Hats V2 Audit Competition. Up to $40K in Prizes

A new challenge arrives at Hats Finance, this time featuring our own bug bounty platform. Get ready for the challenge, and read carefully for a chance to win up to $40k in DAI!

This competition will be a little different from our past CTF challenges or ongoing bug bounties, but it will be equally fun! Beginning October 28th, we will be hosting a 6 day audit competition for our upcoming V2 update.

In this competition we will open one vault hosting two challenges:

1. Bug Bounty Competition for medium and high severity issues.
2. Gas Optimization Competition.

Scope of Bug Bounty Competition

Participants will search for bugs in the Hats contract directory (the list of contracts that are covered by the contest is on the dapp) and will be rewarded based on the severity of each vulnerability. Please note that $25k will be allocated towards high severity vulnerabilities and $12k towards medium severity vulnerabilities.

Below is how we will define the severity of bugs submitted:

High Severity: Issues that put users’ funds at risk (ex: attacker can steal funds from a vault, or users are not able to withdraw their token)

Medium Severity: Issues where the behavior of the contracts differs from intended behavior (as described in the docs and by common sense)

Evaluation of Bug Bounty Competition

• Each eligible bug submission receives 1 point in their severity category. Based on the number of eligible submissions, prize pools are divided. For example, if there is 1 high-severity issue and 3 medium-severity issues, then submitters of the medium-severity vulnerabilities will be awarded $4k each and the submitter of the high severity vulnerability gets $25k.
• You can submit one submission mentioning all issues found on the repo. Please make sure you make separate issues on the repo.
• First participant to submit an issue following guidelines gets a bounty for that issue (issues already received or out of scope will not receive reward)
• Participants submit one issue at a time.
• Competition starts on October 28th and lasts exactly one week.
• Issues that we are aware of (as witnessed by any open issues in the repository) will not be eligible for the bug bounty.

Submission Guidelines

• Submissions should be made using our dapp in the “Hats V2 audit competition” vault.
• A github issue describing the problem concisely should be created in our repository. The title should match the title of the on-chain submission in the dapp.
• Submission should contain a pr (linked to the issue) with at least one test demonstrating the problem and, if possible, a possible fix.

To participate submit a report through our dApp at https://app.hats.finance/vulnerability. Please send a plain ascii file following the following format:

TITLE (short description of the issue)

SEVERITY (either high or medium, see the rules):

A LINK TO THE GITHUB ISSUE

Gas Optimization Competition

This competition will reward participants with ideas to maximize gas savings. The prize pool will reward $2k for first place and $1k for second place.

Guidelines are as follow:

• Submissions should be forks of our repository, with the test suite unchanged.
• Optimizations should use solidity (no inline assembly)
• Entries will be measured on the total average amount of gas used for each function (i.e. the sum of all numbers in the “avg” column), as reported by the hardhat-gas-reporter when running the tests in the repository. It’s possible to use the script at https://github.com/hats-finance/hats-contracts/blob/develop/gas-avg-check.py to sum up the averages.

Now that rules are clear, let’s start the hunt! We look forward to highlighting your work in our Twitter and leaderboard.