Hats Referral Program — A $1000 USDC reward for contributors who refer to new vaults on Hats Finance

6 min readFeb 14, 2022


The Hats Protocol offers different tools that align incentives between hackers and protocols to increase the security of Web3. The main tool offered in the current version is vaults.

Bug bounty vaults allow protocols and DAOs to lock assets as a bounty for hackers that find and report vulnerabilities. As a cybersecurity protocol, we are building decentralized tools that allow communities to participate in the effort of securing the ecosystem.


  • The reward of helping to open a vault is set at $1000 USDC.
  • To receive the reward, the project will need to deposit a minimum of $50,000 worth of its token.
  • There are four easy steps to open a vault: Fill up a form, collect information from the project Dev team (Find more info below), go through the committee due-diligence process, test on rinkeby, deploy on mainnet with the first deposit of the DAO.
  • The referral program can be ended at any time by Hats governance decision.

The program:

Hats Finance will reward $1000 USDC to one person once they successfully lead the onboarding process and actively help the execution of the following:

  • The vault was successfully deployed on Hats mainnet dApp.
  • The project DAO has successfully deposited a minimum of $50,000 worth of its token.

The reward will be paid by Hats governance.

How can you open a vault and get rewarded:

Step one: Fill up this form

  • You will be asked to share your ERC-20 wallet address, this will be used as the beneficiary wallet.
  • As a confirmation, a telegram group will be opened, to continue the communication with the Hats team.
  • You can use this template to add a proposal to your DAO

Step Two: Collect and share the vault information with the Hats team.

What information should be collected from the projects dev team:

  • PGP keys — A link to a tool that could help with it will be shared with you on telegram.
  • Project committee members Twitter links or Github.
  • link to the contracts will be covered by the bug bounty vault
  • Committee members multisig address on Rinkeby and Mainnet — more information will be shared on telegram.

Step three: Committee due diligence: Meet the Hats team / The token contract deployer to sign a message.

Step four: Test on rinkeby, deploy on mainnet and walk through the project or DAO first deposit.

Which protocols can be onboarded to Hats:

  • The code is open source.
  • The contracts have already been deployed.
  • The project launched its Token.
  • The projects can bridge their token to the Ethereum mainnet.

Understanding Hats Finance:

What is a bug bounty?

A bug bounty program is offered by many websites, organizations, and software developers, in which individuals can receive recognition and compensation for reporting bugs in code.

What is the advantage of a bug bounty program?

The main advantage of a security bug bounty program is that it doesn’t cost anything unless there is a disclosure that would have been a lot more expensive if the program did not exist. A win-win for everyone involved.

Security underlies the technology of smart contracts; there isn’t such a thing as too much security in our space. We think Crypto dApps should include our solution and others.

Hats solution

We believe that hackers are not inherently bad, on the contrary, hackers are vital for Ethereum, as they expose weaknesses and exploits that can be critical for the future of crypto. Part of the problem lies in the current incentive system, where hackers’ efforts are not properly incentivized and are often criminalized. We believe that with the right incentives in place, many more hackers can turn into white hat hackers.

Hats created a cybersecurity marketplace that incentivizes white hat hackers for finding a vulnerability and responsibly disclose them using Hats dApp. We are continuously developing decentralized tools to secure the ecosystem.

What is the key advantage of Hats solution on the traditional, centralized bug bounty services:

  1. Vaults are opened with the underline token of the project.
  2. Scaleable bounty network — vault TVL increases with success / token appreciation of the project.
  3. Open & Permissionless — Anyone can participate in the protection of an asset they are a stakeholder in. And any hacker, anywhere in the world, can participate anonymously when disclosing exploits (no KYC needed)
  4. When providing liquidity every depositor can farm $HATS tokens.
  5. Continuous — As long as tokens are locked in the vault, hackers are incentivized to disclose vulnerabilities through Hats, instead of hacking.

Why would a DAO open a vault?

The motivation is mainly around increasing the security of the protocol and the assets under management. An audit proves that a protocol is secure at a certain point in time. But as soon as anything changes in the code, the audit might lose applicability. And even audits from the top firms can miss vulnerabilities, as the past has shown. Having a bug bounty is an excellent way to increase the security level perpetually, allowing hackers to get paid when they find vulnerabilities without getting in hot waters.

Providing liquidity

The beauty of Hats’ vaults is that it combines incentives from many involved parties so everyone can participate in increasing security. When you provide the liquidity you can farm $HATS tokens.

DAO motivation

  • 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of exploiting it.
  • A disclosed vulnerability means no TVL/ TOKEN and most of all, no reputation loss.
  • Attract more users to the “strong and secure protocol”
  • Permissionless vault — token holders and the protocol community can deposit or withdraw in the same permissionless nature.
  • Doesn’t cost anything unless there is a disclosure that would have been a lot more expensive if the program did not exist.

Token value

  • Token staked in Hats’ vault increases protocol security guarantees
  • Staking tokens in the Hat vaults reduces circulating token supply
  • One-sided yield farming based on your token
  • Participating in Hats at this initial phase will be rewarded with extra allocation points (Extra token incentive for the first 20 projects to join). This way the protocol community will have extra voting power in what can potentially become an important security layer of the ecosystem.

Community motivation

  • Can join the effort of securing the ecosystem.
  • Financial incentive in the form of yield farming (protocol protection mining)
  • Protect their own project tokens by sacrificing a portion of their tokens to make their holding more secure. By doing that, get $HATS and become influential in the Hats governance process.

Hats flow

Vault = Bug bounty program

Each vault represents a bug bounty program. It is a scalable bounty network, with the project native Token — The TVL of the vault increases with the success of the token and the appreciation of the project.

Vault committee

Each vault has its own committee members that have the responsibility to add or remove the covered contracts, severity descriptions, reward percentage to each severity, and to communicate with the hacker or auditor regarding the vulnerability.

NFT as reward

Each vault offers NFTs as an additional reward. For now, NFTs are determined by Hats governance, and soon we will start to work with each community to choose their artists to be involved with the NFT creation. This way we create a social reward from the community to the hacker.

Deposit <> Protect <> Farm $HATs

The beauty of Hats being a fully permissionless protocol is that DAOs treasuries and individuals can deposit or withdraw funds from the vault at any point. By doing that, depositors will farm HATs tokens. The liquidity mining isn’t open yet, but every depositor will be rewarded from the first block.

Submit vulnerability

The vulnerability disclosure process is something that we are always improving while receiving feedback from hackers and auditors. There is no need for KYC on our platform. This means that any Hacker can submit and stay anonymous, providing an important value to black hackers that want to stay anonymous but do the right thing.

Useful links

Improve the security of your DAO and be rewarded — Start here.




Hats.Finance a decentralized smart bug bounty marketplace. Permissionless, scalable, and open bug bounty protocol that allows anyone to provide liquidity.