Simple Summary:
Hi everyone, my name is Ofir, I’m a core contributor in Hats.finance Growth team.
This proposal is a continuation of the announcment from the 9th of December 2021, the deployment of Paraswap’s vault ( Bug bounty) on Hats.finance dApp. This proposal’s goal is to approve the first deposit of $PSP, by Paraswap DAOs, into the vault.
Context:
Hats.finance is a decentralized bug bounty protocol that allows anyone to add liquidity to a smart bug bounty while farming $HATS. Hackers can responsibly disclose vulnerabilities with no identification and direct communication with the project dev team all of this while being rewarded with scalable prizes & NFTs for their work.
Smart bug bounty programs are a win-win for everyone. They can be created easily with a few on-chain transactions and do not cost anything unless a vulnerability is discovered and fixed, which would be more costly and irreversible once exploited. More importantly, it is transparent, decentralized and empowers the community to protect a protocol they are invested in.
The paraswap vault (Bug bounty) was created with the support of the ParaSwap bug bounty committee members, their responsibility is:
- Triage auditors/hackers reports/claims.
- Approve claims within a reasonable time frame (Max of 6 days)
- Be responsive via its telegram bot.
Goals:
ParaSwap bug bounty is already live on the mainnet, without any reward for hackers.
This proposal’s goal is to add a minimum of $50,000 worth of $PSP tokens to the vault, to create the right incentive for hackers.
The bug bounty deposit/withdrawal is permissionless means anyone who holds $PSP can add liquidity to bug bounty and add more security to Paraswap protocol, in return anyone who deposits (DAO, Private, investors, etc…) can earn (Farm) $HATS tokens.
There is a minimum of 7 days between the withdrawal request and the withdrawal function.
Means:
The only requirement for this proposal to come to life is to vote on it. If the proposal passes, the DAO will deposit the amount into the Paraswap vault (bug bounty) and officially open the bug bounty for the user’s deposit. We encouraged $PSP holders to deposit a portion of their $PSP into the bug bounty to join the security efforts and in return farm $HAT governance tokens.
Vault size:
When you incentivize hackers with a big bounty, you drive attention to secure your protocol. Because the bounty is a relative portion of the vault, the more value the vault holds, the larger the prize.
Benefits:
Project covered:
- 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of hacking.
- A disclosed vulnerability means NO TVL/ TOKEN loss.
- PR of disclosure and fix becomes a strength to the project.
- Attract more users to the “strong and secure protocol”
Proposal benefits:
- PSP staked in vault brings higher security guarantees to ParaSwap.
- Staking PSP in the hat vaults reduces circulating token supply
- Users who are aligned with the long-term goals of Paraswap can share responsibility for code flaws.
- One-sided yield farming based on your PSP
- PSP community will gradually get voting rights in Hats decentralized security protocol.
Project community / token holders:
- Join the effort to secure the ecosystem.
- Financial incentives in the form of Yield farming
- Protect their own project token by sacrificing a portion of their token, to make their holding more secure. By doing that, get $HAT.
Metrics:
If a hacker submits a vulnerability instead of hacking Paraswap contracts - this will be considered a success.
Forward-thinking considerations:
The DAO and the committee can consider editing or removing contracts from the bug bounty program. Increasing the bounty reward by the DAO, after the committee adds new contracts or deploys new versions.
Thanks!
Ofir | Hats.finance