Hi Everyone, 
Please see below our risk assessment for BADGER. We look forward to hearing your thoughts in the comment section.
General
Badger DAO is focused on building the products and infrastructure necessary to accelerate the growth of Bitcoin in DeFi across multiple blockchains.
Badger DAO is governed by the BADGER token, which is non-upgradeable with the added utility of boosting user returns when deposited into the protocol’s vaults. BADGER liquidity is spread across multiple networks which can be redeemed from the respective bridge deposit contract. The table below summarizes the key details for the BADGER token at the time of publication:
Note:
- Liquidity Pools and Bridge Contracts are counted as one address
The BADGER token on Arbitrum, Fantom and Polygon represents a claim on BADGER deposited into the Ethereum to Arbitrum One: L1 ERC20 Gateway, Multichain: Fantom Bridge and Polygon (Matic): ERC20 Bridge contracts.
BADGER: $3.61 | Badger (BADGER) Token Tracker | Etherscan
Oracle: BADGER/USD: 0x66a47b7206130e6ff64854ef0e1edfa237e65339
BADGER/ETH: 0x58921ac140522867bf50b9e009599da0ca4a2379
# BADGER Smart Contract Risk
Badger has been audited by Quantstamp, Code4rena and has a bug bounty program on Immunefi.
Quantstamp’s audit was related to the reward manager on the Badger protocol, not the BADGER token. Moreover, all high and medium findings have been fixed as shown below.
“Following the re-audit, reported issues have been fixed or acknowledged. We found the Badger team to be responsive and cooperative regarding the recommendations made by the auditors”.
The Code4rena audit was about the vested Aura contracts. All high and medium findings have been fixed and were not related to the BADGER token.
Badger also launched a $750K bug bounty program on the 8th January 2021 which is still ongoing to this day. The details of the program can be found here.
BADGER Counterparty Risk
BADGER token is an ERC-20. The contract is a MiniMe token, not upgradable with balances checkpoint functionality, and the functions are defined here.
The controller contract is upgradeable via governance using a 2 day timelock and is owned by the Badger Dev Multisig (dev.badgerdao.eth), which is governed by 3/5 signers remaining anonymous but having proven their commitment in the past.
Aragon Minime contracts have a contract owner which controls the various active functions over the BADGER token. The below summarizes the statues of each function:
Controller Contract: 0xB65cef03b9B89f99517643226d76e286ee999e77
This contract is a Gnosis Safe, 3 of 5 signers required to process a transaction.
- Generate: Enabled - generateTokens(address_owner, unit _ amount)
- Destroy: Enabled - destroyTokens(address _owner, unit _amount)
- Safety Methods: Enabled - claimTokens(address _Token) Extracts tokens mistakenly sent tokens
- Transfer: Enabled - transferFrom(address _from, address _to, unit256 _amount)
- The controller of this contract can move tokens around at will.
- Safety Methods: Enabled - claimTokens(address _token)
- This method can be used by the controller to extract mistakenly sent tokens.
On the Controller Contract, ownership can be transferred by changeController(address _newcontroller). Setting this to 0x00 address effectively burns controls of the contract.
Reference: GitHub - aragon/minime: Minime Token
Llama recommends increasing the threshold to a 5/9 multisig, potentially including proven community members elected by the Badger DAO, and identifying signers if possible.
The Badger protocol also owns an important part of the token liquidity on the Treasury Multisig (treasuryvault.badgerdao.eth) which is governed by 5/13 signers partially voted on by the DAO and partially by anonymous members of the internal technical team.
Llama recommends increasing the threshold to a 8/13 multisig, and identifying signers if possible.
Finally, the DAO is holding part of its treasury on the payment multisig used (0x30a9c1D258F6c2D23005e6450E72bDD42C541105), including 0.94% of the Badger total supply and a several other assets used to pay for DAO expenses. This multisig is governed by 3/7 anonymous members of the technical team.
Llama recommends increasing the threshold to a 5/9 multisig, potentially including proven community members elected by the Badger DAO, and identifying signers if possible.
The other Badger multisigs are for operational use, and don’t present any risks for the Aave protocol:
-
Techops.badgerdao.eth: DAO controller, used for rewards management (3/7 anonymous)
-
Treasuryops.badgerdao.eth: Treasury yield & Protocol fees management (3/8 anonymous)
-
Treasuryvoter.badgerdao.eth: Holding bveCVX + vlAURA and execute voteing weights (5/13 anonymous)
-
ibbtc.badgerdao.eth: Multisig used to claim yield to be redistributed, and managed by 3/6 anonymous members of the technical team.
As these multisigs have no risks over the Aave protocol and concern the Badger internal protocol use, no recommendation regarding these multisigs will be made in this proposal.
However, Llama recommends updating the documentation to show all of these multisigs and remove the deprecated ones, and the function details for all contracts.
BADGER Market Risks:
Oracle risks:
Considering that the BADGER token uses Chainlink oracles and that we suggest to disable borrowing, the risks are very limited.
Liquidity & POL breakdown on Ethereum network (Last Update: 09/02/23):
Note: Badger DAO currently holds 24.97% of the liquidity available on the BADGER token as Protocol Owned Liquidity (UniV3 Positions out of range are not taken into account)
Volatility Parameters
| Parameter | Value |
|---|---|
| 30 Day Average Daily Volume | 5,270,788.15 |
| 60 Day Average Daily Volume | 3,978,681.51 |
| 90 Day Average Daily Volume | 3,927,808.59 |
Risk Parameters
Considering the current liquidity and following the BGD Aave V3 Listing technical parameters, Llama suggests the following risk parameters and welcomes feedback from Gauntlet and Chaos to amend these prior to performing a Snapshot.
Our thoughts are to list BADGER in isolation mode with a SupplyCap and BorrowCap based upon the daily trading volume range.
Supply Cap = Number of BADGER tokens sold to move the price by 25% using Gauntlets Conservative Supply Cap framework
Borrow Cap = 10% Daily Trading Volume over a 60 day using Coin Gecko as a data source using Choas Lab’s methodology for enabling borrowing on MaticX
| Risk Parameters Category | Value |
|---|---|
| Isolation Mode | Yes |
| Collateral | Yes |
| Borrowing | Yes |
| LTV | 45% |
| Liquidation Threshold | 60% |
| Liquidation Penalty | 10% |
| Reserve Factor | 25% |
| Liquidation Protocol Fee | NA |
| Debt Ceiling | NA |
| Supply Cap | 965k units |
| Borrow Cap | 121k units |
| Variable Base | 0 |
| Variable Slope1 | 7% |
| Variable Slope2 | 300% |
| Upotimal | 45% |
| Stable Borrowing | Disabled |
| Stable Slope1 | 2% |
| Stable Slope2 | 300% |
| Base Stable Rate Offset | 2% |
| Stable Rate Excess Offset | 5% |
| Optimal Stable To Total Debt Ratio | 20% |