Cryptocurrency attributes
Other attributes
"4 long term cryptocurrency investors and friends came together earlier this year with an idea to launch a truly community-owned ecosystem DAO that can push Bitcoin as collateral forward."
The Zokyo audit found that BadgerDAO was very secure and well-written. The only issue that was underlined in the report was an informational language usage flag in the Badger code. Essentially, they use internal functions for modifier roles in some of their contracts, but they should just use modifiers instead. Overall, Zokyo found nothing that could actively pose a risk to the smart contracts' integrity.
The Haechi audit found several minor and informational issues for the Badger team to work on. Unfortunately, there is no indication as to what the team did to resolve them. The underlined issues include a StakingReward bug where the contract's notifyRewardAmount() function would not check if it received rewards. This could lead to higher rewards for more active stakers, and potentially no rewards for others. In the same contract, another bug includes the notifyRewardAmount() function, where users could potentially be subjected to lower rewards rates. These are the most important findings, and all the other ones touch upon the language use and how it can be optimized.
The audit performed by Defi Yield did not find any issues. Rather, the report's only recommendations were to change the Controller and Sett contracts' governance addresses to "real" governance addresses. This would imply that both of these contracts are not linked to the actual BadgerDAO governance addresses.
The Quantstamp audit report unveiled multiple issues. Several of them were of medium risk, and one of them was high risk. The issue is that most of them, including the high-risk one, are not yet resolved. The high risk issue comprises the fact that the Core Badger contract has unbounded trust in its peaks. Peaks, as defined by the Badger documentation, are any third-party integration within the protocol. The issue here is that these peak contracts are telling the Core contract how many tokens to redeem, mint, or burn without limits or any form of verification. This means that any malicious peak contract could completely mess with the overrall Badger token integrity. As this issue is yet unresolved, this poses a serious problem. All other mentionned issues are either medium, low, or of unknown risk, and mostly affect the Core contract."
The Badger Finance code is clearly upgradeable due to their use of multiple proxies, namely UpgradeabilityProxy, as well as their use of numerous external calls to third-party sourced contracts. The combination of these facilitates implementation upgrades, which is something that is essential for a DAO.
To further optimize this, the initialize() functions is used multiple times throughout the Badger contracts. This allows for an easy way to upgrade a contract, even after a deployment to the mainnet.
In addition, migration is possible due to Badger's proxy structure, which facilitates contract upgrades to newer versions. This can be seen, most notably, in the Sett V1, V3, and V4 contracts due to the imported Upgradeability contracts from the OpenZeppelin library, as well as the presence of interface contracts (Interface contracts allow external contract calls).
