Badger DAO (BADGER)

From CryptoWiki

Revision as of 06:07, 6 December 2021 by wiki_crypto>Zeb.dyor (→‎Bugs/Exploits)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Basics

"Badger Finance hopes to bring BTC to DeFi and can be thought of as a “yearn for the BTC ecosystem”."

"The goal is to be the one stop app for all things Bitcoin in DeFi: mint, borrow, yield, swap, liquidity and elasticity."

History

"4 long term cryptocurrency investors and friends came together earlier this year with an idea to launch a truly community-owned ecosystem DAO that can push Bitcoin as collateral forward."

Audits & Exploits

"Four different audits have taken place in the past year, all of which are public, and have been published pre-mainnet launch.

Notes On Audit Reports:

The Zokyo audit found that BadgerDAO was very secure and well-written. The only issue that was underlined in the report was an informational language usage flag in the Badger code. Essentially, they use internal functions for modifier roles in some of their contracts, but they should just use modifiers instead. Overall, Zokyo found nothing that could actively pose a risk to the smart contracts' integrity.

The Haechi audit found several minor and informational issues for the Badger team to work on. Unfortunately, there is no indication as to what the team did to resolve them. The underlined issues include a StakingReward bug where the contract's notifyRewardAmount() function would not check if it received rewards. This could lead to higher rewards for more active stakers, and potentially no rewards for others. In the same contract, another bug includes the notifyRewardAmount() function, where users could potentially be subjected to lower rewards rates. These are the most important findings, and all the other ones touch upon the language use and how it can be optimized.

The audit performed by Defi Yield did not find any issues. Rather, the report's only recommendations were to change the Controller and Sett contracts' governance addresses to "real" governance addresses. This would imply that both of these contracts are not linked to the actual BadgerDAO governance addresses.

The Quantstamp audit report unveiled multiple issues. Several of them were of medium risk, and one of them was high risk. The issue is that most of them, including the high-risk one, are not yet resolved. The high risk issue comprises the fact that the Core Badger contract has unbounded trust in its peaks. Peaks, as defined by the Badger documentation, are any third-party integration within the protocol. The issue here is that these peak contracts are telling the Core contract how many tokens to redeem, mint, or burn without limits or any form of verification. This means that any malicious peak contract could completely mess with the overrall Badger token integrity. As this issue is yet unresolved, this poses a serious problem. All other mentionned issues are either medium, low, or of unknown risk, and mostly affect the Core contract."

  • Previously scored a 65% (29-1-2021); "Badger was released on November 28th, 2020. Badger recently released an audit from Haechi in late January. This audit is acceptable, though performed after deployment. Based on that a score of 70% is given." With the comment: "Very little on docs and testing and the audit they display on their site is worthless. They have an OK audit done, but there is no link to it on their site."

Bugs/Exploits

"$120 million taken in various forms of wBTC and ERC20. As the news of users’ addresses being drained reached Badger, the team announced they had paused the project’s smart contracts, and the malicious transactions began to fail around 2 hours 20 mins after they had begun. Rumours that the project’s Cloudflare account was compromised have been circulating, as have other security vulnerabilities. The first instance of approvals for the hacker’s address was almost two weeks ago, according to Peckshield. Anyone interacting with the platform since then, may have inadvertently approved the attacker to drain funds. The front-end was manipulated at least 12 days ago."

Governance

Admin Keys

"The access controls are clearly outlined under the security section of their website. Notes On Mutability:

The Badger Finance code is clearly upgradeable due to their use of multiple proxies, namely UpgradeabilityProxy, as well as their use of numerous external calls to third-party sourced contracts. The combination of these facilitates implementation upgrades, which is something that is essential for a DAO.

