[BIP-545] Funding Hypernative Security Program for Balancer

PR with Payload

Service Provider Name: Hypernative

Leader(s): Gal Sagie, Dan Caspi, Andrey Dulkin, Vazi

Pledge to abide by the DAO’s Code of Conduct (or link to your own): Yes

Pledge to abide by the Accountability Guidelines: Yes

Domains of Operation: Web3 Security, InfoSec/OpSec and on/off chain security

Key Objectives & Success Metrics:

Summary

The proposal aims to extend Hypernative’s security advisory services to Balancer DAO and provide additional Hypernative platform monitoring features, with a focus on enhancing protocol resiliency, strengthening security operations, and reducing the risk of hacks, exploits, fund losses, and catastrophic events, all while fostering long-term sustainable growth.

Building on the work accomplished over the past three months, this proposal will prioritize the following components:

1. Improve and enhance the findings based on Hypernative security assessment and report to create more guardrails and monitoring of risks
   a. Continuous re-asses and help consult on any operational security aspects
2. Build and deploy an incident response plan and operate as needed
3. Deploy frontend monitoring
4. Deploy on-chain monitoring

The component full description, deliverables, and planned timeline are specified within each component below.

A quarterly report will be submitted to the DAO to outline the outcomes of each quarter and to present plans for the next quarter

The request is to approve a $60,000 USDC yearly budget paid quarterly. for the following sections as a unified package

Results

Over the past 3 months Hypernative acted as a security advisor to Balancer DAO, and provided a threat assessment report across the below verticals:

1. DeFi Safety Report:

2. The team assessed the main weaknesses identified in the latest DeFiSafety report. Reviewed and provided recommendations where needed in the following categories:
   1.Team responsiveness
   2. Audit matrix applicability
   3. Protocol Architecture Documentation
   4. Signing Policy
   Monitoring

3. Monitoring & Prevention - mapped the current monitoring and prevention solutions used for on-chain monitoring, infrastructure, multisig monitoring, and frontend monitoring.

4. Emergency Procedures - reviewed and provided recommendations for emergency procedures, including permissions and response guidelines.

5. Access Controls- mapped each permission and its owner, including multisig/permissioned calls, DNS, and frontend.

6. GitHub - mapped architecture, contracts, deployment flow, organization review (using admin permissions) and roles.

7. AWS - mapped organization review using admin permissions

8. Socials- reviewed Balancer Discord and Twitter configurations, member permissions, and security setup and provided recommendations and best practices to enhance security and achieve a higher level of security

9. Signing Policy - reviewed multisig management, multisig roles, the structure for executing proposals, and provided best practices recommendations.

10. Incident Response- suggested various incident response plans and workflows, including:

11. Assigning relevant stakeholders for internal incident handling plans.

12. Developing incident response plan playbooks for different types of incidents.

Proposal

The Proposal Motivation

There are many security tasks, processes and incident handling that need to be augmented in a protocol like Balancer.

The idea of this proposal is to provide a virtual CISO (Chief Information security officer) services to augment Balancer infosec and on-chain/off-chain security postures by leveraging Hypernative in-house expertise and network of connections.

The proposal will outline the responsibilities addressed and handled which will be organized and advised by Hypernative but carried and implemented fully by a combination of Hypernative and the DAO.

Balancer + Hypernative

Hypernative team has been an instrumental helper in the last security incidents that Balancer has undergone, both from helping with automated tracking of the hacks and stolen funds movement, communication with external entities like exchanges/Chainalysis and helping with the war room and bringing the relevant help to the table.

We believe that Balancer and Hypernative can together create a new standard of security program that will emphasize the DAO commitment for its users and the security of their funds.

The Proposal Details

1. Continue Hypernative operational security advisory plan

• Fix and enhance the findings based on Hypernative security assessment and report per need

• Continuously re-asses and help to analyze operational security posture and provide real time help with any needed task to create more guardrails and monitoring for operational risks

• Hypernative will manage the backlog of open risks findings in secured shared space with the relevant BLabs teams and will track the resolution of the risk or the roadmap/planning

  1. Including providing suggestions of possible fixes

Deliverable: Harden infrastructure based on risk findings and provide continuous support for new security operations, suggestions and vendor assessments
Dependencies: BLabs
Timeline: Starts after approval
Standalone Price : $15,000 USDC yearly

2. Build and deploy incident response plan and operate it on a per need basis

Offer:

• Identify root cause(s) and suggest remedies / repairs and communication
• War room management and connection with community volunteering help and Balancer team members
• Connection to and management of vendors and network of contacts (Circle, Bridges, Chainalysis, Chain security teams, etc) to help with recovery of stolen funds and post incident help to the DAO
• Community communications and post mortem
• Creating best practices based on historical incidents and create playbooks with the learning

