Mining Liquidity for Bug Bounty Contribution

3 min readApr 15, 2022


Hats Finance is excited to introduce Protocol Protection Mining starting in Q2 2022, allowing anyone in the ecosystem to become a protector of the chain by providing liquidity to decentralized bug bounties in Hats Finance.

At Hats, we add an extra component to liquidity mining by encouraging deeper protocol commitment, long term impact, and smart contract longevity. We do this by allowing different protocol participants to contribute to its protection while receiving incentives in $HAT governance tokens.

Becoming a Protector of the Chain.

Whether you are a developer, a degen or a hodler, you want crypto projects to succeed. However, daily hacks demonstrate that the crypto security ecosystem is still underdeveloped and there is a lot to improve and grow. Hats Finance believes in a future in which white hat hackers, core teams and communities work together for a safe and long lasting crypto space, and while hackers will not cease to exist, it is possible to turn them into white hat hackers with the right incentives in place.

Liquidity mining creates token incentives for users that contribute to bug bounties. At the same time, as the bug bounty liquidity grows, so is the popularity of that bounty within the hacker community, ultimately increasing security and credibility of that project. Creating a community owned bug bounty is easy, decentralized, and with no cost unless there is a vulnerability disclosure, which costs a lot more if the vulnerability is exploited. Overall a win for everyone involved.

Facts & Figures

  • Token distribution will be throttled based on each project Quadratic Market Capitalization, Quadratic TVL (Total value locked) and Core-Team deposit.
  • 55% of project allocation points will be ruled Quadratic Market Cap.
  • Higher Cap projects require higher security.
  • Higher market capitalizations will prevent price manipulation once incentives go live
  • We don’t punish small projects, therefore its quadratic gives small projects good incentives.
  • Quadratic TVL will dictate over 20% of the project allocation points.
  • The higher the TVL the more assets are at risk, therefore a higher bounty is required.
  • Why only 20%? Not all project manage user funds, but all projects should have a bounty — The same reason why it’s quadratic.
  • Core Team Deposit will dictate 20% of the project allocation points.
  • The team needs to manage the committee to ensure that reported vulnerabilities are handled in a timely manner.
  • Project treasuries need “skin in the game” so they show conviction in their project and proof that they try to maintain the highest security standards in place and not to risk the funds of other liquidity providers arbitrarily.
  • 5% extra allocation points goes to the Hats.Finance Vault to support community members.
  • Another reason is that the Hats.Finance Vault is securing the assets of all other vaults. Therefore we want to create the highest security possible around our vaults.
  • Numbers of token incentives will be rebalanced every two weeks. Not all of the 35% of the overall supply reserved for liquidity incentives will be used in the initial liquidity mining program. This is to support future protocol protection mining when more projects are onboarded.


Providing liquidity comes with the risk of losing staked funds after a successful vulnerability disclosure. When users provide liquidity they assume the risk of hacker disclosure, which depending on severity will cost a % of staked funds. In case that users lose a % of their stake, they still get to keep all $HAT rewards.

Staked funds can be withdrawn at any moment with a 7 day waiting period due to the hacker disclosure time. Having a lock up period creates transparency and avoids insider trading in case users find out that a white hat hacker submitted a vulnerability.

Deposit, Withdraw, Claim $HATs

Early contributors to bug bounty vaults in Hats Finance are the first ones to claim $HAT tokens. The rewards will start when ppm will start.

Check this article to learn how deposit and withdraw on the Hats.Finance dApp.

Become a chain protector to your favorite DAO by adding liquidity to their bug bounty. Click here to check available vaults.

Get your Hats ready! We will announce official dates for protocol protection mining soon.




Hats.Finance a decentralized smart bug bounty marketplace. Permissionless, scalable, and open bug bounty protocol that allows anyone to provide liquidity.