Introduction
HyperliquidForwarder is a minimal bridge-forwarding contract intended to assist ERC-20 transfers from HyperEVM to HyperCore via a two-step process. The contract maintains a mapping from token IDs to designated bridge addresses and enforces basic safety checks so only supported tokens and correct bridge endpoints are used. Intended tokens include Hyperliquid’s ecosystem assets such as USDT0
and USDE
.
Scope of the Engagement
Three Sigma conducted a focused audit of HyperliquidForwarder on 10 Jun 2025.
The review covered 59 non-comment, non-blank lines across a single Solidity file:
src/HyperliquidForwarder.sol
(59)
Auditors: 2
Effort: 0.4 person-weeks
Primary objectives:
- Validate the forwarding flow and ensure token/bridge allowlisting cannot be bypassed.
- Check administrative controls (only-owner/only-role) for mapping updates.
- Verify ERC-20 transfer/approval handling and event hygiene.
- Look for obvious reentrancy, input validation, and misrouting risks.
Challenges in Securing Bridge Forwarders
Allowlist Correctness
Forwarders must strictly gate which token IDs can be bridged and to which destination contracts, preventing confused-deputy style misroutes.
Minimal Surface, Max Signal
With tiny contracts, a single visibility or validation mistake can become a systemic footgun across multiple tokens.
Token Semantics
Fee-on-transfer tokens, non-standard decimals
, or transfer
returns can break naive forwarding logic if not handled defensively.
Ops Hygiene
Clear events and tight admin APIs reduce the chance of misconfiguration during live operations.
Audit Date: 2025-06-10
Language: Solidity
Type: Code Audit