Deliverable: Build an internal incident handling plan and assign relevant stakeholders. Provide real-time support to the Balancer team during any incident. Balancer team members will be needed to allocate time and focus to ensure the successful implementation of the incident response plan.
Dependencies: BLabs and Eco-Council
Time: The proposal includes a time bank of 160 hours across the year as needed + $200 hourly rate for any additional hours per need
Timeline: Starts after approval
Standalone Price: $10,000 USDC yearly

3. Frontend monitoring:

Offer:

• Detect Web application security incidents like DNS hijacks, DNS provider compromises, compromised plugins and backends
• Provide real time alerts on any suspicious change to the web application
• Related examples that could have been early detected using the suggested frontend monitoring:
  • Balancer DNS attack, September, 2023
  • Ledger Connect compromised javascript library, December 2023
  • Velodrome DNS attacks, November and December 2023
  • Trader Joe’s compromised plugins attack, November 2023
  • BadgerDAO
  • Convex Finance

Deliverable : Deploy frontend monitoring to prevent the Balancer web app from frontend attacks and create specific tests for Balancer front end application
Dependencies: Hypernative will own development process completely and will agree with BLabs frontend team on mitigation processes
Timeline: Service year start upon request from BLabs when V3 frontend is ready
Standalone Price : $15,000 USDC

4. On-Chain monitoring and prevention automation

Offer:

• Reviewing security framework and response procedure, assigning a

contact person for various events

• Set standard operational procedure (response & contact points) on category of events and time-sensitivity for any security or operational case

• Balancer V3 - understand and create pre-incident measures to mitigate risk and react in time (pause contracts, limit/cap protocol, blacklist addresses, move funds to a safe/vault for emergency etc.)

• Protocol Security Alerts

  • Leverage Hypernative zero-day detection modules to detect threat and alert in real time on security incidents related to or directed at Balancer contracts

• Multisig monitoring

• Monitor ownership changes for the multisig

• Monitor multisig configuration changes

• Monitor for transactions initiated in the Safe - upon initiation, prior to execution

• monitoring for every transaction executed using the DAO Multisig

• Monitor protocol treasury and wallets

• Monitor large transfers or movements of funds from protocol treasury

• Governance monitoring

  • Monitor Governance token holders

• Monitor government token transfers

• Alert on governance token concentration

• Governance proposal review

  • Review proposals from security point of view and add relevant alerts

• Phishing and Scamming Detection

  • On-chain detection

• Detect phishing campaigns targeted at Balancer token holders and provide alerts to warn the community

• Monitor Balancer Ecosystem Projects

• Use Hypernative system to model specific monitoring for Balancer based projects

• Provide ecosystem-wide threat intelligence to detect and respond to any malicious activity on ecosystem projects, including hacks, exploits, phishing, scams, and rug pulls.

Deliverable: Deploy Hypernative on-chain monitoring and prevention platform, all the above features are supported as part of the platform already.
Hypernative team will create security playbook plans with the BLabs team to define the reaction’s (automated or manual) for any of the above mentioned risks
Dependencies: BLabs and Eco-Council
Timeline: Service year start upon V3 ready and BLabs notification
Standalone Price: $45,000 USDC yearly

About Hypernative

Hypernative actively detects and responds to zero-day cyber attacks, financial risks, on-chain anomalies, and safeguards digital assets, protocols, and Web3 applications from significant threats and losses.

Hypernative today works with some of the leading crypto organizations (Polygon, Starknet, Zetachain, Linea, Circle, Galaxy, OlympusDAO, Karpatkey DAO, Chainalysis to name a few and many others)

Hypernative is an active participant in many crypto security organizations and committees geared towards helping projects and the industry as a whole to create new security solutions and standards.

Hypernative team is well experienced in crypto and cyber security with 10’s of years of combined experience from companies like: Microsoft, IBM, Google, VMware, CyberArk, ChainReaction, Orbs, Intel and others.

https://twitter.com/RDNTCapital/status/1743061594698104982
https://twitter.com/mwilliammyers/status/1745356262567739485
https://twitter.com/DeusDao/status/1661751727228596226

https://twitter.com/senamakel/status/1610953131252416513
https://twitter.com/Palmswaporg/status/1684902587303104512
https://twitter.com/jaypeggerz/status/1608395021031723010
https://twitter.com/0xGreg_/status/1608418111887396864
https://twitter.com/SocketDotTech/status/1749734794320363802
https://twitter.com/XaveFinance/status/1579735814824931329

