[BIP-726] Adopt The SEAL Safe Harbor Agreement

Category: Governance
Type: General Proposal
Authors: Skylock.xyz, Mike B (@Mike_B), samczsun (@samczsun)

Disclaimer: I am submitting this proposal solely in my personal capacity

PR with Payload

Introduction

This proposal outlines Balancer DAO’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting the Safe Harbor Agreement, Balancer improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.

What is the Safe Harbor Agreement?

The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible. Key aspects of the agreement include:

• Encouraging Whitehats to Protect the Protocol: By adopting Safe Harbor, Balancer incentivizes whitehats to step in and protect the protocol during active exploits by limiting their legal exposure.
• Intervention Only During Active Exploits: Whitehats are authorized to act only when there is an immediate or ongoing exploit that threatens the protocol. This agreement applies only to critical situations where responsible disclosure procedures would not save funds due to the urgency of the exploit, and it is not intended for routine security testing or vulnerability reporting.
• Mandatory Return of Rescued Funds: Under the terms of the Safe Harbor, whitehats are required to return all rescued assets to a pre-designated recovery address controlled by the protocol within 72 hours of recovering them. This ensures that recovered funds are quickly secured, preventing delay or potential loss.
• Clear Guidelines and Legal Protection: The agreement establishes strict rules for how whitehats must operate during an exploit, ensuring recovery efforts are conducted professionally and safely, minimizing the risk of mistakes or further damage to the protocol. By adhering to these guidelines, whitehats can limit their potential legal exposure, allowing them to act in good faith without fear of liability.
• Incentivized Rescue Efforts: To motivate whitehats to act during critical situations, the agreement offers a bounty system similar to a bug bounty. Whitehats are rewarded with a percentage of the recovered assets, up to a predefined cap, for their successful interventions.

For more information, check out the Safe Harbor Agreement here.

Rationale

Balancer V2 initially implemented an emergency pause mechanism, which was active for the first three months after deployment. Once this period ended, the protocol became immutable and could no longer be paused, limiting the ability to respond to active exploits through traditional methods.

This immutability makes it necessary to have a mechanism that allows rapid response and asset recovery during emergencies. The Safe Harbor Agreement addresses this need by empowering whitehats to act immediately during an exploit, providing a swift and structured recovery process.

Benefits of adopting the Safe Harbor Agreement include:

• Agile Defense Against Exploits: Whitehats are authorized to intervene as soon as an active exploit is detected, enabling them to respond faster than traditional methods. This ensures that Balancer is protected against threats even without the ability to halt the protocol. Immediate action reduces the window for malicious actors to cause harm, minimizes damages, and accelerates the recovery of assets during critical moments.
• Clarified Rescue Process: The agreement ensures that every step, from intervention to fund recovery, is predetermined and streamlined. Whitehats know exactly where to send recovered funds, preventing chaotic negotiations or rushed decisions during an exploit. This clarity ensures efficient, decisive action when it matters most.
• Clear Financial Boundaries: The predefined bounty, capped at the same amount as Balancer’s bug bounty, ensures that whitehats are incentivized without creating conflicting priorities between exploit intervention and standard vulnerability disclosure. By setting expectations upfront, it eliminates post-exploit negotiations, ensuring funds are returned promptly without attempts to change the reward amount, keeping the process fair and transparent.
• Aligning with Industry Best Practices: By adopting the Safe Harbor Agreement, Balancer aligns itself with leading security practices across the industry, reinforcing its commitment to staying at the forefront of protocol security.

Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.

Adoption Details

Balancer DAO will adopt the agreement with the following parameters. For a full description of these adoption details, review the Safe Harbor for Protocols document.

1. Asset Recovery Address: Addresses controlled by Balancer, which recovered funds will be returned to in the event of a hack

2. Scope: List of all on-chain assets protected under Safe Harbor

3. Contact Details: Designated security contact for Balancer

• Name: Mike B - Strategy
• Contact Information: Telegram: Mikeisballin

4. Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds

• Bounty Percentage: 10% of recovered funds.
• Bounty Cap (USD): $1,000,000.
• Retainable: False
  • This means that whitehats cannot retain their bounty directly from the recovered assets. Instead, all rescued funds must be returned to the protocol’s designated asset recovery address, and the bounty will be paid out separately afterwards.
• Identity Verification: Named
  • Whitehats must provide their full legal name. This requirement ensures compliance with legal obligations and is similar to the identity verification standards seen in traditional bug bounty programs.
• Diligence Requirements: KYC & Global Sanction Verification
  • Balancer requires all eligible whitehats to undergo Know Your Customer (KYC) verification and be screened against global sanctions lists, including OFAC, UK, and EU regulations. This process ensures that all bounty recipients are compliant with legal and regulatory standards before qualifying for payment.

