As we move towards the Hats v1.0 release, we would like to share more info about the project, get feedback from the community, and iterate as we attempt at making the ecosystem safer and more secure.
- Hacks are extremely costly to projects, token holders, and general community. A hacked project sees an average of -34% and up to -80% drop in token value after a hack.
- Hackers in themselves are not ‘bad’ or the ‘problem’ but instead the incentives of the ecosystem.
- Introduction to the Hats solution, core features, and next steps
Size of the problem
In the past 6 months alone, over $400m has been lost to hacks and exploits in Ethereum smart contracts. This number increases on a daily basis and by the time you read these lines it is probably be outdated.
The direct result of these hacks, beyond significant loss of funds to users, is the immediate drop in TVL and token price, averaging at -39% and -31% respectively. This can be seen in the table below taken from “Messari: Hack Exploits”, last updated in February, 2021.
The Hats Solution
We believe that hackers are not inherently bad, on the contrary, hackers are essential and vital for Ethereum as they expose weakness and exploits that become more critical with time and scale of the system. The problem lies in the incentive of hackers.
“Show me the incentive, I’ll show you the outcome” -Charlie Munger
A thought experiment
An individual, let’s call him Mr. Hightopp, finds an exploit in a semi-popular Ethereum decentralized finance (DeFi) protocol.
Currently, the only way for Mr. Hightopp to get substantial monetary reward for his hard work is to exploit the protocol, risk money, and potentially gain a large amount of limited fungibility funds, let’s say $20m. If he succeeds, it will incur a devastating outcome to the project’s token value, investors, community, with additional millions lost as collateral for liquidity providers and other
The Hats Alternative
Hats propose a different path for Mr. Hightopp. disclose the exploit, get fully fungible $5m plus potential upside from the protocol itself as it is now more secure. In addition, Mr. Hightopp will get notoriety within the community for detecting and disclosing the vulnerability, a unique NFT made by some of the top artists in the NFT space, and work offers on the basis of his reputation.
By incentivizing an open hacking market that scales with the success of projects and significantly reward successful hackers — we will turn black and gray hat hackers into white hat hackers
How it works
- Hats governance creates a bounty vault of project tokens, which can fill up to 1% of said token circulating supply, farming Hats in the process.
- In the case of a detected exploit, the hacker will disclose the vulnerability to the Hats committee, with an on-chain hash proof of the disclosure.
- The committee, composed of researchers, project core developers, and white hat hackers, will approve or deny the vulnerability and a subsequent release of funds to the hacker, according to the token allocation specified in the vault.
- Each vault has its own committee, appointed by the project community.
This is a simple method that allows for scalable, continuous, and assured reward to hackers in the case of exploit detection.
- Scalability — Vaults scale with the success and value appreciation of the project’s token.
- Continuity — Vaults provide a continuous protection and incentivization to hackers as long as there are locked tokens.
- Credible reward — The hacker creates a proof of exploit and submits it to committee. In the case of denial by the committee, the hacker can expose the exploit and allow for the wider community to judge whether the committee made a correct decision.
All of this while doubling down on the nature and development culture of Ethereum, free and open source code, and utilizing of a completely free and open hacking market.
In the next blog post we will to introduce the incentive mechanisms for each one of the parties — hackers, token lockers, and project community members
Our our focus is still on building the protocol. We are looking for devs and community members interested to join the project and the team. If you got intrigued by this post, know React, Solidity, want to lead community or communication initiatives, or can make slick memes, please drop us a line on discord or on telegram.