dHEDGE-logo

dHEDGE

dHEDGE is a one-stop location for managing investment activities on the blockchain where you can put your capital to work in different strategies based on a transparent track record. Multi-chain, non-custodial, decentralized asset management integrated with multiple protocols; allowing for trades, providing liquidity and yield farming.

Polygon
Defi
Asset Management
Solidity
Maximum Bounty
$50,000
Live Since
09 November 2021
Last Updated
04 December 2024
  • PoC required

Select the category you'd like to explore

Assets in Scope

Target
Type
Smart Contract - Pool Factory Proxy
Added on
12 February 2022
Target
Type
Smart Contract - Governance
Added on
12 February 2022

Impacts in Scope

Severity
Critical
Title

Permanent loss or freezing of funds

Severity
High
Title

Permanent loss or freezing of funds $10m+ (Possible)

Severity
High
Title

Permanent loss or freezing of funds $100k+ (Very Likely)

Severity
Medium
Title

Permanent loss or freezing of funds $10m+ (Very Unlikely)

Severity
Medium
Title

Permanent loss or freezing of funds $1m+ (Unlikely)

Severity
Medium
Title

Permanent loss or freezing of funds $100k+ (Possible)

Severity
Medium
Title

Temporary freezing of funds (Very Likely)

Severity
Medium
Title

Loss of yield (Very Likely)

Severity
Medium
Title

Miner-extractable value (MEV)

Severity
Medium
Title

Unable to call smart contract

Severity
Low
Title

Permanent loss or freezing of funds $1m+ (Very Unlikely)

Severity
Low
Title

Permanent loss or freezing of funds $100k+ (Unlikely)

Out of scope

Program's Out of Scope information
  • Attacks by privileged manager accounts which relate to poor trading practices or slippage.
  • Best practice critiques
Default Out of Scope and rules

Smart Contract specific

  • Incorrect data supplied by third party oracles
    • Not to exclude oracle manipulation/flash loan attacks
  • Impacts requiring basic economic and governance attacks (e.g. 51% attack)
  • Lack of liquidity impacts
  • Impacts from Sybil attacks
  • Impacts involving centralization risks

All categories

  • Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
  • Impacts caused by attacks requiring access to leaked keys/credentials
  • Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
  • Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
  • Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
  • Best practice recommendations
  • Feature requests
  • Impacts on test files and configuration files unless stated otherwise in the bug bounty program
  • Impacts requiring phishing or other social engineering attacks against project's employees and/or customers
Severity
Min. - Max.
Critical
$50k
High
$10k
Medium
$2k
Low
$1k
Total Assets in Scope
2
Total Impacts in Scope
16