Length of Engagement & Budget:
Total of $60,000 USDC for a year on all sections combined
Sections 1 and 2 start immediatley after approval for a year
Sections 3 and 4 start after an agreed notice from BLabs team close to V3 alpha

ETH Address to Receive Funds: 0x5CA24e2A586834A7B96216D68b26A82405e3DC15

Link to SLA (if going through the Foundation: Will be shared after approval of this proposal

If accepted, the Balancer DAO multisig 0x10A19e7eE7d7F8a52822f6817de8ea18204F2e4f will interact with USDC 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 by writing transfer passing the address 0x5CA24e2A586834A7B96216D68b26A82405e3DC15 as recipient and amount 60000000000 to transfer 60000 USDC to the Hypernative ETH mainnet wallet address

I worked closely with Hypernative dealing with incident management through both of Balancers recent security events. We further worked together to coordinate the work that led to this assessment and proposal.

One of the planned features of Balancer V3 will be longer Pause windows. With this in place, Hypernative’s state-of-the-art art on-chain dictation tooling can eventually be integrated with the ability to put things on ice for a few minutes if it is clear that a security event is evident.

Combining these capabilities with web2(frontend, dns, etc) monitoring and best in class incident response allows for a Security Operations Center (SoC) type model to be implemented, in which there is a holistic view of security and the mechanisms, processes and people in place to respond quickly to whatever may happen.

I’ve worked in and around quite a few DAOs, and for the amount of money on the line it surprises me to see so little of this. I’m delighted that our experiences in 2023 led us to Hypernative, and that we are now working together to take the kind of holistic approach to InfoSec that is so severely needed in our industry.

As of my last knowledge update in January 2022, I don’t have specific information about a program called “Hypernative Security” for Balancer. It’s possible that this program or initiative has been introduced after my last update.

However, if you are interested in funding or supporting security initiatives for Balancer or any other decentralized finance (DeFi) protocol, here are some general steps you can take:

1. Check Official Channels: Visit the official website and documentation of Balancer to see if there are any announcements or details about a security program. Look for dedicated security sections or blog posts.
2. Community Forums: Join Balancer’s community forums, chat groups, or social media channels. Engage with the community to stay updated on the latest developments and security initiatives. Often, security-related discussions take place in these forums.
3. Contact the Team: Reach out to the Balancer development team or the project’s official communication channels. They can provide information on existing security programs or guide you on how to contribute.
4. Bug Bounty Programs: Many blockchain projects, including DeFi protocols, have bug bounty programs that reward individuals for identifying and responsibly disclosing security vulnerabilities. Check if Balancer has a bug bounty program, and consider participating.
5. Community Contributions: If there isn’t a specific security program, you might consider contributing to the community by sharing security-related research, findings, or proposing improvements. Active community members are often recognized and may have opportunities to collaborate with the project.
6. Governance Proposals: If you are a token holder, you can participate in the governance process and propose or vote for initiatives related to security. Governance decisions in decentralized protocols often involve the community.

Hi @deepsoul234 , the references interaction mentioned is detailed in: Snapshot

Over the last 3 months Hypernative has been working with the Balancer BLabs and Eco-council teams closely on Security operations items and also before on their last incidents

Thanks Hypernative for putting up this proposal.

We have worked together during the linear pool hack in August last year and continuously over the last several months. Hypernative created a security assessment for Balancer over the last months which looked at various areas including but not limited to Discord, Github, smart contracts and backend infrastructure. A draft report of the security assessment has been provided internally for review and first immediate actions have already been taken. I consider the work provided by Hypernative professional and responsive, something I expect from a partner like this.

I believe the proposal as it is presented above will help Balancer further improve and maintain its security posture.

I would like to add a small remark on offering 4, on-chain monitoring and prevention automation: To me it seemed like a lot is being offered that Balancer doesn’t need. After I have discussed this with Gal directly, it became clear that this offering is actually a complete product suite. The list under offering 4 should rather be considered a feature list than individual work items.

Also, a very important part of offering 1 is that Hypernative will own and manage the backlog of open risks also tracking their resolution. This takes away the project management burden from Balancer contributors.

As others like @Tritium have mentioned, Hypernative has distinguished themselves as a very good security advisory partner for Balancer. As we take elevated security measures very seriously after recent events, I am happy that we have found a capable partner to implement monitoring and suggestions on how to improve our protocol security.

I am also in full support of this proposal.

https://snapshot.org/#/balancer.eth/proposal/0x58e317ba908ee8e75bf0c32c7b45eccdefa948ba46d00b112508fc9783a40cdc

Just for clarification, we will pay 60’000 USDC for the entire program as specified in the tec-spec opposed to this section that wasn’t adjusted by the proposer: