (vesting). Foundation validators hold supermajority governance power. December 2025 USDH vote removed team HYPE from weighting — acknowledging concentration concern. Qualitative Gini assessment: extreme concentration at the validator level. RD-F-025 yellow Admin key custody type Bridge2 proxy admin is a Hyper Foundation multisig (undisclosed address, threshold unknown). L1 critical operations require 2/3 stake-weighted cold-validator quorum. Operational parameters controlled by Hyperliquid Labs via closed-source L1 binary. Classification: multisig without timelock on upgrades. Admin type is multisig but transparency is low. RD-F-026 yellow Upgrade multisig signer configuration (M/N) Bridge2 hot-validator quorum: effectively 3-of-4 for withdrawals (2/3 stake-weighted). Lockers: 2-of-5 to pause. Cold validator set: 4 nodes, 2/3 required for emergency ops. Proxy admin upgrade multisig: threshold NOT publicly disclosed (safe_api_gap: true). L1 validator governance: top-24 by stake, 2/3 BFT quorum. RD-F-028 yellow Low-threshold multisig vs TVL At $4.73B TVL, bridge initially operated with 3-of-4 hot validators (all Hyperliquid Labs). Expanded to ~21+ validators by April 2025 but Hyper Foundation holds >50% of staked HYPE through its 5 validators. Proxy admin upgrade threshold undisclosed. Below peer norm for bridge-class at this TVL scale. RD-F-029 yellow Multisig signers co-hosted Initial 4-validator set was entirely Hyperliquid Labs team members — maximum co-hosting. Post-expansion, independent analysis (Jan 2025) suggests 7 of 11 independent validators have questionable independence. No public key-custody attestations from validators. Closed-source node software prevents external validation. RD-F-030 yellow Hot-wallet signer flag Hyperliquid's hot validator set signs withdrawals with online keys by design - hot-wallet usage is structural, not incidental. Cold-wallet set holds administrative override keys. The hot/cold split is the architecture; persistent hot-key signing creates ongoing compromise risk at ~$3.58B Arbitrum Bridge2 TVL (2026-05-07). RD-F-031 yellow Signer rotation recency Validator set expanded from 4 (Hyperliquid Labs) to 16 (early 2025) to 21+ (April 2025). Post-JELLY, on-chain delisting validation implemented. Positive direction (progressive decentralization) but Foundation still holds supermajority stake. Rotation from all-Labs to partial-external over ~18 months for $4.73B system. RD-F-035 yellow Role separation: upgrade ≠ fee ≠ oracle Bridge2 roles structurally separated: proxy admin (upgrades) vs lockers (pause) vs finalizers (withdrawal execution) vs cold validators (parameter changes). Fee collection and oracle configuration are L1-side, controlled by Hyperliquid Labs via closed-source binary — not visible or separable at EVM layer. RD-F-036 yellow Flash-loanable voting weight HYPE governance uses stake-weighted validator voting with 1-day delegation lockup and 7-day unstaking queue — prevents flash-loan governance attacks. However, governance is informal (validator declarations, not on-chain contract-enforced quorum). No formal flash-loan guard in a governor contract. JELLY vote in ~2 minutes demonstrates no minimum quorum delay. RD-F-037 yellow Quorum achievable via single-entity flash loan Not flash-loan-exploitable (HYPE staking lockup prevents instantaneous quorum acquisition). However, Hyper Foundation holds >50% of staked HYPE through its 5 validators — the Foundation already has supermajority quorum unilaterally without any market action. Concentration risk rather than flash-loan risk. RD-F-038 yellow Proposal execution delay < 24h Documented governance votes (December 2025 HYPE burn) used 3–7 day windows. JELLY incident: emergency delisting executed in ~2 minutes with zero enforced delay. No formal minimum execution delay for governance proposals. Emergency actions can execute without delay. RD-F-040 yellow Emergency-veto multisig present Lockers set (2-of-5) can pause bridge functioning as circuit-breaker. Cold validator quorum provides second tier for parameter changes. However, neither Lockers nor cold validators can veto a Foundation proxy admin upgrade or a governance HIP. No veto mechanism against upgrade decisions. RD-F-041 yellow Rescue/emergencyWithdraw without timelock Bridge2 has invalidateWithdrawals() (cold validator 2/3 quorum — can cancel pending withdrawals of any user) and emergencyUnlock() (cold validator 2/3 quorum). No timelock on either. Cold validator set is primarily Hyperliquid Labs-controlled. Quorum requirement provides meaningful resistance vs. single-key rescue. Yellow not red because the 2/3 cold-validator quorum is a real barrier. RD-F-039 n/a delegatecall/call in proposal execution without allowlist No on-chain governor or proposal execution contract exists. HIPs are stake-weighted validator declarations, not smart-contract proposal payloads with delegatecall execution. Bridge2 contains no proposal execution path. Not applicable for this architecture. RD-F-042 n/a Admin has mint() with unlimited max No mint function exists on Bridge2 or any identified Hyperliquid EVM contract. Bridge2 handles USDC transfers only. HYPE token has a fixed genesis allocation with no admin-callable ongoing mint mechanism in publicly available code. RD-F-044 gray Admin wallet interacts with flagged addresses Not assessed — proxy admin multisig address is not publicly disclosed (safe_api_gap: true in data cache). Cannot perform on-chain interaction history analysis without knowing the address. This opacity is itself a governance risk finding. RD-F-167 n/a Deprecated contract paused but pause reversible by live admin No formally deprecated contracts identified. Earlier bridge iteration superseded by Bridge2 with no evidence of retained admin control or material value held in deprecated surface. Not applicable.
RD-F-027 green Single admin EOA Bridge2 proxy admin is Hyper Foundation multisig, not a single EOA. L1 critical ops require 2/3 cold-validator quorum. No evidence of solo EOA holding admin rights. Not a single-EOA pattern.
RD-F-034 green Guardian/pause-keeper distinct from upgrader Lockers role (2-of-5) is distinct from proxy admin upgrader role. Lockers can pause bridge but cannot upgrade implementation. Cold validators execute emergencyUnlock but cannot upgrade Bridge2. Structural role separation confirmed within Bridge2 contract.
RD-F-043 green Admin = deployer EOA after 7 days Bridge2 deployed mid-2023; proxy admin set to Foundation multisig from deployment per multiple independent analyses. No evidence of deployer EOA remaining as admin beyond 7 days post-deploy.
RD-F-045 green Constructor args match governance proposal Bridge2 constructor args (initial hot/cold validator addresses, USDC address, dispute period, block duration, locker threshold) reviewed by Cyfrin March 2023 audit and Zellic August 2023 audit. No governance proposal voted on constructor args (pre-DAO era deployment). No evidence of silent arg deviation.
RD-F-046 green Contract unverified on Etherscan/Sourcify Bridge2.sol source verified on Arbiscan (verification submitted December 5, 2023 per search evidence). GitHub source publicly available at hyperliquid-dex/contracts. ABI is public. Audited by Zellic Aug 2023 and Nov 2023.
