GIP-Draft: Hats.finance vault creation
- Create vault on Hats.finance
- Make no changes
0 voters
GIP: <to be assigned>
title: Hats.finance vault creation
author: Ofir Perez <sombrero@hats.finance>
status: Phase 2
type: Meta
created: 2021-9-15
This is the suggested template for new GIPs.
Note that an GIP number will be assigned by a forum moderator. When creating a topic to submit your GIP, please name accordingly, gip-draft: title.
Simple Summary
Following the previous forum post this is a proposal to create a Gnosis security vault on Hats.finance. Security Vaults on Hats incentivizes hackers, auditors, and the community to protect the projects and protocols contracts by promoting responsible disclosure.
Tl;dr
- A committee composed of Gnosis dev leadership & security auditors is assigned as reviewers for security disclosures.
- A Gnosis vault is initialized on Hats.finance protocol, with defined severities, covered smart contracts list.
- Community members, Gnosis Treasury, and the wide ecosystem are incentivized to deposit GNO into the vault.
- The goal of the vault is to incentivize responsible disclosure in the case of a detected hack or exploit.
- We are going to roll out additional incentives for all stakeholders – GNO lockers, Hackers, Committee members.
- The dApp is live app.hats.finance
Abstract
Hats.finance is a proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.
Hats create scalable vaults using the project’s own token. The value of the bounty increases with the success of the token and project. In addition, prolific NFT artists have pledged assistance and will create numerous unique NFTs that will be minted specially for hackers and auditors that will responsibly disclose vulnerabilities.
We offer to every participant in the Ethereum ecosystem skin in the game, to ensure a more secure future for the users of #Ethereum.
Motivation
Gnosis project:
- 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of exploiting it.
- A disclosed vulnerability means no TVL/ TOKEN and most of all no reputation loss.
- PR of disclosure and fix becomes a strength to the project and its development team.
- Attract more users to the “strong and secure protocol”
- Permissionless vault - token holders and the gnosis community can deposit or withdraw in the same permissionless nature.
GNO value:
- GNO staked in Hats vault increases Gnosis security guarantees
- Staking GNO in the hat vaults reduces circulating token supply
- One-sided yield farming based on your GNO
- Participating in Hats pull at this initial phase will be rewarded with extra allocation points(Extra token incentive for the first 20 projects to join). This way the gnosis community will have extra voting power in what can potentially become an important security layer of the ecosystem.
Gnosis community / GNO holders:
- Join the effort to secure the ecosystem.
- Financial incentive in the form of Yield farming (Protocol protection mining)
- Protect their own project token by sacrificing a portion of their token, to make their holding more secure. By doing that, get $HAT and become influential in the Hats governance process.
Specification
The hats protocol is permissionless, meaning anyone can participate and lock GNO in the Hats GNO vault. The GNO vault protects the Gnosis protocol from hacks by incentivizing responsible disclosure through the Hats protocol.
If a hacker responsibly discloses an exploit through the Hats mechanism, a portion (depending on severity) of the locked GNO tokens will go to the hacker as a reward, some vested, and some immediately.
This is a win-win situation for Hackers, the Gnosis community, and the core team.
As a GNO holder, if the protocol suffers a hack, the token value will drop between 35-50% at the 24 hour following the hack ( Messari). It is rationale to lock part of my holdings, in order to protect the rest of my holdings from a potential hack.
Hacker gets a substantial amount of FUNGIBLE money, become famous for disclosing a critical vulnerability instead of rekt’ing the protocol and its stakeholders, and receive funds without becoming a worldwide criminal.
We found out that a crucial element for black hat hackers is privacy, permissionless, no KYC.
This is why the decentralization of the protocol is critical, and to incentivize anyone involved w/ the protocols to protect it: community, investors, team members, & developers.
Rationale
Security underlies the technology of smart contracts, there isn’t such a thing as too much security. We think Ethereum dapps should include both our solution and others. The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control for treasuries and users alike.
As we wrote before, the onboarding process can be completed only after hats contract will be public. The Hats contracts are public verified on Etherscan and can be found by clicking the “View Contracts Covered” under Hats vault in app.hats.finance
Audit and safety measures:
Hats is live with Hats vault containing $100K USDC worth of token to further incentivise responsible disclosure.
In addition, Hats.finance will deposit 0.5-1% of Hats tokens in circulation onhats vault - as a bounty program.
Vault funding: Not part of this GIP
The amount of Funding the Gnosis vault on hats, by $GNO holders and Gnosis DAO is 100% controlled by you. As a community, you can choose together how important it is for you to incentivize others to make Gnosis a much safer environment. Bear in mind that funds will be released from the vault only due to vulnerability disclosure. The upside from fixing issues is drastically more valuable than the financial face value of the GNO tokens that are going to be deposited.
Implementation
The hats team will create the committee set up JSON file with all the open-source details we collected online. Then we will send it to the Gnosis team for confirmation.
When this stage will be completed the vault will be displayed in hats dApp.
Gnosis Impact
Phase 2 Proposals: Please ignore this section, and leave as is. It is used for Phase 3 proposals.
Phase 3 Proposals: Replace the question in the below iframe with the relevant questionID for this GIP, then delete this paragraph. If Omen Prediction Markets have not been created for this GIP yet, or if you have any questions about retrieving the questionID, please get in touch with a forum moderator.
GnosisDAO Snapshot
Phase 2 Proposals: Please ignore this section, and leave as is. It is used for Phase 3 proposals.
Phase 3 Proposals: Add a link to the corresponding GnosisDAO Snapshot poll you’ve created.