To further optimize this, the initialize() functions is used multiple times throughout the Badger contracts. This allows for an easy way to upgrade a contract, even after a deployment to the mainnet,

In addition, migration is possible due to Badger's proxy structure, which facilitates contract upgrades to newer versions. This can be seen, most notably, in the Sett V1, V3, and V4 contracts due to the imported Upgradeability contracts from the OpenZeppelin library, as well as the presence of interface contracts (Interface contracts allow external contract calls).

a) All contracts are clearly labelled as upgradeable (or not) -- 20% -- all important contracts are clearly labelled as upgradeable in a governance proposal, though not all deployed contracts are covered.

b) The type of ownership is clearly indicated (OnlyOwner / MultiSig / Defined Roles) -- 30% -- the ownership is clearly outlined in both the security section of the website and in the previous governance proposal.

c) The capabilities for change in the contracts are described -- 30% -- contract upgradeability is identified in the security pages.

The documents mentions a "guardian" capable of pausing the protocol, but there is little elaboration."

DAO

  • From their docs (11-2020):

"The Badger DAO is based on the Aragon company template. The BADGER token is the native governance token for the DAO, granting voting rights over the future direction and use of the treasury.

Badger Finance DAO uses the following Aragon Apps:

  1. Voting: Used to create and participate in votes. Votes can be linked to an action, such as minting BADGER or transferring funds, or be purely informative.
  2. Tokens: Manages the supply and distribution of BADGER.
  3. Finance: Manages the organization's financial assets, including ETH and ERC20s.
  4. Agent: Enables the organization to interact directly with any other smart contract on Ethereum. For example, adding liquidity to a Uniswap or Balancer pool."

Council of Badgers

"The Badger Community Council is a group of representatives tasked with overseeing the treasury for the Grant Program. It consists of seven members: four community members and three long-term core contributors. Council members were selected via voting by the community. Congrats to the four community members Gabrielhaines, Tritium — VLK, blackbear, and ethkey. They will work alongside our long-term core contributors Masonv, Shakeshak, and Defi Frog."

Treasury

  • All fee's go to Badger DAO treasury (1-2021).
  • From Delphi Digital (1-2021): "At the start of December its treasury is being over $120m."

Token

Launch

Token allocation

"We’ve decided to have 10% of the total supply, (2,100,000 $BADGER) allocated for founder rewards. These tokens won’t be distributed all at once. Instead, as Badger is mined by the community, a percentage of each Badger will be sent to the founder rewards wallet (of which the address will be made public). The remaining 90% is for the community and no one else."

"Badger DAO unveils an allocation of 10k BADGER to donors who participated in Gitcoin’s latest grants round."

10% to the team, 2% Gitcoin, 15% Airdrop, 35% DAO Treasury, 23% Liquidity Mining, 15% Developer Mining

Utility

  • The Badger governance token allows for voting on the forum, as well as to receive cash flows from protocol fees.
  • From DeFi Pulse (11-2-2021):

"Badger token governs the DAO including its treasury and all of its products."

  • From their blog (3-12-2020):
  1. "GOVERNANCE — The main purpose of $BADGER is to be used to govern our entire ecosystem including Sett vaults + other products, treasury and operations. This puts token holders in control of the DAO with vested interest to make it sustainable and successful.
  2. STAKE — Users can stake their $BADGER in the Badger Sett vault to earn additional $BADGER during the 8 week liquidity event and eventually shared fees that come from Setts.
  3. Liquidity- Users can add liquidity to the $BADGER<>wBTC Uniswap pool and stake those in our Sett vault to earn yield and $BADGER.
  4. Mint MEME NFTs —Next week users will be able to stake their $BADGER on Dontbuymeme.com to mint exclusive Badger + MEME NFT’s and participate in the Honey Badger Pot. Where the first person to collect all 5 NFT’s will be able to claim a pot of $BADGER rewards.
  5. HODL —Starting soon early Badger holders will have an opportunity to earn from the community $BADGER rewards pool. The ability to claim will be dependant on the amount of onchain actions they take within our ecosystem."
  • There was also an airdrop with 10% of the supply. However, many were unable to claim, even two months later (2-2021) this has not been fixed.
  • From their docs (11-2020):

"Community members that helped Badger DAO during the pre-launch phase with feedback, suggestions, guidance and operational support will be rewarded with 5% of the total $BADGER supply and 10% of the Digg supply. 30% of these rewards will be distributed at launch with the remaining 70% distributed monthly over the following 6 months."