Implementation Plan

1. Register Agreement On-Chain:

   • The agreement will be registered on Ethereum in the Safe Harbor Registry at address 0x8f72fcf695523a6fc7dd97eafdd7a083c386b7b6, including all adoptionDetails. This ensures transparency and immutability.

2. Security Team Adoption:

   • The Balancer Security Team will complete the procedures outlined in “Exhibit C: Security Team Adoption Procedures” of the Safe Harbor Agreement. Upon completion, the signed adoption document will be uploaded to IPFS, ensuring public accessibility and transparency.

3. Update Terms of Service:

   • The Balancer front-end Terms of Service will be updated in accordance with “Exhibit D: User Adoption Procedures” of the Safe Harbor Agreement. These updates will reflect the protocol’s adoption of Safe Harbor, ensuring that users are informed and provide their consent accordingly.

4. Communicate Adoption:

   • An official announcement will be made across all Balancer communication channels, explaining the adoption and its significance to the community.

Conclusion

Adopting the SEAL Whitehat Safe Harbor Agreement equips Balancer with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Balancer’s commitment to proactive security.

References

• SEAL Whitehat Safe Harbor Agreement: GitHub Repository
• SEAL Whitehat Safe Harbor Agreement Overview: Notion
• Balancer Bug Bounty Program: Immunefi Bug Bounty Details

The Safe Harbor Agreement and all whitehat actions will abide by Balancer DAO’s Accountability Guidelines. Please note that a final compliance and legal review of the agreement is still pending and will be completed before the proposal’s on-chain adoption.

Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.

Hey everyone - I’m Dickson one of the leads of Safe Harbor & Co-founder of Skylock!

Feel free to comment and let us know if you have any questions! Always happy to talk about Safe Harbor!

Hi all!

I’m the other initiative lead for Safe Harbor & founder of Skylock. Also happy to answer any questions anyone’s got, especially if it’s about the on-chain components or legal ramifications.

This is a great proposal. I highly support decisions such as this one and the relationship with Hypernative. Best in industry advanced threat detection, and emergency response is a critical differentiator these days. This agreement rounds out the experts we already have in place to ensure that even if all else fails, the best of the best are primed and ready to leap into action and minimize damage.

Hey, jumping in here for a few remarks regarding the agreement. We want to make sure we are kosher with Foundation/OpCo needs in case we aim to sign an SLA, so we’d propose changing the OFAC sanctions reference to be global including UK/EU and changing arbitration from Singapore to Cayman Islands.

I also recommend in the proposal you should add something about the Safe Harbour (and the Whitehats) to abide to the Balancer DAO’s accountability guidelines and that a final compliance and legal review of the agreement is still pending.

Hey @0xDanko - Thanks for reviewing!

so we’d propose changing the OFAC sanctions reference to be global including UK/EU

1. Yes we can change the Identity Verification & Diligence Requirements! Would this modification look good?

• Identity Verification: Named
  • Whitehats must provide their full legal name. This requirement ensures compliance with legal obligations and is similar to the identity verification standards seen in traditional bug bounty programs.
• Diligence Requirements: KYC & Global Sanction Verification
  • Balancer requires all eligible whitehats to undergo Know Your Customer (KYC) verification and be screened against global sanctions lists, including OFAC, UK, and EU regulations. This process ensures that all bounty recipients are compliant with legal and regulatory standards before qualifying for payment.

changing arbitration from Singapore to Cayman Islands

2. SEAL would like to keep the Whitehat Safe Harbor Agreement unchanged so it’s a standard that all protocols can adopt. This makes it easy for whitehats to not need to re-read the legal agreements of each protocol. So we can’t change the arbitration location. Happy to introduce you someone from our legal team to discuss this!

I also recommend in the proposal you should add something about the Safe Harbour (and the Whitehats) to abide to the Balancer DAO’s accountability guidelines

3. Got it! We can add this section to the DAO proposal:

The Safe Harbor Agreement and all whitehat actions will abide by Balancer DAO’s Accountability Guidelines.

that a final compliance and legal review of the agreement is still pending

4. And I’ll just add another sentence after (3)

Please note that a final compliance and legal review of the agreement is still pending and will be completed before the proposal’s on-chain adoption.

OK, agree that sounds reasonable. Thank you for adding to the other points.

https://snapshot.org/#/balancer.eth/proposal/0x8c3fd2550184ec28653c46e959782f1a3127ca8aa6a5652494a9c29ad77d9b55