Oracle & external dependencies Yellow 48 17 of 17
RD-F-049 red Oracle role per asset CEX-weighted-median price is the sole mark price source: primary role for liquidations, margining, and funding rate. No secondary or fallback oracle role defined. JELLY March 2025 proved mark prices can be manipulated via thin underlying CEX market (400%+ pump in 1 hour, $12M HLP unrealized loss). No minimum liquidity floor enforced for new perp listings. Oracle design flaw demonstrated live. RD-F-057 red Circuit breaker on price deviation No documented circuit breaker. JELLY incident (400%+ price move in 1 hour, March 2025) was not stopped by any automated circuit breaker — validators manually voted to delist JELLY perp and settle at open price. No evidence of a programmatic deviation threshold. Manual validator governance was the sole intervention mechanism. This is an oracle-design failure directly confirmed by live incident. RD-F-058 red Max-deviation threshold (bps) No automated max-deviation threshold identified. Red by construction given F057 is red (no circuit breaker exists at all). Manual validator governance was the only intervention during JELLY incident. No basis points threshold configured. RD-F-180 red Immutable oracle address CRITICAL-CANDIDATE (★ promoted by T-14 2026-04-22, PD-023 resolved). Hyperliquid's oracle is embedded in the closed-source HyperCore L1 binary (github.com/hyperliquid-dex/node). Oracle source addresses, CEX-endpoint configurations, and weighting parameters are not programmatically replaceable by any admin action short of a full binary upgrade requiring validator consensus and Hyperliquid Labs code changes. No admin-replaceable adapter wrapper exists. PD-023 explicitly extended F180 to cover 'closed-source binary oracle embeddings (Hyperliquid-class).' This is the canonical instance. NOTE FOR ORCHESTRATOR: F180 is ★ under rubric v1.4/v1.5 and counts toward the ★ critical total. RD-F-051 yellow Fallback behavior on oracle failure No documented fallback when a CEX source fails or becomes unavailable. Stake-weighted median provides partial resilience (losing one source still leaves remaining sources), but no explicit fallback protocol, no pause-on-threshold, and no last-known-price mechanism is documented. Behavior on majority-source failure is undefined. RD-F-052 yellow Breakage analysis per dependency Binance failure alone: degraded but functional. Binance+OKX failure: mark prices shift toward minority sources. CEX source manipulation (JELLY class): mark prices corrupt with no circuit breaker — liquidations fire at wrong prices, HLP vault at risk. USDC pause: Bridge2 withdrawals halt. Arbitrum sequencer down: dispute-period arithmetic disrupted (Oct 2024 bridge outage precedent). Breakage scenarios documented and confirmed by live incidents. RD-F-056 yellow Single-pool oracle (no medianization) Partial positive: oracle medianizes across 8 CEX sources and 20+ validators (two-tier medianization). However, Binance alone holds weight 3/12 (25%), Binance+OKX hold 5/12 (42%). For newly listed low-cap assets, CEX market may be concentrated. JELLY: manipulation was coordinated across multiple CEX sources validators were reading, circumventing the medianization. Medianization provides partial protection but not complete. RD-F-059 yellow Oracle staleness check present Oracle published every ~3 seconds by validators. No documented staleness rejection mechanism — unclear what happens if validator oracle submissions stop (network partition, coordinated liveness failure). The 3-second cadence suggests real-time tracking of CEX prices but does not confirm a staleness guard. Bridge2 is unaffected (no oracle used). Low confidence due to closed-source L1 binary. RD-F-053 gray Oracle source = spot DEX pool (no TWAP) NOT APPLICABLE to this architecture. Hyperliquid uses CEX spot feeds, not a DEX pool oracle. F053 is defined as 'reads spot price from a single DEX pool without TWAP or secondary source.' Hyperliquid does not read from any DEX pool. The analogous manipulation risk is present via CEX feed manipulation (captured in F049 and F180), not DEX pool manipulation. No Uniswap TWAP, no Chainlink, no DEX pool oracle used anywhere in HyperCore. RD-F-054 gray TWAP window duration No TWAP implemented. Oracle uses current-period weighted median (every ~3 seconds), not a time-weighted average. TWAP window = 0. JELLY incident demonstrated 400%+ price manipulation in 1 hour reflected in mark prices without any time-based damping. Gray because TWAP concept is not applicable — the oracle architecture is not TWAP-based. RD-F-055 gray Oracle pool depth (USD) Not applicable — oracle is CEX-based, not a DEX pool. CEX market depth is not verified on-chain. The JELLY incident revealed that thin CEX market depth allows price manipulation for newly listed, low-cap perps. No minimum CEX liquidity floor documented before new perp listing. Gray because the factor definition is specifically about DEX pool depth. RD-F-060 gray Chainlink aggregator min/max bound misconfig Not applicable — Hyperliquid does not use Chainlink for any protocol function. Bridge2 does not use any oracle feed. The Chainlink feeds in 00-data-cache.json are unrelated Arbitrum chain feeds not consumed by Hyperliquid protocol. RD-F-061 gray LP token balanceOf used for pricing Not applicable — protocol is a perps/spot DEX, not a lending protocol. No LP token pricing mechanism. F061 applies to protocols that price collateral via LP token balanceOf. RD-F-181 gray Permissionless-pool lending oracle Not applicable — Hyperliquid is a perps/spot DEX, not a lending protocol. F181 is defined as 'lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools.' No lending market, no permissionless pool listing for collateral purposes in Hyperliquid's core product.
RD-F-048 green Oracle providers used Two-tier stake-weighted CEX median: Binance (wt 3), OKX (wt 2), Bybit (wt 2), Kraken (wt 1), Kucoin (wt 1), Gate IO (wt 1), MEXC (wt 1), Hyperliquid spot (wt 1). Published every ~3 seconds. No Chainlink, Pyth, Band, or Uniswap TWAP. Oracle providers clearly documented.
RD-F-050 green Dependency graph (protocols depended upon) Dependencies: (1) 8 CEX spot feed providers (Binance, OKX, Bybit, Kraken, Kucoin, Gate IO, MEXC, HL spot) — validator-mediated; (2) Arbitrum One L2 for Bridge2 operation; (3) Circle native USDC ERC20Permit at 0xaf88d065e77c8cC2239327C5EDb3A432268e5831 for bridge settlement. No Aave, Uniswap, or other DeFi protocol dependencies. Dependency graph is simple and well-defined.
RD-F-062 green External keeper/relayer not redundant No external keeper/relayer (Gelato, Chainlink Automation) identified. Validators serve as oracle publishers and bridge signers (dual role). With 20-21 validators, there is no single-keeper dependency. Validator liveness is the functional analog to a keeper — a 2/3 quorum requirement means liveness is maintained as long as >2/3 validators are online.
Economic risk Yellow 44 13 of 13
RD-F-072 red Market-listing governance threshold RED. Hyperliquid operates a permissionless perp listing regime with demonstrated exploit history. Taxonomy definition: 'permissionless / low-threshold / high-threshold / no new listings.' Assessment: LOW-THRESHOLD (permissionless with financial stake only). (1) Pre-HIP-3 mechanism: JELLY was listed permissionlessly under the old mechanism; the $4.5M position bootstrapped a $13.5M HLP loss. (2) HIP-3 (launched October 2025): deployers must stake 500,000 HYPE — a financial barrier but not a technical/governance review. Validator slashing (>50% intraday price move triggers review) is a POST-event remedy, not a pre-listing gatekeeping mechanism. (3) POPCAT manipulation (November 2025) occurred AFTER HIP-3 launch, demonstrating the stake requirement did not prevent the attack pattern. The JELLY delisting was achieved via validator oracle override — an ad hoc emergency governance action, not a pre-established on-chain process. No formal pre-listing governance review, no oracle-quality verifi RD-F-067 yellow Historical bad-debt events Two confirmed bad debt events in ~12 months. (1) JELLY incident, March 26 2025: HLP vault accumulated ~$13.5M unrealized loss before validators voted to delist and settle using an oracle override; Hyperliquid Foundation covered the settlement; no permanent user loss but ~$13.5M transient bad exposure on HLP. (2) POPCAT incident, November 2025: attacker opened $26M leveraged POPCAT longs across 19 wallets then crashed the price; HLP absorbed ~$4.5–4.9M in realized bad debt. A third ETH-margin manipulation event also occurred in 2025. Pattern: recurring market-manipulation-driven bad debt on thin/long-tail perp markets. Yellow (not red) because no users permanently lost funds in either event — Foundation covered JELLY; POPCAT bad debt was absorbed into HLP vault P&L rather than socialised to user margin. RD-F-064 gray TVL concentration (top-10 wallet share) Not directly assessable. Hyperliquid L1 is a closed-source binary; on-chain enumeration of top depositors is not possible via standard EVM calls. All Arbitrum TVL is structurally concentrated in one Bridge2 contract (0x2Df1c51E09aECF9cacB7bc98cB1742757f163dF7) by design, not by user concentration. User-level concentration on L1 is not publicly queryable. Gap: curator should attempt Hypurrscan enumeration. RD-F-065 gray Liquidity depth per major asset Liquidity depth in AMM/2%-slippage terms is not applicable for an order-book perps exchange. For major perps (BTC, ETH) depth is deep given ~70% perp DEX market share. For long-tail/HIP-3 perps, depth is extremely thin — JELLY incident (March 2025) confirmed a $4.5M short forced through an illiquid book, causing HLP to absorb up to $13.5M in exposure. No formal 2%/5% depth metric is available for order-book markets. Gray due to methodology mismatch, not lack of evidence. RD-F-066 n/a Utilization rate (lending protocols) Not applicable. Hyperliquid is not a lending protocol. No supply/borrow markets exist. DefiLlama cache confirms borrow.present: false. Factor is lending-only per taxonomy PD-024. RD-F-068 n/a Collateralization under stress Not applicable. Hyperliquid is not a CDP or lending protocol. No collateralization ratio concept exists. User margin is USDC; positions are mark-to-market continuously with liquidations triggered at maintenance margin thresholds (1.25%–16.7% depending on leverage). Factor is lending-only per taxonomy PD-024. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Not applicable. Hyperliquid does not issue or govern a stablecoin. USDC (Circle-issued) is the settlement asset. Factor is lending/stablecoin-only per taxonomy PD-024. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) Not applicable. Hyperliquid is not a Compound V2 fork and has no cToken-style lending markets. No supply()/borrow() state exists; no share-based vault lending. Donation/empty-market attack vector is structurally absent by protocol design. Per taxonomy PD-024: RD-F-070 is Compound-fork-only. Profile §5 confirms this is an original protocol with no fork lineage. DefiLlama cache: borrow.present: false. RD-F-071 gray Seed-deposit requirement for new market listing Factor is lending-market-specific (seed deposit for new cToken markets). No direct equivalent in the perps context. HIP-3 permissionless perps require 500,000 HYPE staked by deployers — this is an economic barrier analogous to a seed requirement, and it is slashable for malicious operation. However, it is a stake requirement, not a seed deposit in the technical cToken sense. For legacy HyperCore curated perps, no formal seed deposit requirement exists (Hyperliquid Labs curates listings unilaterally). Scoring gray due to factor-type mismatch; perps-context risk is assessed under F072/F067. RD-F-073 gray Oracle-manipulation-proof borrow cap Factor is borrow-cap specific (lending protocol N/A per taxonomy PD-024). The analogous risk in perps is whether per-asset OI caps are calibrated to oracle-manipulation resistance. For HyperCore-curated perps: position size limits exist but are not publicly documented (closed-source L1 config). For HIP-3 perps: no per-deployer or per-asset OI cap is described in available documentation. JELLY incident: $4.5M capital → $13.5M HLP exposure, implying the 'oracle-manipulation-proof position cap' analog was absent or insufficient for thin-market perps. Scoring gray due to factor type mismatch with borrow-cap definition; the perps-analog risk is captured under F067/F072. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) Not applicable. HLP is not an ERC-4626 vault — it is a Hyperliquid L1-native vault implemented in the closed-source L1 binary. The OpenZeppelin virtual-share offset pattern (OZ ≥ 4.9) is EVM-specific and does not apply to the L1-native architecture. Per taxonomy PD-024: ERC-4626 vault factor. RD-F-075 n/a First-depositor / share-inflation guard Not applicable. HLP is an L1-native vault, not an ERC-4626 contract. Share inflation attacks require ERC-4626 accounting patterns. Hyperliquid's HLP share pricing is determined by the closed-source L1 binary. The 4-day withdrawal lockup is a liquidity mechanism, not a share-inflation guard. Per taxonomy PD-024: first-depositor/share-inflation guard is vault-specific.
RD-F-063 green TVL (current + 30d trend) $4.73B TVL as of 2026-04-28 (DefiLlama). Breakdown: Arbitrum Bridge2 $3.26B (68.8%), Hyperliquid L1 $1.48B (31.2%). 30-day change -2.76%. Denominated almost entirely in USDC. Down from ~$6B peak but stable at a large absolute level. TVL comfortably exceeds any threshold.
Operational history Yellow 20 15 of 15
RD-F-089 red Insurance coverage active No active third-party insurance coverage found on Nexus Mutual, Sherlock, Unslashed, or equivalent for Hyperliquid. Protocol relies on self-insurance via the Hyper Foundation treasury and HLP vault reserves. TVL at assessment date: $4.73B. No external cover contract identified. This is the single red factor driving Cat 5 yellow rollup. Self-insurance is not equivalent to third-party coverage; treasury coverage of a $13.5M HLP loss is materially smaller than the $4.73B exposure. RD-F-077 yellow Prior exploit count 1 material exploit-class incident: JELLY perp manipulation (2025-03-26) caused ~$13.5M unrealized HLP vault loss; attackers extracted ~$2.76M net profit before positions were frozen. Bridge outage (Oct 2024) and API outage (Jul 2025) are operational failures, not exploits. Count = 1 exploit-class incident. Yellow (1 incident, not zero). RD-F-080 yellow Days since last exploit Last exploit-class incident: 2025-03-26 (JELLY). Days since: approximately 398 days as of 2026-04-28. Borderline at 12-month (365-day) threshold. Calling yellow conservatively: attacker extracted profit (~$2.76M) and the root-cause class (permissionless listing + thin CEX oracle coverage) is only partially mitigated. RD-F-081 yellow Post-exploit response score JELLY incident curator score 3.75/5: Compensation partial (Foundation covered HLP loss, attacker extracted ~$2.76M not recovered — 3/5); Transparency adequate (public wiki post-mortem with named root cause, but no commit diffs or code-level detail — 3/5); Root-cause depth good (attack vector understood, structural fix via margin tiers launched May 2025 — 4/5); Operational recovery strong (delist+settlement within ~2 hours — 5/5). Composite 3.75/5 = yellow (green threshold ~4.0 with full compensation and code-diff-linked post-mortem). RD-F-083 yellow Auditor re-engaged after last exploit No public evidence that Hyperliquid engaged Zellic, Cyfrin, or any other firm for a post-JELLY re-audit of HyperCore matching/clearing logic. The JELLY exploit surface is the closed-source L1 binary — not auditable by third parties. Zellic's existing audits cover Bridge2 only. No new audit engagement disclosed post-JELLY. Yellow by absence of evidence; structural L1 closure makes third-party re-audit impossible. RD-F-084 yellow TVL stability (CoV over 90d) TVL 30-day change: -2.76% per data cache fetched 2026-04-28. TVL ~$4.73B vs historical peak ~$6.0B (~21% below peak). Known JELLY incident TVL drawdown visible in recovery trend. Full 90-day daily time-series not available (DefiLlama HTML returns 403; API series not pulled in full). Coefficient of variation estimated as elevated given known-incident TVL shock. Yellow at moderate confidence — curator should verify against full 90-day series via api.llama.fi/protocol/hyperliquid. RD-F-086 yellow Pause activations (trailing 12 months) 1 emergency governance intervention in trailing 12 months (from 2026-04-28): JELLY (2025-03-26) — validators voted unanimously to delist JELLYJELLY and freeze positions. July 2025 API outage was an operational restart, not a governance emergency stop. Bridge emergency lock (Oct 2024) falls slightly outside trailing 12 months. Count = 1 emergency activation. Yellow (1 activation, not zero).
RD-F-076 green Protocol age (days) Bridge2 deployed June 2023; mainnet perps trading opened August 2023. Protocol age approximately 34 months as of 2026-04-28 — well above the 12-month A-grade floor. First DefiLlama data point is 2023-06-08.
RD-F-078 green Chronic-exploit flag (≥3 incidents) Only 1 exploit-class incident (JELLY). Chronic threshold of ≥3 exploits is not reached. Hacksdatabase grep found no Hyperliquid-primary entries.
RD-F-079 green Same-root-cause repeat exploit No repeat exploit with the same root-cause cluster. JELLY (2025-03-26) was a novel permissionless-listing + thin-liquidity oracle manipulation vector. No prior exploit of the same class on record. No same-root-cause recurrence identified.
RD-F-082 green Post-mortem published within 30 days JELLY incident occurred 2025-03-26. Post-mortem published at the official wiki page same day or within 24-48 hours — well within the 30-day threshold.
