Project name: Hats Finance
I understand that I will be required to provide additional KYC information to the Optimism Foundation to receive this grant: Yes
I understand that I will be expected to following the public grant reporting requirements outlined here: Yes
L2 recipient address: TBA
Which Voting Cycle are you applying for?: 10
Which sub-committee should review your proposal? (Builders Grants, Growth Experiment Grants): Growth Experiment Grants
Project description (please explain how your project works): Hats Finance is the first on-chain bug bounty protocol that includes and incentivizes all stakeholders (token incentives awaiting the TGE) to contribute to the security of Web3 products. Hats offers a proactive incentive-based protocol for white hat hackers and auditors, where DAOs, companies, community members, and stakeholders can add liquidity to bug bounties to encourage responsible disclosure and be rewarded in return. When hackers are incentivized satisfactorily with high bounties, it becomes all the more likely they will act responsibly and disclose vulnerabilities instead of exploiting them. Accordingly, projects using Hats bug bounty protocol add a layer of security that reduces the possibility of being hacked and protects all stakeholders from the destructive consequences of such exploits. The unfortunate reality is that we will never archieve mainstream crypto adoption if people do not feel secure while using web3 products (e.g. on Optimism). Our protocol enables collective responsibility for increasing actual and perceived security through the creation of scalable bug bounty vaults that can be funded using stable coins or any other on-chain asset. Additionally, Hats protocol is designed to be part of the public goods infrastructure of Web3. We believe in providing a security primitive that is composable and allows community participation. Now is the right time to deploy this kind of infrastructure to roll-ups and support the creation of an ecosystem on L2s by reducing the risk of exploits that harm projects and retail users alike.
Other relevant links (including any demos): @HatsFinance | Twitter | Linktree
Additional team member info (please link): Shay Zluf, CTO, and Hats Architect - https://twitter.com/shayzluf shayzluf (Shay Zluf) · GitHub
Ofir Perez, Head of Growth - https://twitter.com/perezofir
Jelle Gerbrandy, Head of Solidity - Commits · hats-finance/hats-contracts · GitHub
Carlos Fontes, Front-End - fonstack (Carlos Fontes) · GitHub
Please link to any previous projects the team has meaningfully contributed to: Shay Zluf, - Shay is Hats’ lead dev and Hats visionary. Shay is an Ethereum OG and can be best described as a decentralizer of the ecosystem and incentivizer of desired outcomes. He was also part of the “Prysmatic Labs” team developing the Ethereum 2.0 client.
Relevant usage metrics (TVL, transactions, volume, unique addresses, etc. Optimism metrics preferred; please link to public sources such as Dune Analytics, etc.): 26 Bounty Vaults
25% of TVL from the community
Strong growth in the community of security researchers
Competitors, peers, or similar projects (please link): The key advantage of Hats Protocol vs. the traditional, centralized bug bounty services are:
Hats bug bounty vaults are loaded with the native token, stablecoins, or yield-bearing token (Support in V2) of the project thus reducing the free-floating supply while giving the token additional utility.
Scalable bounty network — vault TVL increases with the project’s success.
Open & Permissionless —
Anyone can participate in the protection of an asset (Optimism ecosystem projects, their community members, and OP users).
Any hacker can participate anonymously when disclosing exploits (no KYC needed).
In the future, every depositor could earn rewards when providing liquidity.
Continuous protection — As long as tokens are locked in the vault, hackers are incentivized to disclose vulnerabilities through Hats instead of hacking.
Is/will this project be open sourced?: Yes
Optimism native?: No
Date of deployment/expected deployment on Optimism: Deployed
What is the problem statement this proposal hopes to solve for the Optimism ecosystem?: Direct losses from Hacks and Exploits exceeded $15b in the past two years and over $3b has been stolen by hackers this year alone. Unlike audits (which are confined to a specific time period), bug bounty programs provide a continuous layer of security to identify smart contract bugs and keep users safe. We request 200k $OP tokens to incentivize $OP ecosystem projects to create a bug bounty vault on Hats protocol to take an ongoing and on-chain security precaution. In contrast to Hats’ protocol, other bug bounty solutions offered today run counter to Optimism values of decentralization, permissionless-ness, open-sourced and accessibility to all. Additionally, there is currently no other bug bounty protocol incentivizing all stakeholders (teams, investors, DAO, community members, node operators, etc.) to help protect their projects and the underlying infrastructure against exploits and hacks. We believe that Optimism’s taking an initiative to incentivize the on-chain and ongoing security efforts of OP ecosystem projects will be an innovative and distinguishable approach to be adopted as a network.
