Introducing Hats V2: Advanced Decentralized Bug Bounty Platform
Hats Finance was ideated in January of 2021 as a way to shift incentive mechanisms in the web3 security space. Our founding team was deeply inspired by the idea of mixing DeFi with cybersecurity, especially after witnessing multi-million dollar heists during DeFi summer. After spending nearly a decade working in tech and early web3 projects, they realized the untapped potential of cybersecurity driven by web3 ethos. Soon after, Hats Finance came to fruition, setting the stage for exponential growth in the bug bounty industry and adoption in web3.
In 2022, over $3.7 billion were lost in hacks and exploits, furthering the relevance of bug bounties as a key pillar for crypto adoption. Today, Hats Finance strives to establish itself as an essential infrastructure for decentralized finance, empowering projects, ethical hackers, and communities to unite toward the greater good.
Today we are excited to announce an expansion of our vision, moving into Hats V2! We are thrilled to unveil our latest version, which includes several notable features such as Multi-Token and Multi-Reward capabilities that will ensure the long-term sustainability of Hats’ incentive mechanism. We have also made improvements to the user experience and security, making it simpler for community members to fully utilize our product offering. We are confident that the transition to V2 will make Hats Finance a more versatile and efficient bug bounty platform.
Hats V2 Introduces
Multi-Token Use in Vaults
Initially, Hats bug bounty vaults could only hold each token once. That meant once a token was taken by a vault, and it could not be used again. With our new multi-token capabilities, the same tokens can be used simultaneously by different vaults, allowing greater flexibility when creating bug bounties, especially within the same ecosystems. Starting with V2, multiple projects can use USDC or any other stablecoin simultaneously.
Multi-Chain Support
Hats Finance was originally built on Ethereum, focusing on projects built in solidity. Hats V2 will support other EVM chains, like Polygon, BNB, and layer 2s, like Arbitrum and Optimism. If your project is deployed on a chain that is not supported yet, feel free to contact us. We are happy to help.
Isolated Bug Bounty Vaults:
We’ve implemented enhanced smart contract security measures with our latest update. Each bug bounty vault now has its own individual smart contract, enabling faster and more efficient deployment for teams. By isolating each vault’s deposits in separate contracts, every Web3 team can now deploy their own vault completely trustless.
On-Chain Communication
One of our many market advantages is the facilitation of direct encrypted messaging between security researchers and builders (without passing through a third party). Our non-KYC policy adds identity protection for ethical hackers in the web3 ecosystem while opening up greater access to talented researchers in regions of the world with regulatory uncertainty, boosting the diversity and effectiveness of the bug bounty hunting process.
Hats V2 is designed to create decentralized dispute resolution processes where security experts can escalate decisions and take issues to decentralized courts, which then decide on the severity of the reward. In the next few months, we will release this feature in collaboration with decentralized court projects, security researchers in web3, and web3 builders while the integration with decentralized courts is being finalized. Hats governance can approve or dismiss proposals in order to reduce the risk of problematic committees.
On-chain Log for Submissions and Payment
On-chain record keeping is a crucial advantage of doing things on the blockchain. When using Hats, key events in the bounty assignment process are recorded on-chain, such as the time and of the vulnerability report (without disclosing the report itself), the decision of the vault’s committee regarding the bounty, and the eventual payment by the committee of the bounty, together with the reasoning. This transparency helps to keep the bounty payment process accountable and fair and provides objective evidence in case there is a dispute between the committee and the security experts regarding the bounty.
Multiple Token Rewards and Incentives
In Hats V2, we added the ability to run multiple reward programs in vaults. Hats V1 provided a single incentive mechanism to distribute $HATS to contributors; the V2 system allows for projects (and Hats itself) to add their own incentive programs. With this update, we allow a greater diversity of rewards and create a more sustainable future for Hats and our partner projects.
An example of this feature:
Fuji Finance wants to grow their bug bounty after a major deployment of new smart contracts. Fuji Finance starts incentivizing users that deposit $FUJI in their bug bounty for the next 6 months. Users who deposit and share risk with Fuji Finance will be rewarded with more $FUJI.
Two months ago, we announced the Hats Airdrop Machine, an incentive mechanism that will distribute periodic rewards for community members that meet specific criteria. Eventually, through our multi token rewards, community members can be incentivized by both Hats and bug bounty partners when they participate in protocol protection by depositing in a vault. Our ultimate objective is to establish a sustainable incentive that will utilize project tokens to incentivize bug bounty growth at specific periods.
Note: When joining Hats, projects can opt-in to distribute their own tokens to chain protectors who contribute to the project’s bug bounty by depositing into a vault. The amount of token incentives is at the discretion of the individual partner and Hats.
Updated Interface
The open-source interface has been updated to create a better user experience for security researchers, depositors, and teams managing their vaults.
We recently partnered with Wherever, a wallet-to-wallet communication platform designed to establish communication and interaction between security researchers and Hats applications without risking getting doxxed or spammed. Using our wallet-to-wallet application, users can stay up to date regarding smart contract changes and updates.
Self Onboarding
Our long-term goal is to allow every project, regardless of blockchain, to open a bug bounty in a couple of single steps. Hats V2 will make it a reality.
We are launching the new onboarding flow initially with training wheels to collect insights into how new users are navigating it. After we are sure we tweaked it to perfection, we will release it into the wild.
Hats V2 represents a significant milestone for us, and we would like to express our gratitude to every team member for their hard work and dedication, as well as to our community for trusting our vision. We are excited to soon share with you what we have in store for the rest of the year!
