Gnosis <> Hats collaboration: Proactive security for smart contract > Next Steps

Hi everyone, my name is Ofir, I’m the BizDev and community manager of Hats.finance.
To continue the previous forum post that discussed the collaboration between Gnosis and Hats. Our plan is to go live mid July, and we are ready to onboard the first projects. We have finalized an audit and we will also have a Meta-Hat vault that will secure the Hats smart contracts.

This is a proposal for Gnosis to collaborate with Hats to create a hacker & auditors incentive vault to protect the Gnosis contracts. Gnosis will be one of the first Hat vaults, the goal of the vault is to incentivize vulnerability disclosure for Gnosis smart contracts. Once the protocol protection mining (PPM) campaign starts, any GNO lockers in the vaults will also farm HATs tokens.

TLDR

• This is a proposal for Gnosis to collaborate with Hats to create a hacker & auditors incentive vault to protect the Gnosis contracts.
• The value proposition of hats includes The project and token, the committee of the vault, project community, and Hacker/ Auditors.
  proposal action items:
• Decide on Collaboration with hats.finance
• Decide on Collaboration with hats.finance
• Choose and set up a committee
• DAO will fund Hats Gnosis vault with 200k usd worth in GNO

Overview

Hats.finance is a proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.

Hats create scalable vaults using the project’s own token. The value of the bounty increases with the success of the token and project. In addition, prolific NFT artists have pledged assistance and will create numerous unique NFTs that will be minted specially for hackers and auditors that will responsibly disclose vulnerabilities.

We offer to every participant in the ecosystem of Ethereum skin in the game, to ensure a more secure future for the users of #Ethereum.

Hats.finance mechanism:

• Smart contracts are continuously offering a bounty in the form of their value or the value that is locked by them. Extracting this value in a malicious manner causes more harm to the ecosystem than the size of the extracted value.
• Incentivize continuous audit for smart contracts
• Hack or exploits have an effect on the adoption of all smart contract projects and the ecosystem itself. Ecosystem adoption could be boosted if we could reduce this risk.
• The future of the economy is being withheld by the forces who try to hack it. Hats.finance incentivizes both parties to collaborate towards the success of the ecosystem.

Benefits:

Project covered:

• 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of hacking.
• A disclosed vulnerability means no TVL/ TOKEN loss.
• PR of disclosure and fix becomes a strength to the project.
• Attract more users to the “strong and secure protocol”

Token value:

• GNO staked in vault increases the Gnosis with higher security guarantees
• Staking GNO in the hat vaults reduces circulating token supply
• One-sided yield farming based on your GNO

Committee:

The main incentive of a committee to triage reports is the potential to rescue user funds and protocol reputation. In addition to that, Hats have two incentive mechanisms in place:

• Each call to approve function (confirmation of an exploit that was resolved by the project committee) triggers a split function that sends part of the reward (default 5%) to the committee for triaging the issue and solving it in a responsible manner.

• Each exploit claim is attached with a fee denominated in ETH. This fee is intended to reduce the exploit report spam and incentivize report triage by committees. The fees are transferred to the hats governance wallet in order not to expose the project that was reported and will be transferred to the respected committees on quarterly basis.

Project community / token holders:

• Join the effort to secure the ecosystem.
• Financial incentive in the form of Yield farming
• Protect their own project token by sacrificing a portion of their token, to make their holding more secure. By doing that, get $HAT.

Hacker:

• Fungible funds - no need to move the funds into mixers.
• Incentivized by the big prize, less than what they could hack, but still a meaningful amount.
• Easier to disclose vulnerability than to exploit it.
• No KYC - crucial prerequisite for many hackers, especially those in eastern Europe and Asia.
• Reputation and notoriety as a proficient hacker.
• Be good, do good for the community.

Vault size:

When you incentivize hackers with a big bounty, you drive attention to secure your protocol. Because the bounty is a relative portion of the vault, the more value the vault holds, the larger the prize. A ballpark starting number at ~$0.5m-$1m for a critical bug will draw significant attention from potential hackers or auditors.

Screen Shot 2021-06-29 at 12.46.11 (1)1600×1000 159 KB

(demo video is attached)

One more bug bounty?

• We aware of and encourage projects and communities to create different bug bounty programs, security is the #1 priority in all smart contracts.
• The potential risk is in the hacking of the vault’s protocol, and Hats.Finance will have its own Meta-Hats vault to incentivize responsible disclosure for the Hats protocol.
• Hats.finance offers everyone that holds GNO tokens to join the security effort. This is the real power of the community. Work together <> be stronger together.
• The $HAT token is a key driver for adoption and participation. Expose vulnerability or not, if the covered protocol is safe - everyone wins.
• Liquidity rewards on your GNO staking is a game-changer in the bug bounty ecosystem.

