Cover photo

Introduction to Hats Finance – a Revolutionary Decentralized Bug Bounty Protocol

Decentralized finance or DeFi is a rapidly growing financial sector powered by blockchain. This technology allows for worldwide access to products and services, eliminating third parties and providing an open financial system for the internet age. All processes like trading, lending, borrowing etc. are automated by smart contracts here. Whereas the permissionless nature of DeFi is instrumental in fostering rapid growth, it exposes investors to elevated risks. Maximum DeFi protocols are open source and the danger of error in the program code and configurations is common. The attackers have sufficient time to analyse vulnerabilities in a specific protocol and plan an attack. This is the reason, numerous DeFi protocols have been hacked previously and caused the loss of billions of dollars. In 2022, DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers — a total of $3.1 billion as reported by Chainalysis. The percentage is up from 73.3% in 2021. There is no concrete immediate solution to stop DeFi hacks now, and the white hat hackers don’t get enough incentives to report the bugs. Hats Finance is an innovative proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.

Source – Cryptocurrency stolen in hacks by victim platform type (2016-2022) – DeFi hacks are rising

DeFi is disruptive and it will continue to be a vulnerable industry with anonymous teams, open-source codes, and a ton of money. This situation is ideal for hackers but there are white hat hackers in the industry also. Crypto bridge Wormhole paid $10 million to a white hat hacker for spotting a critical bug last year. The hacker spotted a bug that helped prevent a potential lockup of user funds. Aurora, an Ethereum Virtual machine built on the NEAR Protocol, paid a $6 million reward to a white hat hacker who reported a major bug. That bug in the Aurora engine could have allowed a malicious actor to mint new ETH and drain more than 70,000 ETH when the bug was reported in April 2022. But the problem is that bug bounty programs are often not incentivising good actors to discover and disclose vulnerabilities in the smart contracts of DeFi projects and the hackers can get manifold benefits by not wearing the white hats. What if we can incentivise a good actor on a similar scale to being a bad actor? It can suddenly encourage the incentives toward white hat hacking!

Submit Vulnerability Screen – A screenshot from DAPP

Hats Finance allows a project to create a scalable vault using the project’s own token or stablecoins like USDT or USDC. The platform envisions itself as a decentralized smart bug bounty marketplace and presently it supports Ethereum, EVM chains like Polygon and BSC, and Ethereum Layer 2 chains like Arbitrum and Optimism. Creating a bug bounty vault involves minimal effort and just needs a few steps. The open bug bounty protocol allows anyone to provide liquidity to bug bounties. It provides ongoing security to a DeFi project and encourages community involvement. It is a fact that exploits affect the success of a project, so the bounty incentives safeguard the project and discourage the forces who may try to hack it. Suppose, a hacker can hack a protocol where $20 million TVL is locked and $10 million in a smart contract is at risk. If he/she succeeds, it can destroy the protocol’s future. Hats can offer the hacker an alternative path where he/she can earn $1 million as a bug bounty for detecting the vulnerabilities within the protocol. The open hacking environment offered by Hats is lucrative to the hackers as they can find recognition and proper remuneration for their work. Unlike conventional bug bounty platforms, the claim process is straightforward here. There is no KYC. Bug submission takes place on-chain and each vault has its own committee appointed by the project that judges the bug submissions. The committee approves or rejects the vulnerability detection and subsequent release of the fund to the hacker based on severity level.

Source- How the Bug Bounty Protocol works

Liquity and Kleros were the first few projects that opened a decentralized bug bounty on Hats Finance. After that renowned DeFi projects like Paladin and Paraswap joined the platform. Community members of a listed project can freely provide liquidity to their favourite DAO bug bounty vault, reduce the risks of hacks and become chain protectors. Every vault has a minimum deposit threshold and after deposit confirmation, you will be eligible to redeem a Chain Protector NFT. This NFT will grant access to the Vault's Embassy. Providing liquidity to a bug bounty can be judged as a selfless activity but the ecosystem can thrive when there are logical incentives for the participants. This is why the liquidity providers will be rewarded with $HAT, the governance token of Hats Finance. The total supply of $HAT is 10 million and 50% of the supply will be allocated to the community and liquidity mining. There will be other NFT rewards for the participants also down the line.

Bug Bounty Vaults of Hats Finance – Screenshot from DAPP

Hats Finance offers a decentralized bug bounty platform that is unheard of. The need for improved security in web3 is the most critical area but we can not compromise with the ethos of decentralization and trustlessness. This is challenging but white hats can play a great role in protecting us from the bad guys and securing the protocols. Hats Finance can change the dynamics of web3 and contribute towards its success by facilitating decentralized vulnerability resolution between white hats and protocols. Community-owned bounties on Hats are extremely scalable as liquidity can grow along with the growth of a protocol. The team behind Hats Finance seems to be dedicated to improving the platform and user experience. The use of the Ethereum Push Notifications protocol to securely message its users without affecting privacy is an excellent feature. Imagine receiving vulnerability detection notifications on-chain through the platform. If you are a key member of a DeFi project and want to protect investors from future smart contract vulnerabilities, explore the bug bounty marketplace of Hats Finance. Apply here to open a Smart Bug Bounty Vault.  If you are a white hat hacker, look at the juicy rewards of existing bounty vaults and start hunting. Also, don’t forget to check out the challenges section, which offers gamified challenges and tests your mettle. White hats, it’s time to have real fun!

Follow Hats Finance on Twitter to get regular updates and join their vibrant Discord.

This article was first published here.

Follow Me 

👉 Twitter @paragism_