XCM Disclosure: HydraDX

Network Information:

HydraDX is a next-gen DeFi protocol which is designed to bring an ocean of liquidity to Polkadot. Our tool for the job the HydraDX Omnipool - an innovative Automated Market Maker (AMM) which unlocks unparalleled efficiencies by combining all assets in a single trading pool.

Q1: Is the Blockchain Code Open-Source (and include Github link)?:
If parts of the code are not open source: please provide information on why not

Q2: Is Sudo-enabled on the Network? If Sudo is disabled, is the Network controlled by a select group of addresses?

  • A2: Sudo is disabled, all changes to the protocol must pass through public referedums,
    although there is a Technical Committee and a Council (13 in total, 7 community seats and 5 core contributors (GalacticCouncil)

Q3: Is the Network controlled by a select group of addresses (<50 addresses)?

  • A3: No, all changes must pass through public referedums

Q4: Have you completed full testing of this integration in Moonbase Alpha?

  • A4: Yes

Q5: (For Moonbeam XCM/HRMP Proposals Only) Does your network have a Kusama deployment? If yes, please provide Network name and whether your Kusama deployment is integrated with Moonriver

  • A5: Yes our parachain in Kusama is called Basilisk and not have integration with Moonriver

Q6: Is your blockchain code Audited? If yes, please provide: i. the name of Auditors, ii. dates of audit reports and, if available, links to audit reports.

  • A6: The security audit of the Rust implementation of the HydraDX Omnipool was performed by Runtime Verification - an established industry leader with clients such as NASA, Ethereum and Polkadot. The scope of the security audit includes the source code of HydraDX Omnipool pallet, its mathematical logic and asset registry, as well as 3rd party libraries which have been included as a (Substrate) dependency. The results of the audit were published in September 2022, you can consult the full report here.
    In March 2022, the economic/math audit of the Omnipool was completed by BlockScience - a leading web3 native firm dedicated to analyzing complex systems for the likes of Graph Protocol and Protocol Labs (Filecoin). The scope of this audit was to provide an overview of the AMM specification with a special attention to the mathematical and economic concepts underpinning the Omnipool, together with the implications of those mechanisms for liquidity provisioning and trading activity. You can consult the full report here, including our addendum with post-factum changes.

Hey, Jose, i heard that a security vulnerability has been found in Omnipool. could you please provide details about the additional security measures that the HydraDX team has implemented in response to this issue?

Hey turrizt, yes thanks for the question:

Yes, the following measures have been implemented:

on chain oracles, these on-chain oracles permit the implications of circuit breakers, which stop some functions (example: adding or withdrawing Liquidity from a specific asset, if it is outside the normal parameters), as well as per-block limit on the amount of liquidity that an LP can provide or withdraw , as a percentage of the overall Omnipool TVL for that given asset. Finally, some reasonable (i.e. not too low) limit on the size of trades would act as a complementary measure to prevent attacks with excessive amounts of capital.

You can read the full post about the vulnerability and the solutions here:Security Update #1 - HydraDX’s Newsletter

Although this economic attack required a large amount of capital, the necessary measures were taken to prevent that risk

In addition to these security measures, it must be understood that the Omnipool has specific Weight Caps for each asset, to mitigate the damage of toxic assets and also seeks to implement a limit in the inflow/outflow of xcm per block.