Badger DAO

Badger DAO is an open-source, decentralized automated organization that is dedicated to building products and infrastructure of simplifying the use of Bitcoin (BTC) as collateral across many smart contract platforms.

The platform is a shared space where the developers, known as Badge Builders, have the ability to collaborate and implement Bitcoin as collateral to as many blockchains as possible. A developer can earn a percentage of the fees and BADGER tokens from the developer mining pool for every implementation. The mainnet was launched on December 3, 2020.

A builder can be a single developer, a group of developers, or even a company. There are no fixed obligations to participation requirements, and anyone can create. The pillars of Badger DAO include the Badger Builders, the community-created products, the Dedicated Badger Operations team, the fairly initial distribution of the BADGER tokens for governance and the fact that all of the code is open-sourced.

Badger DAO has two main products: Sett and DIGG. Badger DAO is a community-driven project; as such, before any products are developed they first need to be pitched to, voted on and approved by token holders.

Sett is a decentralized finance (DeFi) aggregator that has flash loan mitigation measures focused on tokenized BTC through five strategies. Once a user makes a deposit, they can earn a yield as the protocol’s smart contract does the work.

In order to incentivize this participation, farmers that deposit tokenized BTC into the Sett vault earn BADGER and DIGG. Aside from a 0.5% fee, an additional 4.5% is deducted from the profits to cover gas and transaction costs.

DIGG is a non-custodial synthetic Bitcoin on Ethereum’s blockchain that is pegged to the price of BTC with a flexible supply and a re-base function. Its main goal is to remove centralized third parties.

How Is the Badger DAO Network Secured?

Badger DAO has passed the initial audit of its smart contracts by the Zokyo audit team with no critical issues found.

Badger DAO has established a security advisory committee that is composed of white hat hackers that regularly review the project’s ecosystem. Badger DAO also has plans to develop incentives that will reward public peer reviewers and to launch a bug bounty program.

As a result of bringing together four long-term cryptocurrency investors and friends at the start of this, the idea was to launch a truly community-owned DAO ecosystem that can promote bitcoin as collateral.”

Zokyo's research and testing has shown BadgerDAO to be very secure and well written. There is one issue that was highlighted in the report, and that is the informational language flag in the Badger code. Basically, they use internal functions for modifier roles in some of their contracts, but they should just use modifiers instead. In general, Zokyo has not found anything that could actively pose a threat to the integrity of smart contracts.

After the Haechi audit, several minor and informational issues have been identified that the Badger team needs to work on. But it is not specified what the team did to solve these problems. Highlighted issues include a StakingReward bug that caused the contract's notifyRewardAmount() function to not check if the reward has been received. This may result in higher rewards for more active members and possibly no rewards for others. There is another bug in the same contract related to the notifyRewardAmount() function that could potentially expose users to lower reward rates. These are the main conclusions, and all the rest are about the use of the language and how it can be optimized.

The audit conducted by Defi Yield did not reveal any problems. There were only recommendations - in the report there was a change in the control addresses of the Controller and Sett contracts to "real" control addresses. This means that both of these contracts are not related to the actual management addresses of the BadgerDAO.

A review by Quantstamp revealed several issues. Several of them were medium risk and one was high risk. The bottom line is that most of them, including high-risk ones, have not yet been resolved. The high risk issue is that the Core Badger contract has unlimited trust in its picks.

Peaks are any third-party integration into a protocol. The problem here is that these peak contracts tell the base contract how many tokens to redeem, mint or burn without limits or any form of verification. This means that any malicious spike contract could completely break the overall integrity of the Badger token. Since this issue has not yet been resolved, this poses a serious problem. All other issues mentioned are medium, low or unknown risk and mostly affect the underlying contract.”

The initialize() functions are used several times in Badger contracts to improve upon. This makes it easy to update the contract even after a mainnet deployment. The Badger Finance code is clearly upgradable due to the use of multiple proxies, namely UpgradeabilityProxy, and their use of multiple external third party contract calls. Their combination makes it easy to update the implementation, which is very important for DAO.

Migration is possible thanks to the Badger proxy framework, which makes it easy to update the contract to newer versions. This can be seen primarily in the Sett contracts V1, V3 and V4 due to the imported Upgradeability contracts from the OpenZeppelin library, as well as the presence of interface contracts (interface contracts allow external contracts to be called).