[BIP-545] Funding Hypernative Security Program for Balancer

This proposal's description has been partially trimmed to fit.

The full proposal text can be found on the Balancer proposal: https://snapshot.org/#/balancer.eth/proposal/0x58e317ba908ee8e75bf0c32c7b45eccdefa948ba46d00b112508fc9783a40cdc

PR with Payload

https://github.com/BalancerMaxis/multisig-ops/pull/794

Service Provider Name: Hypernative

Leader(s): Gal Sagie, Dan Caspi, Andrey Dulkin, Vazi

Pledge to abide by the DAO's Code of Conduct (or link to your own): Yes

Pledge to abide by the Accountability Guidelines: Yes

Domains of Operation: Web3 Security, InfoSec/OpSec and on/off chain security

Key Objectives & Success Metrics:

Summary

The proposal aims to extend Hypernative's security advisory services to Balancer DAO and provide additional Hypernative platform monitoring features, with a focus on enhancing protocol resiliency, strengthening security operations, and reducing the risk of hacks, exploits, fund losses, and catastrophic events, all while fostering long-term sustainable growth.

Building on the work accomplished over the past three months, this proposal will prioritize the following components:

1. Improve and enhance the findings based on Hypernative security assessment and report to create more guardrails and monitoring of risks a. Continuous re-asses and help consult on any operational security aspects
2. Build and deploy an incident response plan and operate as needed
3. Deploy frontend monitoring
4. Deploy on-chain monitoring

The component full description, deliverables, and planned timeline are specified within each component below.

A quarterly report will be submitted to the DAO to outline the outcomes of each quarter and to present plans for the next quarter

The request is to approve a $60,000 USDC yearly budget paid quarterly. for the following sections as a unified package

Results

Over the past 3 months Hypernative acted as a security advisor to Balancer DAO, and provided a threat assessment report across the below verticals:

1. DeFi Safety Report:

2. The team assessed the main weaknesses identified in the latest DeFiSafety report. Reviewed and provided recommendations where needed in the following categories: 1.Team responsiveness 2. Audit matrix applicability 3. Protocol Architecture Documentation 4. Signing Policy Monitoring

3. Monitoring & Prevention - mapped the current monitoring and prevention solutions used for on-chain monitoring, infrastructure, multisig monitoring, and frontend monitoring.

4. Emergency Procedures - reviewed and provided recommendations for emergency procedures, including permissions and response guidelines.

5. Access Controls- mapped each permission and its owner, including multisig/permissioned calls, DNS, and frontend.

6. GitHub - mapped architecture, contracts, deployment flow, organization review (using admin permissions) and roles.

7. AWS - mapped organization review using admin permissions

8. Socials- reviewed Balancer Discord and Twitter configurations, member permissions, and security setup and provided recommendations and best practices to enhance security and achieve a higher level of security

9. Signing Policy - reviewed multisig management, multisig roles, the structure for executing proposals, and provided best practices recommendations.

10. Incident Response- suggested various incident response plans and workflows, including:

11. Assigning relevant stakeholders for internal incident handling plans.

12. Developing incident response plan playbooks for different types of incidents.

Proposal

The Proposal Motivation

There are many security tasks, processes and incident handling that need to be augmented in a protocol like Balancer.

The idea of this proposal is to provide a virtual CISO (Chief Information security officer) services to augment Balancer infosec and on-chain/off-chain security postures by leveraging Hypernative in-house expertise and network of connections.

The proposal will outline the responsibilities addressed and handled which will be organized and advised by Hypernative but carried and implemented fully by a combination of Hypernative and the DAO.

Balancer + Hypernative

Hypernative team has been an instrumental helper in the last security incidents that Balancer has undergone, both from helping with automated tracking of the hacks and stolen funds movement, communication with external entities like exchanges/Chainalysis and helping with the war room and bringing the relevant help to the table.

We believe that Balancer and Hypernative can together create a new standard of security program that will emphasize the DAO commitment for its users and the security of their funds.

