Bounce Tech Case Study
Securing a successful public launch.
Phage provided a thorough and insightful audit for Bounce Tech that uncovered valuable findings. They were a pleasure to work with and allowed us to deliver our product with confidence
- Chase Manning (Lead Developer), Bounce Tech
Team
Pyro
Lead Security Researcher
Lead Security Researcher at Sherlock.
Over 100 audits performed and 400+ bugs found.
Samuraii77
Lead Security Researcher
Lead Security Researcher at Sherlock
Over 15 Top3 finishes in audit contests and multiple bug bounties
YanecaB
Security Researcher
A promising Security Researcher.
In the space for ~8 months, and showing remarkable results!
About the Client
Bounce Tech is a leveraged token protocol that creates synthetic leveraged exposure to perpetual futures markets. Users can mint/redeem leveraged tokens (like “ETH 10x Long”) that automatically maintain target leverage ratios through integration with Hyperliquid’s perpetual trading infrastructure, while earning fees that get distributed to BOUNCE token stakers.
Key Metrics
Severity Count
| Severity | Count |
|---|---|
| High | 4 |
| Medium | 7 |
| Low | 5 |
16
Total Findings
4 / 4
High Resolved
7 / 7
Medium Resolved
5 Days
Audit Duration
b276...9e1c
Commit hash
2bfe...5d30
Remediation hash
Hyperliquid
Network
Index of leveraged tokens
Project type
High Severity Issues and Fixes
[H-01] Spot and perp balance is not considered for calculating vault value
Impact: Internal accounting is messed up due to wrong TVL
Fix: Track spot and perp balances
[H-02] Stepwise jumps occur upon spot/perps balance top-ups, allowing MEV attacks
Impact: MEV bots can grief balance changes
Fix: Add a mapping to track in between balances
[H-03] Position value is computed incorrectly for shorts
Impact: Wrong postion values, messes up internal accounting
Fix: Change the math to also account for shorts
[H-04] Unstaking operations are not validated against the creator
Impact: Users need to wait for withdraws, but can be front runned and claimed by other users
Fix: Validate the one executing the wothdraw to the user who made it
Why Phage Security?
Bounce Tech selected Phage Security for our team of distinguished security researchers. The team was impressed by our ability to identify and resolve critical vulnerabilities, uncover elusive edge cases, and navigate the unique patterns of the Hyperliquid ecosystem.
The combined expertise of our lead researchers and the diligent work of our entire security team ensured that Bounce Tech's codebase was thoroughly prepared for its final audit, providing them with the confidence to move forward.