RD-F-085 green Incident response time (minutes) JELLY (2025-03-26): attack initiated ~12:53 UTC; validator consensus delist vote executed within ~2 hours (~15:00 UTC per post-mortem); first public response via X/Discord near-contemporaneous with delisting. Response time ~120-150 minutes from attack onset to first official team action. For a novel manipulation requiring L1 validator quorum coordination, sub-3-hour response is strong. Green.
RD-F-087 green Pause > 7 consecutive days No protocol-wide pause lasting >7 consecutive days in the trailing 12 months. JELLY delist resolved same day. July 2025 API outage lasted ~37 minutes. HyperEVM block halt (April 2026, ~1 hour) is out of assessment scope and was on the EVM layer, not HyperCore. Green.
RD-F-088 green Re-deployed to new addresses in last year No redeployment of Bridge2 or any other Hyperliquid EVM contract to new addresses in the trailing 12 months. Bridge2 at 0x2Df1c51E09aECF9cacB7bc98cB1742757f163dF7 remains the active bridge contract as of 2026-04-28. Announced future Arbitrum Bridge retirement in favor of native USDC minting has not been executed.
RD-F-166 green Deprecated contracts still holding value No officially-deprecated Hyperliquid contracts with residual TVL >$100K identified. Bridge2 is the active (not deprecated) bridge. The legacy pre-Bridge2 bridge was retired in mid-2023 (before the assessment window) and appears fully drained. Profile notes a future Bridge2 deprecation plan but it has not been announced as completed. Green — no deprecated surface holding material value.
Real-time signals Green 19 22 of 22
RD-F-090 yellow Mixer withdrawal → protocol interaction October–December 2024: DPRK-attributed wallets (attributed by Taylor Monahan / MetaMask security and on-chain clustering consistent with Chainalysis attribution) deposited ETH ($476,489) and traded on Hyperliquid. Attribution meets the ≥2-sources threshold. The $476k ETH deposit meets the >$100k interaction threshold. Whether these wallets had a mixer withdrawal within 30 days pre-interaction is not confirmed via public data — requires Chainalysis private feed. At April 2026 assessment date no new confirmed DPRK interaction since the December 2024 response. Signal would have fired at the December 2024 event date if live. Current posture: cleared for the specific wallets, but baseline risk remains elevated given confirmed historical interaction. RD-F-103 yellow Bridge signer-set change proposed/executed April 22, 2025: Hyperliquid expanded validator set from ~4 (Hyperliquid Labs-controlled) to 21 permissionless nodes. The hotValidatorSetHash in Bridge2 would have been updated as the active validator set changed. The Hyper Foundation announced the change via X post (@HyperFND) on April 22, 2025 — however, no formal on-chain governance proposal with a 24-hour machine-readable change-management pre-announcement was identified, which is the suppression condition under the RD-F-103 detection rule. Under strict T-09 RD-F-103 rules, this would have fired on April 22 as an unscheduled bridge signer-set change. Lockers set remains: 5 addresses, 2-of-5 threshold. At assessment date (April 28, 2026) this event is 6 days old and partially clearing. Current posture is improved (21 permissionless validators vs. prior 4-validator centralization) but the transition itself was a signal event. RD-F-105 yellow DNS/CDN/frontend hash drift hyperliquid.xyz is the official frontend domain, served via Cloudflare. No confirmed DNS/CDN compromise at the official domain during the assessment period. HOWEVER: documented fake Google Ads campaigns leading to wallet-draining scams (claim-hyperliquid[.]xyz, hyperliquid[.]life) are confirmed in 2024-2025 (Phemex reporting). These are impersonator domains, not DNS drift on the official domain — RD-F-161 is the correct signal for impersonators. The fake Google Ads ecosystem elevates risk but does not trigger RD-F-105 (official domain drift) directly. Signal baseline not established; if monitoring were live, the fake ad campaigns constitute an elevated-risk context requiring establishment of a hash baseline. Score yellow due to active impersonation ecosystem creating persistent attack surface, even though the official domain itself has not been compromised. RD-F-109 yellow Social-media impersonation scam spike DOCUMENTED ONGOING IMPERSONATION CAMPAIGN. Fake Google Ads for 'Hyperliquid' appearing at top of search results (Phemex reporting, 2025). Multiple impersonation domains confirmed: claim-hyperliquid[.]xyz, hyperliquid[.]life. Fake 'HYPE airdrop' campaigns active since November 2024 HYPE token launch. PCRisk documented multiple removal guides for Hyperliquid scams. EnigmaSoftware documented wallet-draining fake sites. The impersonation ecosystem is active and ongoing as of assessment date 2026-04-28. Signal would fire today under RD-F-109 rules (sharp uptick in impersonation accounts and fake airdrop campaigns). RD-F-091 gray Partial-drain test transactions The DPRK October–December 2024 trading activity (small-value ETH positions, total ~$476k) is semantically consistent with test-transaction reconnaissance patterns but these were actual trading positions, not direct partial-drain contract interactions with Bridge2. No documented small-value withdrawal probes from Bridge2 that fit the strict partial-drain definition. Signal does not fire under the strict threshold definition. Gray — not applicable under current evidence. RD-F-092 gray Unusual mempool pattern from deployer wallet Bridge2 deployer address 0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc cannot be directly monitored via public Arbiscan (403 on direct fetch). L1 deployer has no EVM deployer EOA (L1 is a closed-source native binary). No unusual mempool pattern documented for the Bridge2 deployer. Structurally gray for the L1 surface; Bridge2 deployer activity not confirmed as anomalous. RD-F-093 gray Abnormal gas-price willingness from attacker wallet DPRK-attributed wallets used standard gas prices during their October–December 2024 Hyperliquid trading activity. Activity was exploratory reconnaissance (position testing), not a MEV-race or priority-fee-escalating exploit attempt. No 5× EMA priority-fee spike from attacker wallets documented. Signal does not fire. RD-F-094 gray New contract with similar bytecode to exploit template No contracts with Bridge2 bytecode similarity deployed by suspicious addresses identified in available public data. The JELLY attack (March 26, 2025) used a CEX market-price manipulation approach, not a contract-deployment exploit. No selector-pattern exploit contracts targeting Hyperliquid identified. Signal does not fire. RD-F-095 gray Known-exploit function-selector replay No known-exploit-replay call-pattern documented for Bridge2. The JELLY incident (March 2025) exploited liquidation mechanics via CEX market-price manipulation on Bybit, not a specific function-selector replay against Bridge2 or any EVM contract. Signal does not apply. RD-F-096 gray New ERC-20 approval to unverified contract from whale Not applicable to Hyperliquid's interaction model. Users deposit USDC to Bridge2 via USDC.permit — interaction is with verified USDC ERC20 (0xaf88d065e77c8cC2239327C5EDb3A432268e5831) and verified Bridge2 (0x2Df1c51E09aECF9cacB7bc98cB1742757f163dF7). No approval to unverified contract in the Bridge2 deposit flow. Structural non-applicability. RD-F-097 gray Sybil surge of identical-pattern transactions The JELLY incident (March 26, 2025) involved coordinated actions on Bybit CEX external to Hyperliquid smart contracts, not a sybil surge of identical-pattern transactions on Bridge2 or HyperCore EVM contracts. No sybil surge pattern documented for Bridge2 or L1 interactions. Signal does not fire. RD-F-099 gray Oracle price deviation >X% from secondary Hyperliquid uses a fully custom internal L1 oracle: stake-weighted median of 8 CEX spot feeds (Binance weight-3, OKX weight-2, Bybit weight-2, Kraken weight-1, Kucoin weight-1, Gate IO weight-1, MEXC weight-1, Hyperliquid spot weight-1). Oracle is embedded in the closed-source L1 binary — no on-chain EVM oracle contract exists to monitor for deviation. Bridge2 does not use any oracle. The JELLY incident (March 2025) demonstrated real oracle-path vulnerability via CEX price manipulation (Bybit weight-2 manipulated), but the EVM-side oracle deviation signal infrastructure is structurally non-applicable to this L1-native oracle. Structural gray: signal cannot be wired to HyperCore oracle via EVM tooling. RD-F-100 gray Flash loan >$10M targeting protocol tokens Hyperliquid's primary risk surface (HyperCore) is a native L1 binary with no EVM contracts exposing lending markets, oracle