The Proposal Details

1. Continue Hypernative operational security advisory plan

• Fix and enhance the findings based on Hypernative security assessment and report per need

• Continuously re-asses and help to analyze operational security posture and provide real time help with any needed task to create more guardrails and monitoring for operational risks

• Hypernative will manage the backlog of open risks findings in secured shared space with the relevant BLabs teams and will track the resolution of the risk or the roadmap/planning

  1. Including providing suggestions of possible fixes

Deliverable: Harden infrastructure based on risk findings and provide continuous support for new security operations, suggestions and vendor assessments Dependencies: BLabs Timeline: Starts after approval Standalone Price : $15,000 USDC yearly

2. Build and deploy incident response plan and operate it on a per need basis

Offer:

• Identify root cause(s) and suggest remedies / repairs and communication
• War room management and connection with community volunteering help and Balancer team members
• Connection to and management of vendors and network of contacts (Circle, Bridges, Chainalysis, Chain security teams, etc) to help with recovery of stolen funds and post incident help to the DAO
• Community communications and post mortem
• Creating best practices based on historical incidents and create playbooks with the learning

Deliverable: Build an internal incident handling plan and assign relevant stakeholders. Provide real-time support to the Balancer team during any incident. Balancer team members will be needed to allocate time and focus to ensure the successful implementation of the incident response plan. Dependencies: BLabs and Eco-Council Time: The proposal includes a time bank of 160 hours across the year as needed + $200 hourly rate for any additional hours per need Timeline: Starts after approval Standalone Price: $10,000 USDC yearly

3. Frontend monitoring:

Offer:

• Detect Web application security incidents like DNS hijacks, DNS provider compromises, compromised plugins and backends
• Provide real time alerts on any suspicious change to the web application
• Related examples that could have been early detected using the suggested frontend monitoring:
  • Balancer DNS attack, September, 2023
  • Ledger Connect compromised javascript library, December 2023
  • Velodrome DNS attacks, November and December 2023
  • Trader Joe’s compromised plugins attack, November 2023
  • BadgerDAO
  • Convex Finance

Deliverable : Deploy frontend monitoring to prevent the Balancer web app from frontend attacks and create specific tests for Balancer front end application Dependencies: Hypernative will own development process completely and will agree with BLabs frontend team on mitigation processes Timeline: Service year start upon request from BLabs when V3 frontend is ready Standalone Price : $15,000 USDC

---

4. On-Chain monitoring and prevention automation

Offer:

• Reviewing security framework and response procedure, assigning a

contact person for various events

• Set standard operational procedure (response & contact points) on category of events and time-sensitivity for any security or operational case

• Balancer V3 - understand and create pre-incident measures to mitigate risk and react in time (pause contracts, limit/cap protocol, blacklist addresses, move funds to a safe/vault for emergency etc.)

• Protocol Security Alerts

  • Leverage Hypernative zero-day detection modules to detect threat and alert in real time on security incidents related to or directed at Balancer contracts

• Multisig monitoring

• Monitor ownership changes for the multisig

• Monitor multisig configuration changes

• Monitor for transactions initiated in the Safe - upon initiation, prior to execution

• monitoring for every transaction executed using the DAO Multisig

• Monitor protocol treasury and wallets

• Monitor large transfers or movements of funds from protocol treasury

• Governance monitoring

  • Monitor Governance token holders

• Monitor government token transfers

• Alert on governance token concentration

• Governance proposal review

  • Review proposals from security point of view and add relevant alerts

• Phishing and Scamming Detection

  • On-chain detection

• Detect phishing campaigns targeted at Balancer token holders and provide alerts to warn the community

• Monitor Balancer Ecosystem Projects

• Use Hypernative system to model specific monitoring for Balancer based projects

• Provide ecosystem-wide threat intelligence to detect and respond to any malicious activity on ecosystem projects, including hacks, exploits, phishing, scams, and rug pulls.

Deliverable: Deploy Hypernative on-chain monitoring and prevention platform, all the above features are supported as part of the platform already. Hypernative team will create security playbook plans with the BLabs team to define the reaction’s (automated or manua...