Hats.finance is a permissionless bug bounty solution. Every DAO token holder can deposit tokens in a vault, which will be used to pay potential white hat hackers that find vulnerabilities in any contracts in scope. Users depositing governance tokens can withdraw them with a 7 days delay.
Pros and cons
The advantage for protocols is that their bug bounties can be financed with the protocol governance token, and by everyone from the community. Additionally, hackers submitting but bounties can see exactly how much tokens they will receive, if the severity of the bug bounty is agreed upon.
If a bug bounty is submitted and found to be valid, a share of the tokens deposited will be paid to the hacker depending on the severity of vulnerability found.
In exchange, depositors will get a share of the $HATS distribution when it starts. In the meantime, $HATS tokens will be distributed retroactively similarly to OP from Optimism.
Angle & Hats
Some contributors have been in contact with the Hats team for some time now, and we think it would be interesting for Angle to open a bug bounty. To do so, the DAO needs to deposit an initial quantity of ANGLE tokens.
I propose to deposit 500k or 1M ANGLE (~$22,500 - $45,000 at current prices) to kick off the vault. This could add a new, cheaper bug bounty for Angle, and position the protocol as an early supporter of Hats.
I have submitted all contracts to be included in the bug bounty to the Hats team. We created a 2/2 multisig with @Picodes and myself to act as committee members to accept or deny the vulnerabilities submitted. If approved, we would need to send the ANGLE tokens from the DAO to the Angle vault on Hats to open the bug bounty.
Please share your thoughts on a potential Angle bug bounty with Hats, and on the amount of tokens that the DAO should deposit!
- Deposit 1M ANGLE into Hats bug bounty
- Deposit 500K ANGLE into Hats bug bounty
- Don’t open any bug bounty with Hats
Hey ANGLE DAO members,
My name is Ofir, from the Hats.finance growth team.
It’s great to see the activity in the forum.
@tuta thank you for raising this topic and adding the proposal.
Hats.finance is an on-chain decentralized bug bounty platform designed to prevent crypto-hack incidents by offering the right incentives. Additionally, Hats.finance allows anyone to add liquidity to a smart bug bounty. Hackers can responsibly disclose vulnerabilities without KYC & be rewarded with scalable prizes & NFTs for their work.
Smart bug bounty programs are a win-win for everyone. They can be created easily with a few on-chain transactions and set up is free of charge. Bug bounty programs do not cost anything unless a vulnerability is discovered, which would be more costly and irreversible once exploited. More importantly, it is transparent, decentralized, and gives power to the community behind the project.
Security underlies the technology of smart contracts; there isn’t such a thing as too much security in our space. We strongly believe the future of cybersecurity is incentivized. We aim to lead this plan by creating a decentralized bug bounty marketplace that will incentivize all of its participants.
We are working with several protocols today, from Liquity to DXdao, all securing their protocols using the Hats smart contracts. We are in the final stages of developing Hats V2, and would love to work with and host bug bounties for Angle.
The key advantage of Hats.Finance solution vs. the traditional, centralized bug bounty services are:
Bug bounty vaults are loaded with the native token, stablecoins, or yield-bearing token (Support in V2) of the project. Reducing the free-floating supply while giving the additional token utility.
Scalable bounty network — vault TVL increases with the project’s success.
Open & Permissionless —
- Anyone can participate in the protection of an asset (AngleDAO, its community, and ANGLE users).
- Any hacker can participate anonymously when disclosing exploits (no KYC needed)
In the future, every depositor could earn rewards when providing liquidity (taking risk).
Continuous protection — As long as tokens are locked in the vault, hackers are incentivized to disclose vulnerabilities through Hats instead of hacking.
I would love to answer questions about Angle <> Hats collaboration; please tag me.
Hey Angler, Director of Operations at Hats.
It would be great to add Angle to the early stakeholder list.
I think this proposal makes a lot of sense. Decentral stablecoins need a higher level of security than most projects because the TVL of the underlying protocol can grow very fast once the appetite for leverage comes back and stablecoins usually seek to be especially liquid and integrated into other protocols as a form of collateral.
White hats often don’t know if project teams will honor their posted bug bounty and therefore often are unsure if searching and disclosing a vulnerability is profitable. We want to give both sides full transparency by putting the process on chain.
Additionally, we will incentivize LPs to grow your bounty with our liquidity mining program once our token goes live. Since opening the bounty is free this will actually turn the cost negative.
The bounty vault removes ANGLE from circulation, gives the token more utility since it can be used to secure the underlying protocol, and adds an option to earn yield with single-side staking of ANGLE.
I agree with the most. This will help the project grow faster and avoid unnecessary difficulties.
have been following hats and angle since the very start of both projects, which is why ive reached out to tuta on this proposal and i believe that this partnership will definitely benefit both protocols .
Vote is live on Snapshot !