Hypernative - Status Update - June 30, 2024

The following is a description of the work stream between Hypernative and Balancer teams over the course of the last few months based on Snapshot

Due to the nature of security work, some of the areas are described at a high level and the relevant details are kept private with the specific teams in Balancer.

Hypernative provides a robust platform to continuously monitor every on-chain interaction across all the chains Hypernative operates and a big component of the above proposal was for an account in Hypernative SaaS system and the creation of monitoring and reaction security plan.

The following items were achieved in the last few months:

1. On chain threat and operational monitoring

• Open an account in Hypernative platform for the relevant team members

• Create an operational monitoring

  1. Add Balancer core contracts for out-of-box anomaly detections

  2. Hacks/exploits detections and abnormal behaviors

  3. Create custom monitoring for operational/security and performance monitoring

     • Multisis and wallets
     • Permissions and roles
     • Fees distribution
     • Keepers behavior
     • Related Bridges
     • 3rd-party contracts
     • Related projects monitoring

• Support new chains for Balancer per demand

  • Fraxtal, Mode, Blast, Polygon zkEVM, Polygon, Fantom

2. Address screening support (Compliance)

• Undergo a compliance check by a 3rd-party assigned from Balancer for BVI regulations
• Replace TRM for the frontend address screening

3. Security related monitoring

• Monitor problematic tokens and alert
• Security specific monitoring based on internal team input

4. Phishing and scamming help

• Investigate various complaints and community reports about phishing/scamming related to Balancer

5. Hypernative to join Balancer emergency multisig

Future streams in the next months:

1. Oracle performance monitoring

2. New initiatives for Balancer

3. Frontend monitoring

   • Leverage tests to simulate and detect attacks related to Balancer V3 web application like: DNS hijacks/compromised plugins or backends/BGP attacks/etc

4. Review of V3 off-chain operational security procedures in as described in the approved proposal

5. War game simulation to test incident response across teams

6. Help with bug bounty program and with fraud/phishing/scamming reports

I want to emphasize that the Maxis greatly value the professional work relation with Hypernative. They have been very responsive, provide expert insights and are very helpful throughout their SP engagement. Thanks a lot!