Hats.Finance - Decentralized Cybersecurity Incentive Network Proposal

The Community Fund is pleased to begin it’s consideration for the community granting process for Hats.Finance

Hats is a decentralized cybersecurity incentive network. Governed by its community stakeholders - Hackers, Projects, and Token holders — to incentivize protocol security and responsible disclosure.

NXM will be one of the first Hat incentive vaults providing active protection to Nexus Mutual. This incentivizes vulnerability disclosure for NXM smart contracts while farming rewards in the form of hats tokens.

We are creating an incentive mechanism, complimentary to Nexus Mutual, that utilizes the development culture of Ethereum to help secure it.

Hat.Finance would require the following as support from the Nexus team

-Assign a committee to look through disclosure reports in addition we will be happy to get:

  • Deposit NXM in the hats NXM pool

  • Propose a boost in NXM tokens for NXM covered pool bounties

  • Marketing and communication help

Hats V1 is planned to be released by the end of May.

We don’t need a budget just for NXM to participate in the protocol

Impact matrix

All proposals will be considered based on their potential impact on the mutual.

  1. Awareness/education Projects that seek to grow awareness of Nexus in the wider community and to help members understand how the mutual works. Examples could include writing docs, newsletters, producing videos, memes, NFTs.
  2. Distribution/sales Projects that focus on b2b partnerships or increase distribution of cover at the source of the primary purchase (ie, on DeFi apps). Examples could include building a distributor on top of Nexus, integrations with other projects, or designing new products.
  3. Technical improvements/capability Projects that seek to expand functionality of the mutual or development of new products. Examples could include contributing to open source code, designing user interfaces, building a reinsurance layer or constructing bundled yield bearing and protected products

Once a proposal has been up for discussion on here for 7 days it will be closed and we will then translate it to the snapshot for voting. After the snapshot has concluded and if it has produced a favorable outcome, we will distribute the funds.

Details about the Community Fund can be found on this page of our Docs

3 Likes

I like this proposal, but should we maybe evaluate competing projects such as CodeArena and Immunefi as well?

Would we be forfeiting working with these communities in the future if we commit to Hats?

It would be best if we could partner with all three of them somehow and have their risk evaluations funnel back into Nexus.

1 Like

Great question @HeyChristopher . I would like to stress that there is no exclusive commitment of Nexus to Hats protocol here. In order to participate in other projects Nexus just have to make sure it has an article in their terms and condition of reward to not reward the same exploit or hack twice.

1 Like

I don’t quite get the idea yet; where do the incentives come from? What’s the difference to Armor.fi?

Armor.fi is an insurance tool. Hats doesn’t provide coverage in case a protocol got hacked or exploited. Hats is an incentive layer for responsible disclosure and white hat hacker which should prevent hacks and exploits of the protocols that participate in it.

Can you describe in a little more detail the benefits to mutual members and the benefits to white hats using this system? I read through your Medium post, but more detail would help me understand the cost versus benefit. While this proposal doesn’t require a budget, it does require a deposit of NXM into one of your vaults.

What I’d like to know:

Committee

  • How many members of the Core Team/Community would be required to serve on a committee?

Boost in NXM tokens

  • Would this boost be initiated by the mutual? Or is the boost initiated by Hats to launch the vault?

Marketing and Communication

  • Can you share the exact way Hats Finance can assist the mutual in Marketing/Communication efforts?
  • How are vulnerabilities communicated to the Hats team and to the proposed committee?

White hats

  • Do you have an established white hat community that plans to participate in Hats Finance at launch? Or will Hats Finance be bootstrapping a community through initial high-APY incentives?

If we were to follow the model Nexus uses with ImmuneFi, we would allocate roughly ~$100,000-$150,000 USD in NXM to the Hats vault (~641 NXM to 962 NXM at today’s price). The top payout is $50,000 USD, but we’d need to have more capital to cover smaller events without draining the vault if disclosures take place.

For other members, here is some context: Nexus Mutual currently has a bug bounty managed by ImmuneFi with a top payout of $50,000 USD for critical vulnerabilities. A partnership with Hats.Finance wouldn’t infringe on the mutual’s relationship with ImmuneFi; it would simply add another venue to attract white hats and it would be another opportunity to keep the Nexus smart contract system safe for members. To contrast from the Dedaub proposal, this proposal would get more eyes on Nexus Mutual’s smart contract system, while Dedaub would primarily focus on the smart contract systems of the mutual’s listed protocols.

Hats.Finance is one way to implement the advice Delphi Digital provided after the Alpha Homora v2 exploit in February.

Appreciate you taking the time to offer a partnership proposal with the Nexus community. Thank you for your answers in advance :v: :turtle:

Thanks you for the detailed questions. I tried to answer all the questions inline in bold.

Hello Everyone! This has been an amazing thread with lots of great questions, feedback and responses. Just a reminder that this forum will close on Monday, May 17th. If you have any lingering questions, now is the time to ask and get clarification before we close it out for vote! Once we have closed it out, there can be no change to the proposal once it goes to Snapshot. Thank you to our community members and to Hats.Finance for this discourse.

1 Like