Category: Governance
Type: General Proposal
Authors: Skylock.xyz, Mike B (@Mike_B)
Introduction
This proposal seeks to update the scope of Balancer DAO’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”) to include the newly deployed Balancer V3 contracts. Balancer previously adopted Safe Harbor to enhance security by enabling whitehats to intervene during active exploits, and this update ensures that all new contracts remain protected under the agreement.
Background on Safe Harbor
The Safe Harbor Agreement is a legal and technical framework that provides protection and incentives for whitehats who rescue funds during active exploits. Without such an agreement, whitehats may face legal risks when intervening in ongoing security incidents. Safe Harbor provides:
- A Legal Shield for Whitehats – Whitehats can intervene without fear of legal repercussions, ensuring swift action during critical incidents.
- Predefined Rescue Process – Rescued funds must be returned to a pre-designated recovery address, eliminating ambiguity and ensuring transparency.
- Incentivized Security Response – Whitehats receive a predetermined bounty for successful fund recoveries, aligned with Balancer’s bug bounty terms.
Balancer previously adopted Safe Harbor to strengthen its security posture and protect user funds. The original proposal can be found here and on-chain adoption can be found here. With the launch of Balancer V3, we propose updating the agreement’s scope to include the new contracts.
Adoption Details
This proposal does not introduce new terms or modify Balancer’s existing Safe Harbor adoption. It simply updates the scope of covered contracts to include Balancer V3.
- Asset Recovery Address: Addresses controlled by Balancer, which recovered funds will be returned to in the event of a hack (not changed from previous adoption)
| Chain | Address |
|---|---|
| Ethereum | 0x10A19e7eE7d7F8a52822f6817de8ea18204F2e4f |
| Arbitrum | 0xaF23DC5983230E9eEAf93280e312e57539D098D0 |
| Avax | 0x17b11FF13e2d7bAb2648182dFD1f1cfa0E4C7cf3 |
| Base | 0xC40DCFB13651e64C8551007aa57F9260827B6462 |
| Fraxtal | 0x4f22C2784Cbd2B24a172566491Ee73fee1A63c2e |
| Gnosis | 0x2a5AEcE0bb9EfFD7608213AE1745873385515c18 |
| Mode | 0x4f22C2784Cbd2B24a172566491Ee73fee1A63c2e |
| Optimism | 0x043f9687842771b3dF8852c1E9801DCAeED3f6bc |
| Polygon | 0xeE071f4B516F69a1603dA393CdE8e76C40E5Be85 |
| zkEVM | 0x2f237e7643a3bF6Ef265dd6FCBcd26a7Cc38dbAa |
- Scope: List of all on-chain assets protected under Safe Harbor (added V3 vaults)
| Chain | Name | Address |
|---|---|---|
| Ethereum | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Arbitrum | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Avax | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Base | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Fraxtal | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Gnosis | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Mode | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Optimism | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Polygon | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| zkEVM | V2 Vault | 0xBA12222222228d8Ba445958a75a0704d566BF2C8 |
| Ethereum | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Arbitrum | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Avax | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Base | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Gnosis | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Optimism | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| Polygon | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
| zkEVM | V3 Vault | 0xbA1333333333a1BA1108E8412f11850A5C319bA9 |
- Note: Avax, Optimism, Polygon, and Polygon Zkevm’s V3 Vaults are not currently deployed, but will be the near future
- Contact Details: Designated security contact for Balancer (not changed from previous adoption)
- Name: Mike B - Strategy
- Contact Information: Telegram: Mikeisballin
- Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds (not changed from previous adoption)
- Bounty Percentage: 10% of recovered funds.
- Bounty Cap (USD): $1,000,000.
- Retainable: False
- This means that whitehats cannot retain their bounty directly from the recovered assets. Instead, all rescued funds must be returned to the protocol’s designated asset recovery address, and the bounty will be paid out separately afterwards.
- Identity Verification: Named
- Whitehats must provide their full legal name. This requirement ensures compliance with legal obligations and is similar to the identity verification standards seen in traditional bug bounty programs.
- Diligence Requirements: KYC & Global Sanction Verification
- Balancer requires all eligible whitehats to undergo Know Your Customer (KYC) verification and be screened against global sanctions lists, including OFAC, UK, and EU regulations. This process ensures that all bounty recipients are compliant with legal and regulatory standards before qualifying for payment.
Implementation Plan
Register Updated Scope On-Chain:
- The updated scope will be registered in the Safe Harbor Registry on Ethereum at 0x8f72fcf695523a6fc7dd97eafdd7a083c386b7b6, ensuring transparency and immutability.
Communicate Update:
- An official announcement will be made across all Balancer communication channels to inform the community about the updated scope.
Conclusion
This proposal ensures that the Safe Harbor Agreement remains aligned with Balancer’s evolving infrastructure by extending protection to Balancer V3 contracts. By updating the scope, we maintain strong security guarantees while ensuring that all newly deployed contracts are covered under Safe Harbor.
References
- SEAL Whitehat Safe Harbor Agreement: GitHub Repository
- Previous Adoption Proposal: Discussion
- Previous Adoption Snapshot: Snapshot
- Previous Adoption On-chain: Etherscan
Vote
For: Approve the update to include Balancer V3 contracts in Safe Harbor.
Against: Do not update the Safe Harbor scope.
Abstain
Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.