Welcome back for issue 54 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen. 

This week we cover the recent BadgerDAO token approval and front end exploit, plus quick ecosystem updates!

We also have a small request for our readers - Tally is working to create solutions for DAOs’ greatest challenges. We would greatly appreciate your help filling out this short survey https://bit.ly/3DeFT7Y (the survey closes on December 15) so that we have a better understanding of the DAO problem space. 

BadgerDAO Faces Huge Losses From User Interface Exploit

TL;DR: Malicious token approvals added to the BadgerDAO user interface have caused roughly $100 million in losses.

While most defi exploits have centered on faulty smart contracts or oracle issues, yesterday’s BadgerDAO hack represented an uncommon and potentially more troublesome form of attack.

₿adgerDAO 🦡 @BadgerDAO

Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible.

4:32 AM ∙ Dec 2, 2021

---

367Likes149Retweets

While details are still emerging, it appears that the BadgerDAO front end was taken over by a malicious actor within the past few days or weeks. The attacker was able to add malicious token approval transactions to users’ web interactions, allowing the attacker’s contract to remove tokens or deposits directly from victims’ wallets. Yesterday, the scheme was revealed when the attacker began to execute fraudulent transfers.

Spreek @spreekaway

FYI, nasty frontend attack on Badger, looks like ~10m taken out of people's wallets using rug approval. If you've interacted with anything badger related in last few weeks, check and revoke asap

Max Block (🏰,🏰) @fewture

Go to https://t.co/nXcY9JZBLA or your favorite approvals site and see if you gave approval to 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107 If so, revoke immediately. It exploit $BADGER

3:58 AM ∙ Dec 2, 2021

---

247Likes100Retweets

While initial reports put losses around $10 million, which is well within the BadgerDAO treasury’s capacity, it now appears that roughly $100 million was taken (including $50 million from a single user). 

PeckShield Inc. @peckshield

One most affected user (w/ the loss of ~900 BTC): 0x53461e4fddcc1385f1256ae24ce3505be664f249. And here is the transfer-out tx: 😭etherscan.io/tx/0x951babddd…

6:32 AM ∙ Dec 2, 2021

---

124Likes24Retweets

Front end approval attacks can be particularly troublesome, as unaware users can have assets stolen from their wallet weeks or months later if they unknowingly transfer in more funds. To avoid further losses, any users who have interacted with BargerDAO’s website should use a token approval checker to remove any potential approvals to the malicious contract (0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107).

state @statelayer

This @BadgerDAO frontend hijack so brutal. The painful part with approvals hack is that losses can continue for a long time when people move funds back to one of their wallets that has the malicious contract approved. :/

Spreek @spreekaway

seems $10m was unfortunately too low an estimate, closer to $100m. one person alone lost 896 BTC...

7:04 AM ∙ Dec 2, 2021

---

127Likes10Retweets

This mirrors a similar exploit on token approvals to Zapper’s front end, which has continued to cause sporadic user losses even months later. It also bears similarity to the attack on Sushiswap’s Miso auction platform, where the auction recipient address was swapped for an attacker address via a user interface attack.

Nexus Mutual 🐢 @NexusMutual

🚨 BadgerDAO Loss Event 🚨 We’re waiting for full details from the BadgerDAO team, but this appears to be a frontend attack. If this is confirmed as a frontend attack, BadgerDAO’s smart contracts were not impacted & this would not be a covered event. ⬇️

₿adgerDAO 🦡 @BadgerDAO

Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible.

1:16 PM ∙ Dec 2, 2021

---

107Likes32Retweets

Because this attack didn’t compromise Badger smart contracts, most defi insurance products would not cover resulting losses. From a user’s perspective, the only way to protect against these attacks is verifying contract addresses and approvals via metamask or hardware wallet prompts. Until this verification process becomes more intuitive and widespread, we’ll likely continue to see these types of UI issues.

