Hyperwave
About
Hyperwave is a protocol building an onchain forex layer on Hyperliquid, starting with Hyperwave HLP (hwHLP) — the first liquid yield-bearing token representing deposits into the Hyperliquidity Provider Vault (HLP) on HyperEVM and beyond. It tokenizes HLP (Hypercore liquidity provider) positions, bringing the yield generated in Hypercore directly into the HyperEVM ecosystem so users can mint, redeem, bridge, and integrate a composable liquid HLP position.
Where Does Yield Come From?
Here is how holders of hwHLP (a token that represents a stake in Hyperliquid's liquidity pool) earn yield:
Step by step, the money flows like this:
- Users deposit stablecoins (USDT0, USDe, or USDhl) into the hwHLP vault contract.
- Hyperwave's strategists swap those stablecoins for USDC on Hypercore's spot orderbook.
- That USDC goes into the Hyperliquidity Provider Vault (HLP) on Hyperliquid. The HLP vault itself earns yield from two sources: providing liquidity on Hypercore, and from general trading activity on the network.
- An on-chain oracle regularly checks the HLP vault's value and updates the hwHLP token price accordingly. As the vault earns yield, the token's underlying value (net asset value) rises — and that increase is captured in the token price.
Fees and withdrawal timing
- Hyperwave charges a 10% performance fee on gains. This is built into the vault's management fee structure in a way that is mathematically the same as a straight performance fee, and it can be verified on-chain.
- No mint or redeem fees — those are 0% according to the app interface.
- When you want to redeem (cash out) your hwHLP tokens, expect a roughly 5-day waiting period.
The big picture
This design takes the yield that HLP earns from Hyperliquid's community-driven liquidity markets and makes it usable within the HyperEVM ecosystem. Because hwHLP is a liquid, composable token, it can be minted, redeemed, bridged, and integrated with other apps — something that was not possible with a raw HLP vault position on its own.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
0x Macro01-04-2024 - 05-04-2024 |
| All four medium-severity issues were addressed before publication, and the remaining low/code-quality findings were largely fixed or acknowledged with planned mitigations; users should however remain aware that permissioned strategist roles carry inherent trust assumptions and that MEV protection relies on private RPC usage. |
0x Macro22-04-2024 |
| The audit report PDF was not retrievable in a usable textual form, making it impossible to assess the protocol's security findings or severity distribution from this document. No verdict on safety can be drawn from the available material. |
CODESPECT09-06-2025 |
| The one High-severity issue (incorrect bridge address that would have caused loss of WHYPE tokens) was fixed before finalization, and the two informational items were either fixed or acknowledged, leaving no unresolved risks in the audited forwarder contract. The audit is narrowly scoped to a single 38-line contract with minimal attack surface. |
Three Sigma10-06-2025 |
| The audit found no exploitable vulnerabilities in the HyperliquidForwarder contract; the sole finding was a gas-optimization suggestion that has already been addressed. This indicates the codebase had no material security risks at the time of review. |
Pashov Audit Group10-07-2024 - 13-07-2024 |
| All one high-severity and two medium-severity findings were resolved before deployment, which substantially reduces material risk; the nine acknowledged low-severity items represent residual design nuisances and operational edge cases that do not threaten core protocol solvency but warrant continued monitoring. |
Cantina01-04-2024 - 12-04-2024 |
| The review found no critical or high-severity issues; the eight medium-severity findings were largely fixed or mitigated under the stated trust model where the strategist role is held by a trusted multisig, meaning the Boring Vault's core safety posture is reasonable for launch provided those trust assumptions hold. |
Legal
Legal form
Corporation (Hyperwave Labs Corporation)
Registration jurisdiction
Panama (governing law clause in Terms specifies Panama law; Privacy Policy references Panama Data Protection Ombudsman and data transfers outside Panama)
Status and notes
Operator disclosed as Hyperwave Labs Corporation in the Terms of Use and Privacy Policy, both available at hyperwavefi.xyz/terms and hyperwavefi.xyz/privacy. A MiCAR whitepaper (EU Markets in Crypto-Assets Regulation) is published via Google Drive. The footer on the docs site and main site shows "@Hyperwave 2025". Legal contact: [email protected].