contracts, or a governor contract that can be interacted with via EVM flash loans. Bridge2 has no oracle and no lending market. The JELLY attack used CEX market manipulation, not EVM flash loans. Structural non-applicability: flash loans cannot reach the HyperCore clearing engine or oracle module via Arbitrum. No flash-loan interaction with Bridge2 documented. RD-F-101 gray Large governance proposal queued Hyperliquid has no on-chain Governor contract and no Snapshot space. HIPs are voted via stake-weighted validator declarations, not EVM on-chain events that can be monitored for flagged-pattern proposals. The Hyper Foundation multisig controls Bridge2 proxy admin with no timelock and no queued proposals. No flagged governance proposals identified. Applicable only to Bridge2 admin multisig (for direct admin-key change proposals), but no such proposals are queued. Last documented HIP proposals: HIP-1, HIP-2, HIP-3 (historical). HYPE burn proposal (December 2025) did not involve admin-key changes. RD-F-102 gray Admin/upgrade transaction in mempool Bridge2 proxy admin address is not publicly disclosed (safe_api_gap: true in data cache). This prevents enumeration of the admin key set required for live signal detection. L1 software upgrades are distributed as closed-source binary releases outside the EVM mempool. No admin upgrade txs detected in available public data. Gray: undisclosed admin address makes live monitoring impossible for Bridge2. If the admin address were known (retrievable via eth_getStorageAt on Bridge2 at slot 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 on Arbitrum), the signal would be applicable to Bridge2. Curator gap flagged. RD-F-106 gray Cross-chain bridge unverified mint pattern Bridge2 uses validator-quorum signed attestations (>2/3 stake-weighted) for both deposits and withdrawals — this is a validator-threshold signature model, not a mint-without-proof architecture. The Bridge2.sol contract enforces hotValidatorSetHash validation before crediting withdrawals. No unverified mint pattern documented. Structural non-applicability: Bridge2 design does not expose the mint-without-proof attack surface. RD-F-107 gray Admin EOA signing from new geography/device Off-chain signal requiring signing telemetry. Bridge2 admin multisig address is undisclosed (safe_api_gap: true). Not assessable via public OSINT — requires proprietary MPC or session-key telemetry. Gap flagged for curator. Would fire on new-geography signing from admin EOA, but admin address is unknown, making detection impossible from public data. RD-F-108 gray GitHub force-push to sensitive branch GitHub org: github.com/hyperliquid-dex. Contracts repo (Bridge2.sol) is the auditable surface. L1 node software (node repo) is closed-source binary releases. Python SDK shows last commit 2026-04-14. SECURITY.md is present in the GitHub org. No force-push or suspicious branch activity documented in available public data. Signal does not fire today. RD-F-110 gray Unusual pending/executed proposal ratio No on-chain Governor contract. No Snapshot space. HIPs (HIP-1, HIP-2, HIP-3) are the only documented governance proposals and were voted via stake-weighted validator declarations. No pending/executed governance proposal ratio baseline can be computed. Structural non-applicability: the signal requires a Governor contract or Snapshot space with trackable proposal states.
RD-F-098 green TVL anomaly — % drop in <1h TVL at 2026-05-07: ~$5.0B combined (Arbitrum Bridge2 ~$3.58B + Hyperliquid L1 ~$1.43B). 30-day change: ~-15% (peak ~$5.97B Feb 2025; ~$4.23B 30 days prior; ~$3.58B Arbitrum leg now). Threshold: TVL_now / TVL_baseline_30d < 0.70 in 60-minute trailing window. Observed 30-day delta of -15% is well above the -30% threshold; no rapid intra-hour drop documented. Signal would not fire today. The December 2024 DPRK-triggered $60M+ USDC outflow (~1.3% of then-TVL) would not have met the 30% threshold. Signal is applicable and wired for Bridge2 TVL ($3.58B on Arbitrum) and L1 TVL ($1.43B).
RD-F-104 green Stablecoin depeg >2% on shared-LP venue USDC is the primary asset in Bridge2 (~$3.58B as of 2026-05-07 — ~71% of total combined protocol TVL of $5.0B; Arbitrum leg only). Protocol exposure to USDC is effectively 100% of Bridge2 TVL, far exceeding the 5% TVL threshold. USDC is trading at peg as of 2026-05-07. Threshold: |price_now - peg| / peg > 0.02 on >=2 venues, sustained >=30 min, AND protocol exposure >=5% TVL. Current state: USDC at peg, threshold not breached. Signal would fire immediately on any USDC depeg >2% given Bridge2's near-100% USDC exposure.
RD-F-182 green Security-Council threshold reduction (RT) Bridge2 Lockers set: 5 addresses, 2-of-5 threshold (per Bridge2 architecture documentation and Bridge2.sol). The changeLockerThreshold() function requires cold wallet quorum to execute. No documented locker threshold reduction or locker removal in the assessment period. The April 2025 validator set expansion was a signer-ADDITION (from ~4 to 21 permissionless nodes) — a positive decentralization direction — which is monitored under RD-F-103 (signer set change), not F182 (threshold reduction). No F182-type Security Council threshold reduction is documented. Current 2-of-5 locker threshold appears stable. Signal would fire if changeLockerThreshold() is called without pre-announcement.
Dev identity & insider risk Green 7 16 of 16
RD-F-112 yellow Team public accountability surface Jeff Yan has extensive public accountability surface: LinkedIn (HRT employment 2017–2022), Harvard alumni corroboration, multiple identified podcast appearances (Flirting with Models S6E2, 0xResearch, Bell Curve, When Shift Happens), Fortune cover profile, CoinDesk recognition. iliensinc: X handle only, no independent professional footprint outside Hyperliquid. Remaining ~9 team members unnamed in any public channel. Yellow: leading co-founder well-attested but co-founder 2 and rest of team have minimal or zero independent public accountability surface. RD-F-121 yellow Contributor OSINT depth score Curator OSINT depth score: Jeff Yan = 5/5 (LinkedIn with HRT tenure, Harvard record, conference/podcast presence, Fortune cover, CoinDesk recognition). iliensinc = 2/5 (X presence, core contributors page, no independent professional footprint). Other ~9 team members = 0/5 (unnamed). Aggregate team depth is moderate: CEO-level is excellent but co-founder-2 and remaining team lack independent OSINT trails. Yellow reflects partial team coverage. RD-F-123 yellow Sudden admin-rescue/ACL change without discussion Contracts repo has 0 closed PRs and 25 commits (all 2023, all by 'jeff' or 'traderben'). No sudden admin-rescue or ACL change event documented in public on-chain or GitHub record post-deploy. However, the Bridge2 proxy admin (Hyper Foundation multisig) controls the upgrade path without any formal governance discussion process, undisclosed signer set, and no timelock. The upgrade authority is held opaquely. Yellow assigned for structural opacity in the upgrade/admin path rather than evidence of a specific undiscussed ACL change event. RD-F-117 gray ENS/NameStone identity bound to deployer No ENS or NameStone name found bound to deployer 0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc. Hyperliquid uses a .hl naming system on HyperEVM (separate from Ethereum ENS). No public claim that any ENS name is bound to any Hyperliquid team wallet. Factor not applicable in the typical sense for this protocol.
RD-F-111 green Team doxx status Jeff Yan is fully doxxed: real name, LinkedIn profile (https://www.linkedin.com/in/jeffrey-yan-a8862871/), Harvard math/CS alumni record, prior HRT employment documented, Fortune cover profile Jan 2026, CoinDesk Most Influential Dec 2025, multiple named podcast interviews. iliensinc operates as a consistent pseudonym with established track record — Harvard classmate identity corroborated, long-standing Hyperliquid contributor since 2022 genesis. Remaining ~9 team members are unnamed. Categorical rating: Jeff Yan = real-name; iliensinc = consistent-pseudonym-with-track-record; rest = pseudonym-no-individual-track-record (team-level). Aggregate lands green given the leading co-founder's high doxx level and the corroborated pseudonymous co-founder.
RD-F-113 green Team other-protocol involvement history Jeff Yan's only prior protocol involvement is Deaux (blockchain prediction market, co-founded 2018 at Binance Labs incubator; failed due to regulatory uncertainty and low adoption — legitimate failure, not exit scam). Chameleon Trading was a prop trading firm, not a DeFi protocol. No prior rug or exploit affiliation for any identified team member. iliensinc has no other documented protocol involvement.
