Service Provider Name: Hypernative
Leaders: Gal Sagie, Dan Caspi, Andrey Dulkin
Pledge to abide by [BIP-702]
Balancer DAO Service Provider & Grantee Standards:* Yes
Introduction and Domains of Operation
The proposal aims to renew Hypernative’s security services to Balancer DAO and provide additional Hypernative platform monitoring features, with a focus on enhancing protocol resiliency, strengthening security operations, and reducing the risk of hacks, exploits, fund losses, and catastrophic events, all while fostering long-term sustainable growth.
Building on the work accomplished over the past year, this proposal will prioritize the following components:
- V2 on-chain monitoring and prevention and continuous assessment of security posture + incident response
- Cayman/BVI, UK, EU and OFAC sanctions compliance checks to the Balancer dApp
- Frontend monitoring for Balancer V3
The component’s full description, deliverables, and planned timeline are specified within each component below.
The Proposal Motivation
There are many security tasks, processes and incident handling that need to be augmented for a protocol like Balancer.
The idea of this proposal is to provide virtual CISO (Chief Information security officer) services to augment Balancer infosec and on-chain/off-chain security postures by leveraging Hypernative’s in-house expertise and network of connections.
The proposal will outline the responsibilities addressed and handled which will be organized and advised by Hypernative but carried and implemented fully by a combination of Hypernative and the DAO.
Balancer + Hypernative
The Hypernative team has been an instrumental helper in the last security incidents that Balancer has undergone, both from helping with automated tracking of the hacks and stolen funds movement, communication with external entities like exchanges/partners and helping with the war room and bringing the relevant help to the table.
We believe that Balancer and Hypernative can together create a new standard of security program that will emphasize the DAO commitment for its users and the security of their funds.
The Proposal Details:
1. V2 on-chain monitoring and prevention and continuous assessment of security posture + incident response
-
Objective: Protocol Security Alerts
-
Key Results:
- Leverage Hypernative zero-day detection modules to detect threat and alert in real time on security incidents related to or directed at Balancer contracts
-
Objective: Multisig monitoring
-
Key Results:
-
Monitor ownership changes for the multisig
-
Monitor multisig configuration changes
-
Monitor for transactions initiated in the Safe - upon initiation, prior to execution
-
monitoring for every transaction executed using the DAO Multisig
-
Objective: Monitor protocol treasury and wallets
-
Key Results:
-
Monitor large transfers or movements of funds from protocol treasury
-
Pre transaction API that can simulate a transaction outcome before applying it on-chain
-
Objective: Governance monitoring
-
Key Results:
- Monitor Governance token holders
-
Monitor government token transfers
-
Alert on governance token concentration
-
Governance proposal review
- Review proposals from security point of view and add relevant alerts
-
Objective: Monitor Balancer Ecosystem Projects
-
Key Results:
-
Use Hypernative system to model specific monitoring for Balancer based projects
-
Provide ecosystem-wide threat intelligence to detect and respond to any malicious activity on ecosystem projects, including hacks, exploits, phishing, scams, and rug pulls.
-
Objective: D. Incident Response
-
Key Results:
- Identify root cause(s) and suggest remedies/repairs and communication
- War room management and connection with community volunteering help and Balancer team members
- Connection to and management of vendors and network of contacts (Circle, Bridges, Chainalysis, Chain security teams, etc) to help with recovery of stolen funds and post incident help to the DAO
- Community communications and post mortem
- Creating best practices based on historical incidents and creating playbooks with the learning
Value Proposition:
- Enhancing protocol resiliency, strengthening security operations, and reducing the risk of hacks, exploits, fund losses, and catastrophic events, all while fostering long-term sustainable growth.
- Dependencies: BLabs and Eco-Council
- Timeline: continue from last year
- Standalone Price: $60,000 USDC yearly
Objective: Cayman/BVI, UK, EU and OFAC sanctions compliance checks to the Balancer dApp
Balancer will leverage Hypernative’s compliance tool to check the
reputation of addresses interacting with the Balancer dApp across
multiple chains. This will include identifying sanctions, involvement in
hacks and exploits, interactions with mixers, and more. Up to 250K annual
API calls.
By leveraging Hypernative Screener, the Balancer team will ensure compliance with regulatory requirements by avoiding interactions with illicit addresses.
Timeline: continue from last year
Standalone Price: $20,000 USDC yearly
Objective: Balancer V3 continuous front-end monitoring and protection
-
Key Results:
- Detect Web application security incidents like DNS hijacks, DNS provider compromises, compromised plugins and backends
- Provide real time alerts on any suspicious change to the web application
- Related examples that could have been early detected using the suggested frontend monitoring:
- Balancer DNS attack, September, 2023
- Ledger Connect compromised javascript library, December 2023
- Velodrome DNS attacks, November and December 2023
- Trader Joe’s compromised plugins attack, November 2023
- BadgerDAO
- Convex Finance
Value Proposition:
- Deploy frontend monitoring to prevent the Balancer web app from frontend attacks and create specific tests for Balancer front end application
- Continuously re-assess and help to analyze operational security posture and provide real time help with any needed task to create more guardrails and monitor for operational risks
- Hypernative will manage the backlog of open risks findings in secured shared space with the relevant BLabs teams and will track the resolution of the risk or the roadmap/planning
- Including providing suggestions of possible fixes
- Dependencies: Hypernative will own development process completely and will agree with BLabs frontend team on mitigation processes
- Timeline: Service year start upon request from BLabs when V3 frontend is ready
- Standalone Price: $15,000 USDC yearly
Package Overview
| Package | Standalone Price |
|---|---|
| Hypernative Security Platform Advanced Package | $69,000 |
| Incident Response | $15,000 |
| Compliance Checks | $35,000 |
| Total | $119,000 |
| Discount Price | $80,000 |
The price increase from the previous year is due to the addition of compliance checks. The Balancer team started using our OFAC compliance checks in May last year, but we did not charge for them.
Technical Specification
The Balancer DAO multi-sig 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f will interact with USDC at 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 by writing transfer, passing 0x5CA24e2A586834A7B96216D68b26A82405e3DC15 as recipient and the amount 80000 as 80000000000.