CRE8RDAO AMA With Hats.Finance
Primer: Hats Finance is a Decentralised Security Protocol to increase the security of live products or to prepare a new product for launch. It offers on-chain bounties for security researchers to audit products, increasing the chances of discovering and disclosing vulnerabilities. Find out more in this AMA hosted by CRE8R DAO.
TEAM
Members
Each team member is an expert in their respective field
The core team members consist of
Hatter
Sombrero
Kuffi Hat
Chapeu
Baseball cap
Casquette
Deerstalker
Gatsby Hat
Copili Crown
Beret
Team is not anon, but prefers to be kept pseudonymous within the product
Working with security experts and hackers afterall
Each member is given a unique hat name e.g. Hatter, Sombrero, etc to maintain anonymity and have a fun & distinct identity
Origin story
One persistent issue while working in the Ethereum ecosystem was the fragility of smart contracts
Become more apparent while developing one of the eth2 clients
Also witnessed the beginning of ‘DeFi summer’
Realized how aligning incentives to produce a desired outcome can be very effective
Began brainstorming ways to incentivize white-hat hackers using similar mechanisms
After a few months, the team developed an early version of Hats
The #1 worry of the team
Security is the #1 worry - treated very seriously by the team
Implementing various security measures to increase confidence in the security of the protocol by:
Conducting audit competitions
Audits by multiple firms
Bug bounties
Detection tools
Why do the team members have crows PFP?
The Crow NFT series highlights the importance of smart contract security
The theme is chosen because it aligns with the mission and community
Crows are often misunderstood and associated with negative connotations, much like hackers but both are essential players in their ecosystems
Crows are intelligent problem solvers that work together as a collective, and so do the Hatter community
ABOUT HATS FINANCE
What is Hats Finance?
The first on-chain bug bounty protocol that includes and incentivizes all stakeholders (token incentives awaiting TGE) to contribute to the security of Web3 products
DAOs, companies, community members & stakeholders can add liquidity to bug bounties and be rewarded in return
Scalable bug bounty vaults that can be funded using stable coins or any other on-chain assets
Offers a proactive incentive-based protocol for white hat hackers and auditors to come in and offer their expertise
When incentivized with high bounties, hackers will be encouraged to disclose vulnerabilities instead of exploiting them
The new product, Audit Competition, prepares new products or features for launching
Auditors from all over the world are invited to review the codebase for a short duration to earn prizes and rise in the leaderboard
What problem is Hats Finance solving? And how?
In 2022, over $3.7 billion were lost in hacks & exploits
Underscores the need for bug bounties as a key pillar for crypto adoption
Instead of the funds being lost, what if part of the hacked funds get funneled as bounties to good actors?
In Hats Finance, projects can easily open bug bounty or audit competition
Security researchers can search for vulnerabilities within the protocol's contracts and be rewarded fairly and anonymously, helping to build trust in the security community
This incentivizes responsible disclosure and ensures everyone benefits from a safer & more secure DeFi ecosystem
Vision for Hats Finance
To see a safer DeFi ecosystem with increased security measures that prevent potential hacks and exploits
Hats Finance is a leading force in incentivizing security in the DeFi space, with a growing community of users and depositors who are committed to securing the ecosystem
Aiming to set a new standard for DeFi security
Difference between white, gray and black hackers
White hackers (or ethical hackers)
Uses their skills to find vulnerabilities in computer systems and networks with the permission of the owner
Aim to identify and fix security weaknesses before bad actors come to exploit them
Gray hackers
Exploit vulnerabilities for personal gain
While they do not have malicious intent, their actions are still illegal and unethical
Black hackers (or malicious hackers)
Exploit vulnerabilities to cause harm
They may do this for personal gain, political motives, or for the thrill of causing damage
Actions are illegal and can cause significant harm to individuals and organizations
The incentive structure in Hats Finance
Implemented an incentive structure that encourages responsible behavior from potential hackers
Hackers can participate anonymously when disclosing exploits (no KYC)
Creates a safe environment to disclose vulnerabilities without fear of retaliation or repercussions
Allowing hackers to stay anonymous is a very important step to changing black hat behavior toward ethical behavior
Anyone can add liquidity to the pool, allowing stakeholders to increase the security of their investment
Increases the overall incentive for potential hackers to disclose vulnerabilities
Bounties are on-chain, creating more confidence that the partner projects are serious about security since they had already staked their funds in the vaults
This is to prevent situations where a project cannot pay for what it promised, leading to distrust in the community
Protocol Protection Mining (PPM)
PPM is an innovative mechanism to incentivize depositors
Allows depositors to increase the bounty and take part in securing the protocol
This creates a win-win situation where depositors are incentivized to secure the protocol and, in turn, help to ensure the security of their investments
Not live yet but will go live after the TGE
The PPM program is part of a broader initiative by the team to incentivize security in the DeFi ecosystem
Read more Hats FInance initiatives here: https://medium.com/@hatsfinance/hats-security-council-and-airdrop-machine-initiative-f4852563e97f
Which chain is Hats Finance built on?
Originally on Ethereum, focusing on projects built in solidity
Hats V2 will support other EVM chains like Polygon, BNB, Layer 2s like Arbitrum and Optimism
What is the unique advantage of Hats Finance?
The advantage of Hats Finance is as follows:
Pay only for actual audit findings
Rewards are distributed based on severity level e.g. If no high-severity vulnerability was found, the reserve amount will be retained
A unique submission mechanism ensures top security researchers are attracted
Vulnerabilities are submitted on-chain & on GitHub to maximize efficiency
Free setup; fees only occur for successful payouts (5% early bird special)
Is Hats Finance decentralized?
Hats Finance is a decentralized bug bounty protocol that values the ethos of decentralization
While they still have a few more steps to become fully decentralized, they have different initiatives to involve all community members in decisions.
Security
Audit reports
V1: https://github.com/hats-finance/hats-contracts/tree/develop/audit
V2: https://www.defisafety.com/app/pqrs/379 (DefiSafety report)
Bug bounty
$100k is provided by Hats DAO
The community provided another $96.5k
Hats Community
Names given to community members
Crows: helping the community grow
Hatters: Hats ambassadors
Protectors of the Chain: For users who add liquidity to the pool to increase the security of their investments and the broader ecosystem
Any work for people interested?
Hatters program had been on hold since Dec 2022
Will soon launch a new one
Read this for more info: https://dot-submarine-f5a.notion.site/Welcome-to-Hatters-All-you-need-to-know-before-applying-to-the-program-ab3cbec0409a4326ac8a29763eb09801
Roadmaps
The official launch of Audit Challenges
Skin in the Game Auditing
All information presented above is for educational purposes only and should not be taken as investment advice. Summaries are prepared by The Reading Ape. While reasonable efforts are made to provide accurate content, any errors in interpreting and summarizing the source material are ours alone. We disclaim any liability associated with the use of our content.