RD-F-114 green Deployer address prior on-chain history Deployer address 0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc has normal dev history: all identified on-chain interactions are Hyperliquid-related contract deployments (Bridge2 proxy). No linked-to-prior-rug classification. No Chainalysis/Arkham rug-deployer label found in public sources. Codeslaw confirms this address as Bridge2 deployer.
RD-F-115 green Prior rug/exit-scam affiliation No identified Hyperliquid team member is linked to a prior rug or exit-scam protocol. HyperVault rug (September 2025, ~$3.6M drained, 752 ETH to Tornado Cash) was a third-party project deployed on Hyperliquid's chain by unrelated developers — confirmed separate team that falsely claimed Spearbit/Pashov/Code4rena audits. Jeff Yan's prior ventures (Deaux, Chameleon Trading) are documented as legitimate. No rug affiliations in hacksdatabase or REKT news for Hyperliquid team.
RD-F-116 green Contributor tenure at admin-permissioned PR Contracts repo (hyperliquid-dex/contracts) has 25 commits authored by 'jeff' (since initial commit 2023-03-09) and 'traderben' (audit fix commits Jul 2023). Jeff has been committing since genesis, conferring longest possible tenure. No external short-tenure contributor was granted admin-permissioned commit rights. Repo has 0 closed PRs — all changes were direct pushes by known contributors.
RD-F-118 green Handle reuse across failed/rugged projects Jeff Yan's @chameleon_jeff handle is documented as derived from 'Chameleon' (his HFT trading firm Chameleon Trading). Stable and consistent. iliensinc is a stable pseudonym documented since at least 2022 project genesis. No evidence of handle reuse from a prior rugged or failed fraudulent project for either co-founder.
RD-F-119 green Commit timezone consistent with stated geography Commits in hyperliquid-dex/contracts span 2023-03 to 2023-11, all by 'jeff'. Jeff Yan is publicly documented as US-based (Puerto Rico initially, then relocated per Fortune profile). No timezone anomaly flagged by any researcher in the December 2024 DPRK security review period. Low confidence due to inability to access JS-rendered GitHub contributor graph for raw timestamp analysis. No DPRK commit-pattern alert surfaced by security community reviewing Hyperliquid in Dec 2024.
RD-F-120 green Video-off/voice-consistency flag Jeff Yan has participated in multiple on-camera and audio interviews: Fortune profile with photo (Jan 2026), Bell Curve podcast, 0xResearch podcast, When Shift Happens podcast (named, audio), Flirting with Models podcast. No video-off concerns or voice/timezone inconsistency claims published by interviewers or community. iliensinc maintains consistent pseudonymity and has never given public interviews — deliberate brand positioning consistent with co-founder style, not a suspicious pattern.
RD-F-122 green Contributor paid to DPRK-cluster wallet No evidence that protocol contributor payments route through DPRK-proximate wallets. No researcher has identified a team-wallet-to-DPRK hop chain. DPRK wallets that traded on Hyperliquid in December 2024 were acting as external users/traders — not as recipients of team compensation. Taylor Monahan's Dec 2024 concern was about operational security vulnerability (centralized validator set susceptible to social engineering), not a payment-routing chain claim.
RD-F-124 green Deployer wallet mixer-funded within 30 days No Tornado Cash, Railgun, or equivalent mixer interaction found for deployer 0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc within 30 days pre-deploy or in any available public on-chain record. Protocol self-funded from Chameleon Trading profits per Jeff Yan's publicly documented statements across multiple press pieces. No security researcher has flagged mixer proximity for this deployer address. Evidence gap: first-funding-hop programmatic trace not available (Arbiscan 403); inference based on absence of published mixer-proximity claims and self-funding narrative.
RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus DPRK-associated addresses traded on Hyperliquid as EXTERNAL USERS in December 2024 (~$70M+ activity, ~$700K losses per security research). No 3-hop on-chain path from deployer (0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc) or Hyper Foundation multisig to any DPRK/Lazarus-labeled cluster identified by any researcher. Taylor Monahan's Dec 2024 security warning concerned Hyperliquid's centralized validator architecture as a social-engineering vulnerability — explicitly NOT a chain-proximity claim against team wallets. Hyperliquid responded by adding blockchain analytics screening. No OFAC SDN proximity or Chainalysis DPRK-cluster proximity for team-controlled addresses has been published. Rubric F-override NOT triggered.
RD-F-184 green Real-capital social-engineering persona No curator-flagged social-engineering persona with >=1M attributed real-capital deposits identified for Hyperliquid. The DPRK trading activity in December 2024 (~$70M+ in/out) was characterized by researchers as reconnaissance/platform familiarization by external state-actor wallets, not an insider persona-building operation matching the F184 definition (team contributor or external integrator with deliberate credibility-building capital). No Drift-Protocol-UNC4736-class (6-month conference in-person infiltration) pattern found. Low-confidence assessment due to M-curation requirement; curator should review if any later intelligence identifies a persona-building campaign targeting Hyperliquid team specifically.
Fork / dependency lineage Green 0 10 of 10
RD-F-126 n/a Is-a-fork-of Hyperliquid is not a fork of any upstream protocol. Bridge2 is original code; HyperCore L1 is a fully custom implementation. Profile §5 explicitly states 'Not forked / original.' RD-F-127 n/a Upstream patch not merged Not applicable — no upstream fork relationship exists. No upstream to publish patches. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) Not applicable — no upstream fork relationship exists. No upstream disclosure could affect this protocol via fork lineage. RD-F-129 n/a Code divergence from upstream (%) Not applicable — no upstream fork relationship. Divergence is 100% from any upstream because the protocol is an original implementation. RD-F-130 n/a Fork depth (generations from original audit) Not applicable — no upstream fork relationship. Fork depth = 0 (original implementation). HyperBFT is inspired by HotStuff but is not a code fork. RD-F-131 n/a Fork retains upstream audit coverage Not applicable — no upstream fork relationship. Audit coverage assessed independently under Cat 1. RD-F-132 n/a Fork has different economic parameters than upstream Not applicable — no upstream fork relationship. Economic parameter divergence from an upstream audit is not measurable because there is no upstream. RD-F-133 gray Dependency manifest uses unpinned versions Bridge2.sol imports OpenZeppelin contracts but the hyperliquid-dex/contracts repo contains no foundry.toml, package.json, or package-lock.json (data-cache foundry_toml_present: false, package_json_present: false). The specific OZ version pinned cannot be determined without a manifest file. Dependency management may be handled non-standardly. RD-F-135 gray Shared-library version with known-vuln status Bridge2 uses OpenZeppelin contracts but the exact OZ version cannot be determined (no manifest file). The use of 'draft-ERC20Permit' import suggests an OZ version from the 2021–2022 era (draft-ERC20Permit was later promoted to non-draft in OZ 4.9+). Earlier OZ versions may carry advisory-level issues. Without a confirmed version, a definitive assessment is not possible.
RD-F-134 green Dependency had malicious-release incident (last 90d) No security advisory flagging a malicious release in OpenZeppelin, SafeERC20, or other Bridge2 dependencies in the last 90 days (through 2026-04-28). No npm/crates.io malicious-release incident involving Bridge2's dependency set detected.