Proposal action items:

• Decide on Collaboration with hats.finance
• Choose and set up a committee
• Gnosis DAO will fund Hats Gnosis vault with 200k usd worth in GNO

Onboarding action items:

• Choose committee: Committee is preferably the Gnosis Multisig

• Committee responsibility & Individual incentive:

1. Triage auditors/hackers reports/claims.
2. Approve claims within a reasonable time frame (Max of 6 days)
3. Set up repositories and contracts under review. (List of all contracts under the bounty program and their severity)
4. Be responsive via its telegram bot.

• DAO process: proposal / Voting / announcement
• Dev process: Committee setup / Private Telegram bot
  • Hats team <> Gnosis committee call to set up
  • Protocol: Choose protocol/contracts to cover, severity level.
• Hats governance sets emission rate to the vault.
• Project and users deposit funds

For the Dev setup, we have a detailed document for an easy process.

Would love to get the discussion going and get feedback on the proposal.

Thank you!

I think that paying white hackers very well is good for the ecosystem and a good method for individuals projects to reduce the impact of vulnerabilities (would there be any). It’s way better to lose up to 200k$ of GNO than having a exploit so I think the Gnosis DAO should go on with this proposal.

Thank you @clesaege for your feedback, we are sharing the same values here.

The advantage of a bug bounty program is it doesn’t cost anything unless there is a critical disclosure that would have been a lot more expensive if it wasn’t for the program in the first place.

Our goal is to build a decentralized and scalable bounty network where any project, big or small, can place a bounty with it’s own tokens. As the project grows in success and value so will the bounties it offers. We also allow and encourage the community of said project to participate.

Hats Protocol Protection Mining (PPM), which will be live soon after the launch, will create long term incentives for those who care about the security of dapps in the ecosystem to particiapte, contribute, and help grow this open tool.

Agree with @ clesaege that bounties are good, and much better to disclose, and incentivize responsible disclosure, than to have the assets of a smart contract drained.

But that is not really the question of this proposal.

The question here is about whether or not one specific method of doing this, a continuous 24x7 ongoing bug bounty, operated by a particular (and reasonably complex) set of smart contracts, put together by hats.finance and only just now getting to its initial alpha release, is a good way for GnosisDAO to use 200,000 GNO at the current time.

That is going to be a complex answer. And I don’t know where I’ll fall out on it. But it is much more complex than just saying “we want to pay hackers” 'cause it will reduce impact of vulnerabilities. Maybe it will. But maybe it will not. Maybe it’ll get hacked before it has any of the intended effect. Maybe 100s of other possiblilities.

So let the informed and thoughtful discussion begin.

Let’s see what many others think on this matter.

I don’t think there’s any intention to deposit 200k GNO into the Hats vault.
It could def be taken in gradual steps, initially Gnosis DAO can deposit few hundred thousand dollar worth of GNO and let additional GNO holders that want to participate in “security farming” and receive $HAT tokens to deposit themselves.

Assuming that the Hats vaults contracts are well tested and audited (need verification), I don’t see it as a big financial decision / risk for Gnosis DAO.

I think that there’s two main questions to be answered:

1. Whether Gnosis DAO members think this new system would help align incentives and reduce the risk for hacks by having well defined system for disclosures?
2. Would a few of the top Gnosis SC developers be willing to cooperate and serve as committee to review disclosure submissions

IMO the proposal is super interesting, risks are limited and the potential upside is big (potentially preventing an exploit)

The amount of the proposal is 200k$ of GNO (so 1 215 GNO) at current prices so it’s in line with exploratory work and not a large commitment. And unless there is a vulnerability (either in Gnosis product or Hat contracts) those are not even used (stay locked so have no market impact).
The only potentially negative scenario I see happening is the Hat contracts to be broken or the trusted parties to misbehave (intentionally or due to their keys being stolen). I estimate this risk multiplied by the amount at stake to be pretty low in comparison of the potential of avoiding a hack this way.

Hi @0x55 , thank you for taking the time to write your concern.

I will try to answer:

“The question here is about whether or not one specific method of doing this, a continuous 24x7”

We believe there isn’t such a thing as too much security. We think Ethereum dapps should include both our solution and others. The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control, for treasuries and users alike.

“(and reasonably complex)”

I assumed that you refer to the onboarding process?

We are working to bring the project onboarding friction to the minimum it can be. We believe that projects need to be 100% independent with all the tools to solve security vulnerabilities. Our main goal is to build a decentralized and scalable bounty network.

“put together by hats.finance and only just now getting to its initial alpha release, is a good way for GnosisDAO to use 200,000 GNO at the current time."

Reg. your concern about Hats.finnance release stage, we will not ask to move the proposal to vote before we will be on mainnet and our contract will be public.

Audit and safety measures:

• Please see [Zokyo audit]

• Other 2 audits have been done internally and all issues have been fixed.

