PR with Payload
HYPERNATIVE – Balancer V2 Protocol
Version: 1.0
Updated: 20 January 2025
Summary
We propose to be given the authority to pause composable stable pools for Balancer v2, by installing a safe module to the Emergency SubDAO multi-sig to allow for quick threat mitigation and securing of funds in case of a security incident with Balancer.
Motivation
Given that composable stable pools on Balancer hold a significant amount of TVL, it is crucial to improve security measures. One of these measures is the possibility to pause a specific pool type. Upon pausing, it is not possible to trade in a pool but proportional withdrawals are still possible. By installing a safe module managed by Hypernative’s real-time monitoring platform will enhance the resiliency and security of the protocol and augment the team’s security operations while minimizing the risk of hacks and exploits, loss of funds and prevent catastrophic loss to create long-term sustainable growth.
Specification
The Balancer Emergency subDAO Safe on each network will install a safe Module to enable Hypernative to pause pools. A Module is a smart contract that executes a predefined set of instructions on behalf of the Safe address, pre-approved by the Safe signers, and capable of executing these instructions automatically. In this case, the instruction is to call the pause method for each Balancer pool. The module is attached via the Safe’s enableModule function.
The Safe Module is triggered by hacks or exploits detected in Balancer’s contracts by the Hypernative system. Hypernative scans blockchains in real-time and detects hacks & exploits using its machine learning model, from the moment of a deployed malicious smart contract targeting Balancer’s contracts to executing malicious transactions.
The list of pools is automatically updated whenever the PoolRegistered event is emitted on-chain, though the Balancer team can override this list if necessary.
Enabling the Safe Module: Sepolia Transaction Hash (Txhash) Details | Etherscan
Currently deployed Balancer pools:
https://dune.com/queries/4080393
Only CSPv6 pools are pausable, currently deployed on:
- Ethereum
- Base
- Optimism
- Polygon
- Gnosis
- Arbitrum
- Avalanche
- zkEVM
Corresponding modules will be configured on the above chains
Payload:
Function: execTransaction(address to, uint256 value, bytes data, uint8 operation, uint256 safeTxGas, uint256 baseGas, uint256 gasPrice, address gasToken, address refundReceiver, bytes signatures) ***
MethodID: 0x6a761202
Risk Assessment and Testing
Before coming forward with this proposal, a rigorous internal test has been conducted.
Key Components of the Test:
- Test Environment: The test was conducted on the Sepolia testnet to simulate a scenario where Balancer core contracts are compromised, requiring an emergency response to pause vaults.
- Watchlist Creation: Hypernative created a watchlist to monitor for hacks and exploits targeting Balancer’s core contracts and associated vaults. This watchlist is dynamic, automatically updating with each new vault created.
- Vault Monitoring: Hypernative’s system automatically adds new vaults to the watchlist by monitoring transactions where new pools are added.
- Emergency Pausing Mechanism: A function to pause all vaults is integrated into the system. For the demonstration, the Sepolia contract used was 0x4c2e985ccd0125afbd92d76b6738ec0afa01011b, and this functionality is connected to Balancer’s multisig, enabling centralized oversight and triggering during emergencies.
- Scenario Simulation:
- Multiple vaults were deployed on the Sepolia testnet to simulate the operational environment.
- An event was triggered, simulating a hack or exploit targeting Balancer core contracts.
- Hypernative’s automated system detected the threat and initiated the pausing mechanism.
- Outcome:
- All vaults on the watchlist were successfully paused in a timely manner, without requiring manual intervention.
- Transaction Hash for the successful pausing: 0xf9a2d8d30cf87c2df2e2b46f679873959db118200f6662a07423ac2ef4c8ec3e
- Hypernative’s Role:
- Hypernative acted as a Keeper, with no privileges on the contracts beyond the ability to pause them.
- Hypernative Keeper Address: 0x3f2e8a2bf3237c3cb36d75e3ab8590c55e2d6f33
Technical Specification:
Balancer v2 emergency response - pausing CSPv6
Balancer wallets:
Deployed modules:
Base:
https://basescan.org/address/0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6#code
Ethereum: BalancerHelper | Address 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 | Etherscan
Polygon: BalancerHelper | Address 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 | PolygonScan
Optimism: BalancerHelper | Address 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 | OP Mainnet Etherscan
Arbitrum: https://arbiscan.io/address/0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6#code
Avalanche: https://snowtrace.io/address/0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6/contract/43114/code
Gnosis: BalancerHelper | Address 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 | GnosisScan
Mode: Mode address details for 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 | Blockscout
Fraxtal: BalancerHelper | Address 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 | Fraxscan
zkEVM: BalancerHelper | Address 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 | Polygon zkEVM
Chain | Emergency wallet | Module |
---|---|---|
Ethereum | 0xA29F61256e948F3FB707b4b3B138C5cCb9EF9888 | 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 |
Polygon | 0x3c58668054c299bE836a0bBB028Bee3aD4724846 | 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 |
Arbitrum | 0xf404C5a0c02397f0908A3524fc5eb84e68Bbe60D | 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 |
Optimism | 0xd4c87b33afcE39F1E3F4aF1ce8fFFF7241d9128B | 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 |
zkEVM | 0x79b131498355daa2cC740936fcb9A7dF76A86223 | 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 |
Avalanche | 0x308f8d3536261C32c97D2f85ddc357f5cCdF33F0 | 0x5Afa3071Fa5D3d54EeE878Ee8Bc41e9A768072B6 |
Gnosis | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 | 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 |
Base | 0x183C55A0dc7A7Da0f3581997e764D85Fd9E9f63a | 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 |
Mode | 0x66C4b8Ba38a7B57495b7D0581f25784E629516c2 | 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 |
Fraxtal | 0xC66d0Ba27b8309D27cCa70064dfb40b73DB6de9E | 0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6 |
Payloads:
- On Base: DAO emergency multisig 0x183C55A0dc7A7Da0f3581997e764D85Fd9E9f63a on Base will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Ethereum: DAO emergency multisig 0xA29F61256e948F3FB707b4b3B138C5cCb9EF9888 on Ethereum will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Polygon: DAO emergency multisig 0x3c58668054c299bE836a0bBB028Bee3aD4724846 on Polygon will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Arbitrum: DAO emergency multisig 0xf404C5a0c02397f0908A3524fc5eb84e68Bbe60D on Arbitrum will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Optimism: DAO emergency multisig 0xd4c87b33afcE39F1E3F4aF1ce8fFFF7241d9128B on Optimism will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On zkEVM: DAO emergency multisig 0x79b131498355daa2cC740936fcb9A7dF76A86223 on zkEVM will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Avalanche: DAO emergency multisig 0x308f8d3536261C32c97D2f85ddc357f5cCdF33F0 on Avalanche will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Gnosis: DAO emergency multisig 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 on Gnosis will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Mode: DAO emergency multisig 0x66C4b8Ba38a7B57495b7D0581f25784E629516c2 on Mode will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself
- On Fraxtal: DAO emergency multisig 0xC66d0Ba27b8309D27cCa70064dfb40b73DB6de9E on Fraxtal will call enableModule(0x5afa3071fa5d3d54eee878ee8bc41e9a768072b6) on itself