In Brief: 

• Uniswap voting on consensus check poll to offer liquidity incentives on Arbitrum and Optimism L2 platforms:

zkLito @litocoen

I have re-submitted the proposal for @Uniswap to incentivize liquidity on L2, this time for Stage II of the governance process. As such, the proposal is much more concrete laying out all the details of the liquidity mining such as length, no. of assets and how to reward 👇

3:49 PM ∙ Nov 30, 2021

---

365Likes84Retweets

• GFX Labs faces reservations over request for $3 million arranger fee for Fei / Rari merger:

GFX Labs @labsGFX

Here are our answers to several questions we have seen over the last 24 hours. Please continue to post comments/questions/concerns, and we’ll do our best to answer them. tribe.fei.money/t/fei-rari-tok…

forums.rari.capitalFeiRari Token Merge - Rari Governance ForumsThe home for all discussions about governing Rari Capital.

3:29 AM ∙ Dec 1, 2021

---

1Like1Retweet

• Rari developer t11 releases tool for automatic “no” voting in Compound and OpenZeppelin based DAOs:

t11s @transmissions11

ok so i built & deployed a contract to do this lol delegate your governance tokens to ✨ voteNo.eth ✨ and they'll only be able to vote NO on gov proposals works with most governance contracts including Uniswap, Compound, and ENS ✌️ etherscan.io/address/voteNo…

brock🌱 @brockjelmore

@transmissions11 i want to get no.eth, get a bunch of people to delegate to me for every protocol and just vote no regardless of the proposal

4:57 AM ∙ Dec 1, 2021

---

334Likes40Retweets

• OlympusDAO transitions to on-chain governance mechanism gOHM:

OlympusDAO 🕊 @OlympusDAO

gOHM is live and Proteus is upon us! In preparation for our launch tomorrow on @avalancheavax w/ @traderjoe_xyz We present to you an Olympus thread on what gOHM is, why it’s important for the Olympus ecosystem and how to acquire it. 🧵👇

8:02 PM ∙ Nov 29, 2021

---

1,413Likes367Retweets

• OHM fork Lobis receives whitelisting approval to stake FXS within Frax protocol governance, potentially mirroring Convex finance’s influence within Curve:

LobisHQ @LobisHQ

Lobis is officially the first whitelisted protocol on @fraxfinance 🤝 Together we have also: - established a runway of 300+ days - increased treasury by 300% - sponsored multiple dao initiatives - created a community of 5000 all in the first week. snapshot.org/#/frax.eth/pro…

2:10 PM ∙ Nov 30, 2021

---

79Likes17Retweets

• BasketDAO arranges to close protocol and transition assets to a competitor:

BasketDAO @BasketDAOOrg

1/ A bit of an update. We are currently in talks with another large index protocol about a migration of BDI and BMI tvl, and corresponding compensation for BASK holders.

1:54 PM ∙ Nov 29, 2021

---

9Likes2Retweets

• ENS DAO votes in support of supplemental airdrop for users mistakenly left out of token distribution:

nick.eth @nicksdjohnson

Delegates! A new vote is now live on Snapshot for the @ensdomains DAO; this one is a proposal to send an additional ~213k $ENS from the DAO treasury to users who missed out on the 2x multiplier in the airdrop due to an edge case. Go vote!

discuss.ens.domains[EP2] [Executable] Retrospective airdrop for accounts that owned another account’s primary ENS namePlease vote on Snapshot Summary Send 213,049 ENS tokens to a new airdrop contract for users who did not receive the 2x multiplier despite owning a name that was used as a primary ENS name. Abstract One of the criteria used for the ENS airdrop was whether the account had a primary ENS name set. T…

2:45 AM ∙ Dec 1, 2021

---

365Likes78Retweets

• Danielle of Wonderland project sells $100 million in AVAX to convert treasury to stablecoins:

Daniele 🧊🧙‍♂️ (🎩, 🎩) @danielesesta

We sold 893k $AVAX via Alameda OTC desk for $100155973 $USDT. 50594 $AVAX on @traderjoe_xyz for 5494523 $USDC 50000 avax on joe for 1181 $ETH . Swapping all stables to $MIM .

4:05 PM ∙ Dec 2, 2021

---

1,592Likes140Retweets

Thanks for joining us for Tally Newsletter issue 54. Be sure to check out the Tally governance app and join us on Discord for the latest updates!

Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at newsletter@withtally.com 

Best,

Nate, Tally