Post-deploy hygiene & change mgmt Yellow 29 13 of 13
RD-F-139 red Post-audit code changes without re-audit CRITICAL: L1 HyperCore binary is closed-source and has never been independently audited — every post-launch update is unaudited by construction. For Bridge2: last audit was Zellic November 2023. Proxy admin can replace implementation without triggering new audit; post-audit implementation changes confirmed in 2023. No audit since November 2023 (~29 months ago). Nov 2023 Zellic report explicitly excluded off-chain components, front-end, infrastructure, key custody. RD-F-136 yellow Deployed bytecode matches signed release tag Bridge2 source is on GitHub (verified on Arbiscan) but no signed release tags exist for Bridge2.sol — repository uses master-branch model without tagged releases. Bytecode-to-commit matching not verifiable without signed release tags. L1 binary is closed-source — no reproducibility possible. RD-F-138 yellow Hot-patch deploys without timelock (last 30 days) No timelock exists on Bridge2 upgrades (F032 red). Any upgrade executed in last 30 days would by definition be without a declared timelock path. Exact upgrade count in last 30 days not accessible (Arbiscan 403). L1 continuous hot-patch model implied by closed-source operations. RD-F-142 yellow Storage-layout collision risk across upgrades Bridge2 uses AdminUpgradeabilityProxy (OZ pattern). No OZ upgrades plugin storage-layout check artifact publicly available. Foundation can upgrade implementation unilaterally — if a storage-layout change is introduced, state corruption risk exists. Structural to the upgrade model; not confirmed as exploited. RD-F-145 yellow Deployed bytecode reproducibility Bridge2 source on GitHub and verified on Arbiscan — reproducible for EVM component in principle. However, proxy pattern means future implementations deployed by Foundation admin may not be publicly committed to repo first. L1 binary: not reproducible (closed-source). RD-F-137 gray Upgrade frequency (per 90 days) No on-chain Upgraded event log accessible (Arbiscan 403 during session). Post-audit implementation replacements confirmed in 2023 per Medium analysis. Exact upgrade count over last 90 days not determined. L1 binary updated continuously (closed-source, no version tracking). RD-F-143 gray Reinitializable implementation (no _disableInitializers) Bridge2 uses constructor-based initialization (not OZ initializer modifier) — _disableInitializers() pattern is not directly applicable. Proxy admin can replace implementation at any time; future implementations' initializer safety is unknowable without reviewing each deployed implementation. L1 binary: closed-source. Gray is the honest assessment for this architecture. RD-F-144 n/a CREATE2 factory permits same-address redeploy Bridge2 is a standard deployment (not CREATE2). No evidence of CREATE2 factory in Hyperliquid's EVM contracts. RD-F-146 gray New contract deploys in last 30 days HyperEVM (out of scope) has continuous new deploys. For core Bridge2 surface: no specific new deploy event in last 30 days confirmed (Arbiscan 403). Proxy upgrade mechanism creates latent new-deploy risk at any time without public notification. RD-F-168 n/a Stale-approval exposure on deprecated router No deprecated router identified for Bridge2. The bridge is a single-contract USDC transfer model — no router approval pattern exists. Not applicable.
RD-F-140 green Fix-merged-but-not-deployed gap Zellic August 2023 findings (incorrect finalization checks, signature reuse, unchecked USDC transferFrom) were fixed and verified in Zellic November 2023 patch review. No known open fix-merged-but-not-deployed gap as of Nov 2023. Post-Nov 2023 visibility is absent (no audit).
RD-F-141 green Test-mode parameters in deploy No evidence of test-mode params in Bridge2. Cyfrin March 2023 audit and Zellic August 2023 audit both reviewed the contract; no test-mode findings reported in either audit summary.
RD-F-185 green Bridge rate-limiter / chain-pause as positive mitigant POSITIVE MITIGANT: Bridge2 Lockers (2-of-5) can pause the entire bridge. L1 validators can execute emergency actions in ~2 minutes (JELLY demonstrated). disputePeriodSeconds creates withdrawal challenge window. October 2024 bridge outage confirmed emergency lock functioned correctly (bridge locked, funds safe, unlocked post-diagnostic). No graduated per-window outflow rate-limiter - Lockers pause entirely. Significant positive mitigant for mass-drain scenarios at ~$3.58B Arbitrum Bridge2 TVL (2026-05-07).
Cross-chain & bridge Green 18 12 of 12
RD-F-148 yellow Bridge validator count (M) 21 validators as of April 22, 2025 (21 permissionless nodes). Prior to April 2025: only 4 validators (Hyperliquid Labs-operated). Historical 4-validator concentration was primary DPRK attack surface concern (December 2024). Current 21-node set is a material improvement but modest by standards for a $3.26B bridge. Stake-weight distribution across validators is not publicly disclosed. RD-F-149 yellow Bridge validator threshold (k-of-M) >2/3 stake-weighted quorum required for withdrawal finalization and validator set updates. With 21 validators, nominally >14 validators needed. For deposits: same threshold for L1 credit. Emergency unlock requires cold-wallet >2/3 quorum. Threshold structure is sound (BFT standard) but stake-weight distribution is unknown — a small number of high-stake validators (potentially still Hyperliquid Labs affiliated) could constitute the quorum, making effective threshold less than the nominal validator count implies. RD-F-150 yellow Bridge validator co-hosting Unknown — validator infrastructure details not publicly disclosed. Prior 4 validators were Hyperliquid Labs-operated (same entity, effectively co-hosted). For current 21-validator set: no public ASN/infrastructure data available. Cannot determine if former Hyperliquid Labs validators still hold dominant stake. Yellow (unknown/unverifiable) rather than green. RD-F-155 yellow Bridge validator-set rotation recency Major structural change April 22, 2025: 4 Hyperliquid-Labs-only validators expanded to 21 permissionless nodes (~6 months ago as of assessment). Most recent major rotation confirmed. However: (a) stake-weight distribution within 21-node set not publicly disclosed — Hyperliquid Labs may retain dominant stake; (b) 2-phase rotation with dispute period is well-designed. Gap in stake-weight transparency prevents green. RD-F-156 yellow Bridge uses same key custody for >30% validators Unknown — validator key custody practices not publicly disclosed. Prior 4 validators were all Hyperliquid Labs-operated (100% same custodian). For current 21-node set: custody distribution unknown. 10,000 HYPE self-delegation minimum required but custody details not published. Cannot confirm <30% shared custody threshold; yellow on opacity. RD-F-157 yellow Bridge TVL per validator ratio Bridge2 holds ~$3.58B USDC (Arbitrum TVL, 2026-05-07). With 21 validators: ~$170M per validator. Requires >1/3 stake-weighted compromise to breach bridge security. At DPRK-era 4-validator configuration: ~$815M+ per validator (historical anchor). Elevated TVL/validator ratio remains structurally elevated for a bridge at this scale. Positive: absolute validator count grew from 4 to 21 in April 2025. RD-F-179 gray LayerZero OFT DVN config (count, threshold, diversity) Not applicable — Bridge2 does not use LayerZero OFT or any LayerZero infrastructure. F179 is defined for 'LayerZero OFT adapter' configurations specifically. data-cache confirms layerzero.present: false. Bridge2 uses a custom validator-signed architecture with no LayerZero dependency.
RD-F-147 green Protocol has bridge surface Yes — Bridge2 at 0x2Df1c51E09aECF9cacB7bc98cB1742757f163dF7 on Arbitrum One is the sole official cross-chain bridge for USDC deposits/withdrawals between Arbitrum and Hyperliquid L1. Holds $3.26B USDC per DefiLlama 2026-04-28. Bridge surface confirmed.
RD-F-151 green Bridge ecrecover checks result ≠ address(0) CONFIRMED GREEN. Signature.sol (imported by Bridge2) contains explicit check: require(signerRecovered != address(0), 'Invalid signature, recovered the zero address'). Zero-address signatures cause revert. Wormhole-class ecrecover bypass is not possible in this implementation.
RD-F-152 green Bridge binds message to srcChainId Domain separator in Signature.sol includes block.chainid: abi.encode(EIP712_DOMAIN_SEPARATOR, keccak256(bytes('Exchange')), keccak256(bytes('1')), block.chainid, VERIFYING_CONTRACT). Messages are EIP-712 typed and chain-bound. Cross-chain replay of Bridge2 messages is not possible.
RD-F-153 green Bridge tracks nonce-consumed mapping Bridge2 maintains mapping(bytes32 => bool) public usedMessages with checkMessageNotUsed() enforcing single-use for validator set updates, locker/finalizer modifications, parameter changes, and emergency unlocks. Withdrawal requests use message-hash uniqueness. No replay possible. Confirmed in Zellic re-audit November 2023.
RD-F-154 green Default bytes32(0) acceptable as valid root Not applicable — Bridge2 does not use a Merkle root inbox pattern. Validation uses EIP-712 typed-data signatures with validator quorum verification, not a Merkle accumulator. The bytes32(0)-valid-root vulnerability class (Nomad $190M pattern) does not apply to this signature-based architecture. Green by architectural non-applicability.
