Badger Security Upgrades
Dec 16, 2021
On Dec. 2, 2021 Badger.com suffered an exploit where an attacker was able to inject a malicious script that farmed ERC-20 token approvals from users.
This attack is a reminder that - even as Badger’s smart contracts were not impacted - phishing attacks, Web2 vulnerabilities, and user behaviors can interact in ways that pose major security threats.
Following the attack, Badger engineers, together with world class blockchain and Web2 cybersecurity experts Mandiant, conducted a full review of our security practices, looking at everything from the smart contract layer, to the app infrastructure, to how we communicate with and educate users.
In addition, Badger is currently working with cybersecurity firm Halborn to conduct a thorough security audit of our new infrastructure.
This article gives an overview of some of the changes made, and ongoing work to ensure that the Badger platform and users are as resistant as possible to any future attack.
Web Infrastructure Security
Since the recent exploit originated through unauthorized access to our Content Delivery Network (CDN) infrastructure, Badger is relaunching the website with additional security safeguards suggested by Mandiant.
Some changes made include:
- Enforced multi-factor authentication (MFA)
- Set up notifications to core contributors and notifications via Discord webhooks to alert the usage of Workers
- Enabled DNSSEC to add a layer of security by enabling authenticated answers
- Set up WAF and OWASP rules
- Page Shield enabled and setup notifications for new domains and scripts via webhook and email
- Setup notifications for new scripts and route leaks
- Reviewed and purged old service tokens and rotated all global API keys
- Added MFA enforcement for access to configuration of DNS and other settings
- Deployment notifications: Webhook set up to alert on Discord and email on build
- MFA enabled as a requirement for the entire Github organization
- Set signed commit requirements for all sensitive repositories to prevent spoofing
- Audit logs exported and given to Mandiant for review, as well as reviewed by Badger engineers
Further Upgrades Planned Or In-Progress
- A public tool to monitor suspicious approval farming, with the ability for other projects to fork the code
- Rate limiting rules for DDoS prevention
- Discord bot to monitor exploiter transactions
- Dune Analytics dashboard to monitor and quantify funds at risk
- Decentralized frontend (Automatic deploys to IPFS)
- A ‘deploy your own frontend’ tool to use an offline frontend
- Regular automated checks for code integrity
- Approval harvesting checks
- Support for Gnosis Safe
Smart Contract Security
While Badger's smart contracts were not involved in the attack, we are continuing to follow Solidity development best practices, including:
- Partnering with some of the leading auditing firms to audit code for new functionality and features.
- A growing working group of security-minded Solidity developers who review new contracts. Each new strategy and vault is peer reviewed by two developers, before being approved by a senior developer.
- For incremental improvements collaborating on peer-reviews by trusted white hats, emerging contract security-focused DAOs, and public security auditing contests and bounties.
- Badger’s $750k bug bounty with Immunefi on smart contracts has yet to be claimed, and provides a strong incentive for white hat reporting of vulnerabilities.
By design, blockchain technology places responsibility on end users for the security of their funds. For this reason, no security audit is complete without attention to how users interact with a protocol’s contracts and support team.
As more funds flow into the crypto economy, bad actors are finding new ways to impersonate, direct users to phishing sites, and even inject malicious code directly into a protocol’s app, as we all saw in the recent hack.
For this reason, Badger is doubling down on support and education to ensure that users will have the tools to report any suspicious activity, and verify the integrity of contracts they interact with.
As a basic primer to Hot Wallet Security:
Private Key Security:
Adding funds to your Metamask means taking an act of self-custody of the keys which control your coins. Sharing your secret phrase with anyone is equivalent to sharing ownership of all tokens as well as the identity that a wallet provides. Never share your seed phrase with anyone.
Before signing a transaction, please go through the following checks:
Verifying the Contracts:
- Verify that the contract target is as expected
- Check that the contract is verified, appears in the docs of the project
- Check the source code and ensure that no common ways to rug are found
- Check that the function being called is the one expected
- Check that the parameters are the ones set in the frontend
- Verify that the Transaction Data Matches with the parameters
Badger is planning to roll out a ticket-based support system which will allow user support to integrate more closely with developers to quickly address any problems that arise. This will allow users to engage support outside of the Discord channel and allow for an archiving of support tickets moving forward.
Badger is doing everything it can to share what’s been learned from this incident with the DeFi community in the hopes that no other protocol will have to suffer a similar exploit.
If you have ideas for more security enhancements, whether at the Web2, smart contract, or user education levels, Badger wants to hear from you!
And stay safe out there, Badgers.