Security Changelog
Every security fix and contract change, in the open. ADA Harvest is fully open source — you can read the code, verify the on-chain contract, and follow the full commit history yourself.
Current live contract
What we've fixed
Native-token / value stripping & stake-credential redirection closed
The vault output checks previously verified only ADA, and matched the continuing vault output by payment credential only. An attacker could have spent the vault and (a) removed native tokens from the continuing output, or (b) redirected the vault to their own stake key to steal future staking rewards. The validator now requires the continuing output to preserve all non-ADA value AND the exact full address (payment + stake credential). Withdrawals are also now blocked during emergency shutdown, and flash-loan / compound transactions are explicitly forbidden from minting or burning hvADA.
Double-satisfaction & unenforced token burn fixed
Two fund-drain vectors: (1) the validator identified the vault output by address only, so spending multiple vault UTxOs in one transaction let each redeemer satisfy its "kept enough / repaid" check against the SAME shared output — letting an attacker walk away with the surplus. Now exactly one vault input per transaction is required. (2) Deposit/Withdraw trusted the datum's token field instead of the real hvADA mint, so a hand-crafted transaction could withdraw ADA without burning hvADA and repeat. The vault now reads the transaction mint field directly and enforces the exact mint on deposit / burn on withdraw.
On-chain admin signature required for all privileged operations
Rebalance, fee withdrawal, protocol whitelist changes, pause/resume and emergency shutdown now require a signature from an admin wallet listed in the vault datum — enforced by the Plutus validator, not just the backend. Previously some of these were under-checked.
CompoundRewards — staking rewards raise NAV for every holder
Added a redeemer that lets accrued ADA staking rewards be folded back into the vault without minting new hvADA. Every existing share becomes worth more automatically (ERC-4626 style) — one transaction regardless of depositor count, no per-holder distribution, no fees.
Server hardened: firewall, fail2ban, localhost-only Docker ports, rotated secrets
Enabled UFW (only SSH/HTTP/HTTPS exposed), installed fail2ban, bound the backend and database ports to localhost only (Docker bypasses the firewall by default), and rotated all database / JWT / admin-API secrets. Admin API auth replaced with HMAC-SHA256 signatures and rate limiting.
Accuracy pass — removed every unverifiable claim
Audited the entire site and removed all claims that were not literally true: fake "audited protocols", multi-sig that did not exist, projected APY guarantees, dead social links, and a placeholder audit report. The site now only states what actually runs on mainnet.