Threat intelligence & recon Red 56 8 of 8
RD-F-161 red Protocol-impersonator domain registered (typosquat) CONFIRMED ACTIVE IMPERSONATION CAMPAIGN. Multiple impersonator domains documented and confirmed active: claim-hyperliquid[.]xyz (wallet-draining fake airdrop site, PCRisk removal guide 2024-2025), hyperliquid[.]life (closely mimicking hyperliquid.xyz, PCRisk documented), fake Google Ads campaigns serving malicious sites for 'Hyperliquid' search term (Phemex reporting), and multiple removal guides published by anti-malware firms (PCRisk, EnigmaSoftware) indicating a sustained campaign. Official domain: hyperliquid.xyz and app.hyperliquid.xyz. Registration dates within last 90 days not confirmed via WHOIS (DomainTools API not available in OSINT scope — structural data gap), but ongoing active campaigns with live scam activity are sufficient to score red at curator confidence. The HYPE token launch (November 2024) created sustained incentive for fake airdrop domains that remains active. RD-F-158 yellow Known-threat-actor cluster has touched protocol December 23, 2024: DPRK-attributed addresses (Lazarus Group affiliate per MetaMask security researcher Taylor Monahan, cross-referenced with on-chain analysis) deposited ETH ($476,489) and actively traded on Hyperliquid. DPRK wallets accrued ~$700k in trading losses. The cluster had touched the protocol as early as October 2024 per Monahan documentation. Hyperliquid Labs denied any exploit but did not deny the addresses were DPRK-linked. $60M+ USDC left the platform in community response. Protocol deployed screening tooling in response. At assessment date April 2026: last confirmed interaction is December 2024, beyond the 30-day window. Score yellow (not green): confirmed historical DPRK interaction permanently elevates the baseline risk for this protocol, and Hyperliquid remains one of the highest-value perps targets in DeFi at $4.73B TVL. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols The DPRK October-to-December 2024 activity aligns with the USPD 78-day reconnaissance baseline. Taylor Monahan documented DPRK activity beginning in October 2024, approximately 60–78 days before the December 23, 2024 public disclosure. Trading losses (~$700k) are consistent with reconnaissance-phase mechanics testing: position sizing, liquidation mechanics, withdrawal timing. The JELLY incident (March 26, 2025) is a separate event — attacker manipulated Bybit CEX pricing to drive HLP vault losses — providing the attacker community with a proof-of-concept for oracle manipulation via CEX price feeds. Reconnaissance time for similar L1 perps exchanges: 30–90 days per hack database cluster data. Yellow: the December 2024 DPRK reconnaissance timeline passed without a confirmed strike, but the protocol class reconnaissance baseline remains relevant, and the JELLY attack pathway is the most realistic near-term attack template. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Hyperliquid's core contracts (HyperCore) are L1-native binary — no EVM contracts are exposed on Ethereum or Arbitrum for mempool probing via failing/low-gas transactions. Bridge2 on Arbitrum could theoretically be probed, but no failing-transaction pattern from DPRK-attributed wallets targeting Bridge2 specifically is documented in public sources. The DPRK trading activity was on-platform (L1 positions), not Bridge2 contract probes. Structural non-applicability to L1 surface; Bridge2 mempool probes not documented. RD-F-160 gray GitHub malicious-dependency incident touching protocol deps Hyperliquid's auditable surface (Bridge2.sol) uses OpenZeppelin AdminUpgradeabilityProxy — a well-maintained, actively monitored library. The L1 node software uses a closed-source binary; dependency audit is not possible. Python SDK (hyperliquid-python-sdk) is a user-facing tool, not a protocol security-critical dependency. No GitHub security advisories flagging malicious dependencies in hyperliquid-dex org repos identified as of assessment date. Signal does not fire. RD-F-162 gray Known-exploit-template selector deployed by any address No contracts matching a known Hyperliquid-exploit template (Bridge2 selector patterns) deployed by suspicious addresses identified in available public data. The JELLY incident (March 2025) was an economic/oracle manipulation attack via CEX pricing, not a contract-deployment exploit. No selector-pattern exploit contracts targeting Bridge2 identified. Signal does not fire. RD-F-164 gray Leaked credential on paste/sentry site Not assessable via public OSINT alone. Requires DLP/paste monitoring tools (Pastebin, GitHub secret scan, Sentry error logs). No confirmed public credential leaks referencing Hyperliquid protocol infrastructure endpoints or keys documented in available public sources. Structural data gap flagged for curator — no paste/credential monitoring infrastructure in public OSINT scope. RD-F-165 gray Protocol social channel has scam-coordinator flag Hyperliquid's official Discord (discord.gg/hyperliquid) and X (@HyperliquidX) are the primary channels. The extensive fake-airdrop scam ecosystem operates largely through hijacked social accounts and Google Ads, not through infiltration of the official Discord or Telegram. No specific documentation of the official Discord being compromised by a scam-coordinator-watchlist-listed actor. Fake social activity operates externally from official channels. Signal does not fire under the strict threshold (official channel admin flagged on curator scam-coordinator watchlist).
Tooling / compiler / AI Green 8 5 of 5
RD-F-170 yellow Solc version used (known-bug versions flagged) Bridge2.sol declares pragma solidity ^0.8.9. The ^ range pragma means the actual compiled version was selected by the build toolchain and could be anywhere from 0.8.9 to the latest 0.8.x at time of compilation. Arbiscan returned 403 during assessment — exact compiled version unconfirmed. Solidity 0.8.28–0.8.33 contains a high-severity TransientStorageClearingHelperCollision bug; Bridge2 does NOT use transient storage (no TSTORE/TLOAD), so this known bug is not applicable. Most critical known bugs in 0.8.9+ range are not applicable to Bridge2's simple storage pattern, but the exact version is not confirmed. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Not applicable. Bridge2 is an original design, not a copy of any audited protocol. No bytecode similarity analysis against upstream is relevant. Profile §5 confirms original implementation.
RD-F-172 green Repo shows AI-tool co-authorship in critical files No AI-tool co-authorship (Co-authored-by: github-actions[bot] or similar) found in the Bridge2 commit history. All 24 commits appear to be from human authors addressing specific finding numbers or making functional changes. The repo is small and commit messages are highly specific.
RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure (blog, tweet, docs, forum) from Hyperliquid Labs or Hyper Foundation mentioning AI-generated Solidity in Bridge2 or any security-critical code path. Web search found no such disclosure.
RD-F-174 green Dependency tree uses EOL Solidity version Pragma ^0.8.9 is not an EOL version — 0.8.x is the current maintained series and 0.8.9+ is within active maintenance scope. No EOL version usage in Bridge2 or its OZ dependencies.
Response & disclosure hygiene Green 8 4 of 4
RD-F-176 yellow Disclosure SLA public The bug bounty program does not publish a defined acknowledgment SLA (e.g., 72-hour ack). Program page specifies payout tiers and scope but makes no commitment about response time windows. Disclosure channel exists (green F175) but SLA is absent — yellow.
RD-F-175 green Disclosure channel exists Self-hosted bug bounty program exists at https://hyperliquid.gitbook.io/hyperliquid-docs/bug-bounty-program with dedicated submission email (bugbounty@hyperfoundation.org). Program is publicly documented with payout tiers: Critical up to 1M USDC, High up to 50K USDC, Medium up to 10K USDC. Not on Immunefi or Cantina, but a functional public disclosure channel exists. Floor requirement met.
RD-F-177 green Prior known-ignored disclosure No evidence found in post-mortems or public reporting that a disclosed vulnerability was ignored before being exploited. The JELLY attack was a novel economic attack vector, not a previously-disclosed-then-ignored bug. The DPRK flag (Dec 2024) was an external researcher alert that Hyperliquid Labs acted on by deploying screening tooling. No pattern of ignored disclosures identified.
RD-F-178 green CVE/GHSA advisory issued against protocol No CVE, GHSA, or equivalent public advisory found against Hyperliquid. Searched CVE database and GitHub Security Advisories; no entries found for hyperliquid-dex or related packages. Green — no public advisory issued against this protocol.
rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol hyperliquid