What is Hats Finance?

Hats Finance is a decentralized platform dedicated to enhancing Web3 security. We leverage audit competitions, bug bounties, and other security mechanisms to protect DeFi protocols and their users. Our model is based on aligning incentives between security researchers (white hat hackers) and DeFi projects.

How do Audit Competitions work at Hats Finance?

Audit competitions at Hats Finance are time-sensitive events where security experts compete to identify vulnerabilities in smart contracts. These competitions are designed to quickly mobilize a community of auditors, providing a comprehensive and thorough security assessment for DeFi projects.

What are Private Audit Competitions at Hats Finance?

Private Audit Competitions are a tailored version of our standard audit competitions, designed for protocols seeking a more controlled and exclusive security assessment. In these competitions, select auditors are invited to participate based on their expertise and track record. This allows protocols to benefit from a focused and specialized audit process, ensuring deeper scrutiny and confidentiality when needed.

How do Private Audit Competitions differ from Open Audit Competitions?

While Open Audit Competitions are open to a broad range of auditors, creating a competitive and diverse environment, Private Audit Competitions are limited to a pre-selected group of auditors. This selective approach is particularly beneficial for projects requiring audits on sensitive or high-stakes smart contracts, where discretion and specialized skills are paramount.

What are Hats Bug Bounties?

Hats Bug Bounties are decentralized bounty programs hosted on the Hats Finance platform, allowing protocols to offer rewards for identifying vulnerabilities in their smart contracts. These bounties are designed to continuously engage the white hat hacker community in monitoring and improving the security of DeFi projects

What makes Hats Finance different from other security platforms?

Hats Finance stands out due to its fully on-chain solutions, transparency in operations, and unique pricing model where projects pay only for actionable, validated vulnerabilities. This approach not only minimizes financial risks for projects but also incentivizes high-quality submissions from security researchers.

How does the 'Pay Only for Results' model work?

In our 'Pay Only for Results' model, projects pay only when a valid vulnerability is identified and verified. This pricing structure ensures that projects are investing in tangible results that enhance their protocol’s security, rather than paying flat fees regardless of outcomes.

What are the benefits of participating in Hats Finance as a security researcher?

Security researchers are incentivized by our policy of only paying the first person who submits a unique and valid issue which allows Hats to offer higher rewards. The transparent, on-chain submission process ensures fair evaluation and timely payouts. Additionally, our arbitration mechanism offers a fair dispute resolution process, ensuring that researchers' findings are evaluated impartially.

How do I submit a vulnerability finding in Hats Finance?

Findings can be submitted through our decentralized application (dApp). This on-chain submission process ensures transparency and traceability. Detailed guidelines on the submission process are available on our website.

How are the severity of findings determined in Hats Finance?

Findings are categorized into High, Medium, and Low severities based on their impact and risk to the protocol. This assessment considers factors like financial implications, data integrity, and user trust. Our comprehensive guide on evaluating finding severity is available on our documentation page.

What happens if I disagree with the severity assessment of my finding?

If you disagree with the assessment by the project committee, you can initiate arbitration with a third-party arbitrator, such as Kleros. This process ensures that your submission receives an impartial judgment.

Can I contribute liquidity to bug bounty vaults?

Yes, projects and users can contribute liquidity to bug bounty vaults. This not only supports the security ecosystem but also enables liquidity mining for contributors upon Token Generation Event (TGE).

What is the role of the Kleros arbitration in Hats Finance?

Kleros arbitration is integrated into our platform to offer an unbiased dispute resolution mechanism. If there is a disagreement between the security researcher and the project committee regarding a submission, Kleros provides an impartial judgment, ensuring fairness in the payout process.