How does your proposal offer a value proposition solving the above problem?: Hats.finance is an on-chain decentralized bug bounty platform designed to prevent crypto-hack incidents by offering the right incentives. Additionally, Hats.finance encourages community participation allowing anyone to add liquidity to a smart bug bounty. Hats also allows hackers to responsibly disclose vulnerabilities without KYC and be rewarded with scalable prizes and NFTs for their work.
Smart bug bounty programs are a win-win for everyone. They can be created easily with a few on-chain transactions (it takes around 1 hour to open a vault on Hats), and setting them up is free of charge. Bug bounty programs do not cost anything unless a vulnerability is discovered, which would be more costly and irreversible once exploited. More importantly, a bug bounty at Hats is transparent, and decentralized and gives power to the community behind the project.
Security underlies the technology of smart contracts and we strongly believe the future of cybersecurity has aligned incentives. We are taking leadership in relation to these principles by creating a decentralized bug bounty marketplace that creates the right incentives for all of its participants.
Why will this solution be a source of growth for the Optimism ecosystem?: OP has the chance to be the first network to incentivize ecosystem projects to secure themselves. It’s especially difficult for the fund-raising/small-cap projects to allocate big amounts of money to auditing services. We have witnessed many cases in which projects launched their product/service withour due diligence security-wise. However, Optimism will be able to incentivize ecosystem projects to create bug bounties on Hats protocol and let thousands of white hat hackers to help secure OP ecosystem projects thanks to our proposal.
Has your project previously applied for an OP grant?: No
Number of OP tokens requested: 200k
Did the project apply for or receive OP tokens through the Foundation Partner Fund?: No
If OP tokens were requested from the Foundation Partner Fund, what was the amount?: NA
How much will your project match in co-incentives? (not required but recommended, when applicable): Hats will match the incentives but the exact amount cannot be disclosed prior to the TGE for multiple reasons.
How will the OP tokens be distributed? (please include % allocated to different initiatives such as user rewards/marketing/liquidity mining. Please also include a justification as to why each of these initiatives align with the problem statement this proposal is solving.): 200k $OP tokens are used to incentivize depositors (including project DAOs, investors, community members, and audit firms) to the vault
Hats and OP tokens will be rewarded in a hybrid liquidity mining scheme to LPs of bug bounties. The rewards should be allocated to the different bounties based on Quadratic Market capitalization, Quadratic TVL, and the amount of liquidity that is provided by the responsible DAO. If the liquidity incentives will be deployed before the $HAT TGE has taken place the initial phase will be rewarded only by OP tokens.
Over what period of time will the tokens be distributed for each initiative? Shorter timelines are preferable to longer timelines. Shorter timelines (on the order of weeks) allow teams to quickly demonstrate achievement of milestones, better facilitating additional grants via subsequent proposals: We plan to run our own liquidity mining scheme over a period of two years.
Please clearly define the milestones you expect to achieve in order to receive milestone based installments. Please consider how each milestone relates to incentivizing sustainable usage and liquidity on Optimism. Progress towards each milestone must be trackable: In Hats protocol, incentives are used to reward community members that contribute to security and to steer incentives for hackers to an adequate level.
The initial 40% of $OP will be used to onboard five vaults and incentivize LPs to fill the vaults to $100k on average. After five vaults have been onboarded and the liquidity is at adequate levels, we request the remaining 60% of $OP incentives so that APYs do not drop below 10%.
At the current stage additional milestones do not provide any additional value from our perspective, but if the OP community would like to add KPIs like the number of disclosures, we are open to the discourse.
Why will incentivized users and liquidity on Optimism remain after incentives dry up?: Increasing the security will give more users the required trust to use the optimistic roll-up
Users that get burned by an exploit are unlikely to stay active participants in the crypto space.
Bug bounties are not necessarily aimed at rogue yield farmers since the risk/return profile only makes sense for market participants that already have a vested interest such as builders, long-term aligned community members, and users with locked assets. In other words, wewards will get channeled into the right hands.
Please provide any additional information that will facilitate accountability (smart contracts addresses relevant to the proposal, relevant organizational wallet addresses, etc.): Hats contracts - Hats.finance
Confirm you have read and agree to the Eligibility Restrictions (here): I have read the Eligibility Restrictions and agree to abide by their conditions