Token Details

Stablecoin

  • Has its own stablecoin called Claw, more info below at Other Projects.

Coin Distribution

"One of the most prominent $badger supporters, @0x_b1 is rocking 4% of @BadgerDAO's $1.16bn in TVL."

Technology

Implementations

"To start our vaults will 100% auto-compound the rewards back into the underlying LP positions. This means no need to claim rewards. With the low transaction costs we can auto-compound 10-20x's more and generate much higher yield. We are going to have vaults for LP tokens of our interest bearing Badger assets only, bBadger & bDIGG, paired with the native BTC of that chain. Users will earn auto-compounding interest on their Badger & DIGG on ETH while putting it to work on other chains. This will create enormous stickiness for our vaults on ETH and bring more utility for Badger and Digg."

How it works

Fees

  • Each Sett charge fees, most notably a 20% performance fee, which contributes to the protocol’s revenue.

Upgrades

Staking

Liquidity Mining

Scaling

"BadgerDAO launches with StarkNet. This represents the 1st gas-free zkRollup AMM dedicated to tokenized Bitcoin."

Interoperability

Other Details

Oracle Method

Privacy Method

Compliance

Their Other Projects

Digg

"Badger's second product is DIGG, a rebasing Bitcoin. An elastic supply cryptocurrency that's pegged to the price of Bitcoin. Through its vault strategies Badger is attempting to stabilize the price of DIGG to be closer to its target BTC price daily."

"The Digg token has had more challenges to date in keeping its peg. The token has traded between 60% to 90% the value of BTC over the past month. The Digg token attempts to repeg to the BTC price by offering rewards for positive rebases, events that move the currency closer to peg. However, based on their monitoring dashboard, the attempts to date have not been successful. The team attributes the issues to date to the market downturn in May as the primary cause and recently extended their Rebase Mining event to take another shot at incentivizing a repeg."

Claw

"Badger’s new stablecoin. With it you could borrow the stable coin against your existing LP tokens from a vault position as they earn yield to leverage up and gain more yield. This type of added utility may help keep capital in Badger."

ibBTC

"The Interest-Bearing Bitcoin, or ibBTC, is another attempt at creating a token pegged to the Bitcoin price through a collaboration with DeFi Dollar. Unlike DIGG, the ibBTC is tied to a basket of DeFi primitives. Per its name, it is an interest bearing token, meaning holders can natively earn interest in the form of rewards earned by farming CRV and Badger. The token is also expanding onto chains other than Ethereum."

Setts

  • From Delphi Digital (1-2021):

"Similar to Yearn’s vaults, Setts function as automated DeFi aggregators focused on tokenized BTC assets. The longer users stake in Setts, the bigger the multiplier rewards are."

Roadmap

  • Can be found [Insert link here].

Usage

Projects that use or built on it

Competition

Pros and Cons

Pros

Cons

Team, Funding, Partners

Team

Funding

"Polychain Capital, Parafi Capital, Blockchain Capital, and @0x_b1 have purchased $21 million in assets from Badger's treasury."

Partners 

"The Badger DAO plans to collaborate with Pickle to cook up better yields for tokenized BTC primarily through our Sett product, Badger’s yield aggregator. With that, we hope to increase the governance reach and rewards incentives of the Pickle community that may intermingle with the Badgers."

  • Is a Ren Alliance Member (28-1-2021). Badger became the first Greycore member to spin up a node for Ren (13-9-2021).
  • Badger started a partnership with yEarn to create better vault strategies. yEarn also "allocated 15% of our total supply to the Badger developer mining program (Currently valued at $258M)." They also started linking multiple aspects of their protocols together.