GIP- 14: Gnosis vault on Hats.finance
- Create vault on Hats.finance
- Make no changes
0 voters
GIP: 14
title: Hats.finance vault creation
author: Ofir Perez <sombrero@hats.finance>
status: Phase 2
type: Meta
created: 2021-9-23
Simple Summary
Following the previous forum post, a proposal is to create a Gnosis security vault on Hats.finance. Security Vaults on Hats incentivizes hackers, auditors, and the community to protect the projects and protocols contracts by promoting responsible disclosure.
-
A committee composed of Gnosis dev leadership & security auditors is assigned as reviewers for security disclosures.
-
A Gnosis vault is initialized on Hats.finance protocol, with defined severities, covered smart contracts list.
-
Community members, Gnosis Treasury, and the broad ecosystem are incentivized to deposit GNO into the vault.
-
The goal of the vault is to incentivize responsible disclosure in the case of a detected hack or exploit.
-
The dApp is live app.hats.finance
Abstract
Hats.finance is a proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.
Hats create scalable vaults using the project’s own token. The value of the bounty increases with the success of the token and project. In addition, NFT artists will create numerous unique NFTs specially minted for hackers and auditors that will responsibly disclose vulnerabilities.
We offer every participant in the Ethereum ecosystem skin in the game to ensure a more secure future for the users of #Ethereum and smart contracts in general.
Motivation
Gnosis project:
-
24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of exploiting it.
-
A disclosed vulnerability means no TVL/ TOKEN and, most of all, no reputation loss.
-
PR of disclosure and fix becomes a strength to the project and its development team.
-
Attract more users to the “strong and secure protocol.”
-
Permissionless vault - token holders and the gnosis community can deposit or withdraw in the same permissionless nature.
GNO value:
-
GNO staked in Hats vault increases Gnosis security guarantees
-
Staking GNO in the hat vaults reduces circulating token supply
-
One-sided yield farming based on your GNO
-
Participating in Hats pull at this initial phase will be rewarded with extra allocation points(Extra token incentive for the first 20 projects to join). This way, the gnosis community will have extra voting power in what could become a significant security layer of the ecosystem.
Gnosis community / GNO holders:
-
Join the effort to secure the ecosystem.
-
Financial incentive in the form of Yield farming (Protocol protection mining)
-
Protect their own project token by sacrificing a portion of their token to make their holding more secure. By doing that, get $HAT and become influential in the Hats governance process.
Specification
The hats protocol is permissionless, meaning anyone can participate and lock GNO in the Hats GNO vault. The GNO vault protects the Gnosis protocol from hacks by incentivizing responsible disclosure through the Hats protocol.
If a hacker responsibly discloses an exploit through the Hats mechanism, a portion (depending on severity) of the locked GNO tokens will go to the hacker as a reward, some vested, and some immediately.
This is a win-win situation for Hackers, the Gnosis community, and the core team.
As a GNO holder: Statistically when a protocol suffers a hack or exploit its token value will drop between 35-50% at the 24 hours following the hack (Messari). It is rational to lock part of a user’s holdings to protect the rest of his holdings from a potential hack.
Hacker gets a substantial amount of FUNGIBLE money, become famous for disclosing a critical vulnerability instead of rekt’ing the protocol and its stakeholders, and receive funds without becoming a worldwide criminal.
We found out that a crucial element that can help black hat hackers to participate in protocol protection is privacy and permissionless.
The decentralization of the protocol is critical in order to incentivize anyone involved in the protocols to protect it: community, artist, investors, team members, & developers.
Rationale
Security underlies the technology of smart contracts, there isn’t such a thing as too much security. We think Ethereum dapps should include both our solution and others. The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control for treasuries and users alike.
The Hats contracts are public verified on Etherscan and can be found by clicking the “View Contracts Covered” under Hats vault in app.hats.finance and we are ready to onboard Gnosis GNO.
Audit and safety measures:
Hats is live with Hats vault containing $100K USDC worth of token to incentivize responsible disclosure.
Vault funding: Not part of this GIP
The amount of Funding the Gnosis vault on hats, by $GNO holders and Gnosis DAO is 100% controlled by you. As a community, you can choose together how important it is for you to incentivize others to make Gnosis a much safer environment. Bear in mind that funds will be released from the vault only due to vulnerability disclosure. The upside from fixing issues is drastically more valuable than the financial face value of the GNO tokens that are going to be deposited.
Implementation
- The hats team will create the committee set up JSON file with all the open-source details we collected online.
- Gnosis team for confirmation.
- When this stage is completed, the vault will be displayed in hats dApp.
Gnosis Impact
Phase 2 Proposals: Please ignore this section, and leave as is. It is used for Phase 3 proposals.
Phase 3 Proposals: Replace the question in the below iframe with the relevant questionID for this GIP, then delete this paragraph. If Omen Prediction Markets have not been created for this GIP yet, or if you have any questions about retrieving the questionID, please get in touch with a forum moderator.
GnosisDAO Snapshot
Phase 2 Proposals: Please ignore this section, and leave as is. It is used for Phase 3 proposals.
Phase 3 Proposals: Add a link to the corresponding GnosisDAO Snapshot poll you’ve created.