PSP-IPΔ19: Depositing $PSP in Paraswap Decentralised bug bounty on Hats.finance

Simple Summary:

Hi everyone, my name is Ofir, I’m a core contributor in Hats.finance Growth team.

This proposal is a continuation of the announcment from the 9th of December 2021, the deployment of Paraswap’s vault ( Bug bounty) on Hats.finance dApp. This proposal’s goal is to approve the first deposit of $PSP, by Paraswap DAOs, into the vault.

Context:

Hats.finance is a decentralized bug bounty protocol that allows anyone to add liquidity to a smart bug bounty while farming $HATS. Hackers can responsibly disclose vulnerabilities with no identification and direct communication with the project dev team all of this while being rewarded with scalable prizes & NFTs for their work.

Smart bug bounty programs are a win-win for everyone. They can be created easily with a few on-chain transactions and do not cost anything unless a vulnerability is discovered and fixed, which would be more costly and irreversible once exploited. More importantly, it is transparent, decentralized and empowers the community to protect a protocol they are invested in.

The paraswap vault (Bug bounty) was created with the support of the ParaSwap bug bounty committee members, their responsibility is:

  1. Triage auditors/hackers reports/claims.
  2. Approve claims within a reasonable time frame (Max of 6 days)
  3. Be responsive via its telegram bot.

Goals:

ParaSwap bug bounty is already live on the mainnet, without any reward for hackers.

This proposal’s goal is to add a minimum of $50,000 worth of $PSP tokens to the vault, to create the right incentive for hackers.

The bug bounty deposit/withdrawal is permissionless means anyone who holds $PSP can add liquidity to bug bounty and add more security to Paraswap protocol, in return anyone who deposits (DAO, Private, investors, etc…) can earn (Farm) $HATS tokens.

There is a minimum of 7 days between the withdrawal request and the withdrawal function.

Means:

The only requirement for this proposal to come to life is to vote on it. If the proposal passes, the DAO will deposit the amount into the Paraswap vault (bug bounty) and officially open the bug bounty for the user’s deposit. We encouraged $PSP holders to deposit a portion of their $PSP into the bug bounty to join the security efforts and in return farm $HAT governance tokens.

Vault size:

When you incentivize hackers with a big bounty, you drive attention to secure your protocol. Because the bounty is a relative portion of the vault, the more value the vault holds, the larger the prize.

Benefits:

Project covered:

  • 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of hacking.
  • A disclosed vulnerability means NO TVL/ TOKEN loss.
  • PR of disclosure and fix becomes a strength to the project.
  • Attract more users to the “strong and secure protocol”

Proposal benefits:

  • PSP staked in vault brings higher security guarantees to ParaSwap.
  • Staking PSP in the hat vaults reduces circulating token supply
  • Users who are aligned with the long-term goals of Paraswap can share responsibility for code flaws.
  • One-sided yield farming based on your PSP
  • PSP community will gradually get voting rights in Hats decentralized security protocol.

Project community / token holders:

  • Join the effort to secure the ecosystem.
  • Financial incentives in the form of Yield farming
  • Protect their own project token by sacrificing a portion of their token, to make their holding more secure. By doing that, get $HAT.

Metrics:

If a hacker submits a vulnerability instead of hacking Paraswap contracts - this will be considered a success.

Forward-thinking considerations:

The DAO and the committee can consider editing or removing contracts from the bug bounty program. Increasing the bounty reward by the DAO, after the committee adds new contracts or deploys new versions.

Thanks!

Ofir | Hats.finance

10 Likes

Hey, as mentioned in the forums, I feel this proposal is pretty much good to go, as you followed the necessary guidelines for a proposal. Correct me if I am wrong, but the only action necessary for the DAO would be depositing $PSP in the vault once, correct?

If so, then the only change that’s needed is changing the ‘$50,000 worth of $PSP tokens’ to an actual PSP value. Should we say ~125k?

Once we agree on the final token amount we can put things to a vote!

1 Like

Hey,
Yes, you’re right.
Paraswap DAO deposit is the only thing you need to vote for and execute.
The committee of Paraswap vault on Hats will need to check in before the deposit.

