Immunefi
Immunefi
Back to Explore
dHEDGE-logo

dHEDGE

dHEDGE is a one-stop location for managing investment activities on the blockchain where you can put your capital to work in different strategies based on a transparent track record. Multi-chain, non-custodial, decentralized asset management integrated with multiple protocols; allowing for trades, providing liquidity and yield farming.

Polygon
Defi
Asset Management
Solidity
Maximum Bounty
$50,000
Live Since
09 November 2021
Last Updated
22 May 2024

  • PoC required

Submit a Bug
InformationScopeResources

Select the category you'd like to explore

Assets in Scope

Target
Type
Added on
Smart Contract - Pool Factory Proxy
12 February 2022
Target
Type
Added on
Smart Contract - Governance
12 February 2022

Impacts in Scope

Critical
Permanent loss or freezing of funds
High
Permanent loss or freezing of funds $10m+ (Possible)
High
Permanent loss or freezing of funds $100k+ (Very Likely)
Medium
Permanent loss or freezing of funds $10m+ (Very Unlikely)
Medium
Permanent loss or freezing of funds $1m+ (Unlikely)
Medium
Permanent loss or freezing of funds $100k+ (Possible)
Medium
Temporary freezing of funds (Very Likely)
Medium
Loss of yield (Very Likely)
Medium
Miner-extractable value (MEV)
Medium
Unable to call smart contract
Low
Permanent loss or freezing of funds $1m+ (Very Unlikely)
Low
Permanent loss or freezing of funds $100k+ (Unlikely)
View rewards

Out of scope

Program's Out of Scope information

The following vulnerabilities are excluded from the rewards for this bug bounty program:

  • Attacks that the reporter has already exploited themselves, leading to damage
  • Attacks requiring access to leaked keys/credentials
  • Attacks requiring access to privileged addresses (governance, DAO)
  • Attacks by privileged manager accounts which relate to poor trading practices or slippage.

Smart Contracts and Blockchain

  • Incorrect data supplied by third party oracles
    • Not to exclude oracle manipulation/flash loan attacks
  • Basic economic governance attacks (e.g. 51% attack)
  • Lack of liquidity
  • Best practice critiques
  • Sybil attacks

The following activities are prohibited by this bug bounty program:

  • Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
  • Any testing with pricing oracles or third party smart contracts
  • Attempting phishing or other social engineering attacks against our employees and/or customers
  • Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
  • Any denial of service attacks
  • Automated testing of services that generates significant amounts of traffic
  • Public disclosure of an unpatched vulnerability in an embargoed bounty
Total Assets in Scope
2
Total Impacts in Scope
16