• We are launching Hats vault on hats with $100K USDC worth in those days.

• In addition Hats.finance will deposit 1% of Hats token in circulation in hats vault -as a bounty program.

Hi @cmagan Thanks for your reply.

Our research showed that bug bounties with more than $200K for a critical vulnerability drew attention from auditors and hackers as interesting prize allocations. We are onboarding new projects with different TVL, and each one of them chooses differently. This is Gnosis community to decide the amount to be deposit.
Our unique mechanism allows all $GNO holders to deposit whenever they feel it’s the right time to add more security eyes on the protocols. For example: launching a new product, a new collaboration that affects the smart contract etc.…

As a community, you can choose together how important it is for you to incentivize others to make Gnosis a much safer environment. Another path that is developing is the gradual deployment of funds to the vault in batches for $50k-$100K, over a couple of months, reducing the smart contract risk from depositing funds to the Hats vaults
Bear in mind that funds will be released from the vault only due to a vulnerability disclosure. The upside from fixing an issues is drastically more valuable than the financial face value of the GNO tokens that are going to be deposited.

Re. your questien you raisd:
“Would a few of the top Gnosis SC developers be willing to cooperate and serve as committee to review disclosure submissions”

The committee is preferably the public multisig contract of the project - this contract usually executes the snapshot decisions or the founders of the project itself that have control over the deployed contracts to a certain extent already. By using a well-known party that is already staked in the project success we are aligning the incentives as those same people are responsible for much more than the funds in the pull itself.

Hi @clesaege thanks again for the time you take to answer.

If for some reason we were not clear enough, we suggested a fund of $200K worth of GNO. As a community, you can choose together how important it is for you to incentivize others to make Gnosis a much safer environment.

Our unique mechanism allows you to deposit and withdraw at any time, by that you can decide in a different period different amount to deposit.

Yes, thanks for kindly pointing that out. My error on interpreting the amount.

S/b US$200k worth of GNO;
NOT 200,000 GNO

Thanks.

Please update us all here when you have gotten everything on mainnet and public; as then we’ll be closer to a real vote.

Having said that, since I know understand that it is just US$200k of GNO, and not 200k GNO, I would expect I’ll probably be comfortable supporting a consensus of many others to support
IF that broader consensus also develops.

So far, have been surprised to find few commenting; and not many from inside Gnosis as we see on other proposals.

Hey all,
Short update - We are offering a $50,000 USDC bug bounty program on Rinkeby for responsible disclosure of vulnerabilities on Hats Dapp.
Learn more: The mission- hack HATs. Decentralized cybersecurity bounty… | by HatsFinance | Medium
@0x55

Hello all,

Continuing our phase1 proposal for collaboration between Hats.finance <>Gnosis, we would like to post our phase 2 for voting.

Our focus is to onboard new projects and enlarges the vaults.

I would like to receive from the Gnosis community questions and thoughts about the collaboration, to be answered here before we adding phase 2 for voting.

I will share the main questions from the proposal above, with a new update after our launch.

Hats. finance is a cybersecurity marketplace, launched in the end of August, with new vaults, check our dapp and our website.

How many bug bounty do we need?

Security underlies the technology of smart contracts that crypto currencies a reality. There is not such thing as too much security, especially with the rise of crypto attacks in the past year. We think Ethereum dApps should include both our solution and others. The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control for treasuries and users alike.

When should we vote for the collaboration?

As we wrote before, the onboarding process can be completed only after Hats contract is public.
The contracts are verified on Etherscan and can be found by clicking the “View Contracts Covered” under Hats vault in hats dApp.

Or here: hats-contracts/contracts at develop · hats-finance/hats-contracts · GitHub

Audit and safety measures:

Please see our audit report - hats-contracts/audit at develop · hats-finance/hats-contracts · GitHub

We are live with Hats vault on hats with $100K USDC worth.

In addition, Hats.finance will soon deposit 1% of Hats token in circulation in hats vault -as a bounty program.

Vault fund:

The amount of Funding the Gnosis vault on hats, by $GNO holders and Gnosis DAO is 100% controlled by you. As a community, you can choose together how important it is for you to incentivize others to make Gnosis a much safer environment. Bear in mind that funds will be released from the vault only due to vulnerability disclosure. The upside from fixing issues is drastically more valuable than the financial face value of the GNO tokens that are going to be deposited.

How much should we deposit?

We suggest 200k USD worth in GNO, but it’s your decision on determining how much, for how long, and when to increase/ decrease the amount in relation to changes you are doing in the contracts.

Next step:

• Voting for the collaboration
• Open the vault in hats dapp
• Fund the vault

Please do not hesitate to share any thoughts.

Ofir | Hats.finance

Hats.finance dapp and website.

Congrats on the launch!