Thank you for pushing it forward.

Hey @Sombrero , I’ve grabbed your original post and made it proposal-friendly, tell me what you think and if it’s all good! I basically just added the PSP value, voting options and proposal number.


1. Proposal Number & Name

PSP-IP19: Depositing $PSP in Paraswap Decentralised bug bounty on Hats.finance

2. Keywords

security, collaboration, hats.finance

3. Simple Summary

Hi everyone, my name is Ofir, I’m a core contributor in Hats.finance Growth team.

This proposal is a continuation of the announcment from the 9th of December 2021, the deployment of Paraswap’s vault ( Bug bounty) on Hats.finance dApp. This proposal’s goal is to approve the first deposit of $PSP, by Paraswap DAOs, into the vault.

4. Context

Hats.finance is a decentralized bug bounty protocol that allows anyone to add liquidity to a smart bug bounty while farming $HATS. Hackers can responsibly disclose vulnerabilities with no identification and direct communication with the project dev team all of this while being rewarded with scalable prizes & NFTs for their work.

Smart bug bounty programs are a win-win for everyone. They can be created easily with a few on-chain transactions and do not cost anything unless a vulnerability is discovered and fixed, which would be more costly and irreversible once exploited. More importantly, it is transparent, decentralized and empowers the community to protect a protocol they are invested in.

The paraswap vault (Bug bounty) was created with the support of the ParaSwap bug bounty committee members, their responsibility is:

1/ Triage auditors/hackers reports/claims.
2/ Approve claims within a reasonable time frame (Max of 6 days)
3/ Be responsive via its telegram bot.

5. Goals

ParaSwap bug bounty is already live on the mainnet, without any reward for hackers.

This proposal’s goal is to add a minimum of 1,000,000 $PSP tokens to the vault, to create the right incentive for hackers.

The bug bounty deposit/withdrawal is permissionless means anyone who holds $PSP can add liquidity to bug bounty and add more security to Paraswap protocol, in return anyone who deposits (DAO, Private, investors, etc…) can earn (Farm) $HATS tokens.

There is a minimum of 7 days between the withdrawal request and the withdrawal function.

6. Means

The only requirement for this proposal to come to life is to vote on it. If the proposal passes, the DAO will deposit the amount into the Paraswap vault (bug bounty) and officially open the bug bounty for the user’s deposit. We encouraged $PSP holders to deposit a portion of their $PSP into the bug bounty to join the security efforts and in return farm $HAT governance tokens.

6.1 Vault size:

When you incentivize hackers with a big bounty, you drive attention to secure your protocol. Because the bounty is a relative portion of the vault, the more value the vault holds, the larger the prize.

6.2 Benefits:

Project covered:

  • 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of hacking.
  • A disclosed vulnerability means NO TVL/ TOKEN loss.
  • PR of disclosure and fix becomes a strength to the project.
  • Attract more users to the “strong and secure protocol”

Proposal benefits:

  • PSP staked in vault brings higher security guarantees to ParaSwap.
  • Staking PSP in the hat vaults reduces circulating token supply
  • Users who are aligned with the long-term goals of Paraswap can share responsibility for code flaws.
  • One-sided yield farming based on your PSP
  • PSP community will gradually get voting rights in Hats decentralized security protocol.

Project community / token holders:

  • Join the effort to secure the ecosystem.
  • Financial incentives in the form of Yield farming
  • Protect their own project token by sacrificing a portion of their token, to make their holding more secure. By doing that, get $HAT.

$$ Metrics:

If a hacker submits a vulnerability instead of hacking Paraswap contracts - this will be considered a success.

Forward-thinking considerations:

The DAO and the committee can consider editing or removing contracts from the bug bounty program. Increasing the bounty reward by the DAO, after the committee adds new contracts or deploys new versions.

Thanks!

Ofir | Hats.finance


Voting Options

  • Approve Deposit of $PSP to the Hats.Finance Vault

  • Reject Deposit of $PSP to the Hats.Finance Vault

  • Abstain

3 Likes

Hey @0xYtocin, looks good to me.
Thanks for doing it.