The Challenge: Securing a Dual-Mode Crypto Payment System

‍

Hyperliquid's Liquid Bank is a payment solution that enables users to pay for credit card spending using crypto tokens. The system combines smart contract wallets with DeFi lending protocols to facilitate payment flows while maintaining user custody of funds.

‍

At the center of the design is the ManagementAccount, a smart account that holds user funds and exposes a list of whitelisted tokens and services defined by the payment system. Users can enable or disable these services, but can only interact with approved components.

‍

The ManagementAccount operates in two exclusive modes:

• Spending Mode, where payments are settled using the nominated settlement token, Praxis, and balances are deducted from the ManagementAccount after backend confirmation.
• Credit Mode, where the system integrates with external DeFi protocols. Users deposit collateral into a whitelisted credit service and authorize the platform to borrow on their behalf to settle payments.

‍

‍

‍

Key Technical Challenges

‍

Several challenges shaped the scope of the audit:

‍

• A layered architecture involving a factory contract, per-user ManagementAccounts, service logic, token handling, and external protocol integration.
• Strict requirements around mode switching, where only one operating mode can be active at a time and transitions must leave no residual state.
• Similar guarantees required when switching between credit services, with only one service allowed to be active.
• Enforcement of whitelisted tokens and services across all interactions.
• Correct integration with an external DeFi protocol. For the scope of this audit, the payment system was integrated only with Morpho Blue.

‍

The combination of these constraints resulted in multiple moving parts and non-trivial state management.

‍

‍

‍

Findings That Mattered

‍

Our audit focused on several critical risk areas:

‍

• Mode Transition State Handling: Certain transition paths did not fully reset internal state variables, creating potential ambiguity in authorization or accounting during mode switches.
• Credit Service Switching Logic: Transitions between whitelisted credit services required stricter guarantees to ensure that only one service could be active at a time with no overlap in state.
• Whitelist Enforcement Boundaries: Certain interactions relied on correct assumptions about whitelisted tokens and services, requiring additional validation to ensure restrictions were consistently enforced.

‍

These findings were reviewed with the Hyperbeat team. A subset of issues were remediated during the engagement, while the remaining findings were acknowledged with documented rationale and risk acceptance, strengthening clarity around mode isolation, service exclusivity, and whitelist enforcement guarantees.

‍

‍

‍

Our Process

‍

Nethermind Security conducted a detailed security review of the Hyperbeat Liquid Bank codebase using a collaborative approach.

‍

The engagement began with a kickoff call to align on scope, architecture, and focus areas, followed by regular bi-weekly sync meetings to discuss progress, clarify design decisions, and review preliminary observations.

‍

An intermediary report was shared summarizing early findings and recommendations, which were discussed with the Hyperbeat team during the sync meetings.

‍

The audit included an extensive manual review of the full codebase, supported by internal peer discussions to validate assumptions and findings. Particular attention was given to the integration with the Morpho Blue protocol and its interaction with the ManagementAccount design.

‍

Total findings: 30

• 2 Medium
• 11 Low
• 14 Informational
• 3 Best Practice recommendations.

‍

The findings were reviewed collaboratively with the Hyperbeat team, with mitigations, design clarifications, and remediation plans discussed during the engagement.

‍

‍

The Outcome: Strengthening a Complex Payment Architecture

‍

The engagement strengthened guarantees around mode isolation, credit service exclusivity, and whitelist enforcement. The review clarified transition invariants and reduced the risk of inconsistent state across spending and credit workflows.

‍

This engagement underscores the importance of careful state management and external protocol understanding in payment systems that combine smart wallets with DeFi credit mechanisms.

‍

‍

‍

Nethermind Security

‍

Trusted by leading protocols to audit complex systems across DeFi and infrastructure.

Start a conversation about your project's security.