Reverse Engineering Hyperliquid

Summary

What happens when you take IDA Pro to a $30B “decentralized” exchange?Hyperliquid markets itself as a “fully on-chain order book perpetual exchange.” $1 trillion in trading volume. $30 billion valuation. Crypto Twitter calls it the future of DeFi.I decided to see what the hype was and googled “hyperliquid github”. To my surprise, there was no source code. The repository tells you to download this hl-visor blob, run it, and let it download more blobs to execute for you.Say what now?How did we go from “code is law” and people measuring each other’s Nakamoto coefficients to whatever the hell this is? The idea of a closed-source blockchain was very intriguing (because why would you do that if you are not hiding anything?) so as you can imagine I decided to take a look.Hyperliquid is a centralized exchange (if not worse than that due to the lack of financial audits & regulation) masquerading as a blockchain:A “CoreWriter” godmode that can mint tokens, move user funds without signatures, crash random validators and basically do whatever it wantsTransaction types that do exactly what they say: TestnetSetYesterdayUserVlm, retroactive volume manipulation shipped in the mainnet binaryA “scheduled freeze” mechanism with no unfreeze capabilityOnly 8 broadcaster addresses can submit transactions: everyone else routes through them. They live in on-chain state, are governance-modifiable, and are undocumented.Oracle price override capabilities with no timelocks, bounds, or multi-sig requirementsBridge withdrawals can be censored forever: no timeout, no escape hatchGovernance proposals are stored but effectively unqueryable: users see votes happened, not what was proposed$362M accounting gap: user claims exceed bridge balance (explained: Circle’s native USDC on HyperEVM)Undocumented lending protocol: a fully deployed borrow/lend system (BOLE) live on mainnetEvery claim includes addresses into the binary and L1 state that you can verify yourself.Shall we?0x1: The “Testnet” FunctionTh...