BIP #7 Hats Finance BPRO Allocation Vote

BIPs need to achieve a majority with the required quorum of 250k BPRO for a YES vote before it can be executed by the multisig.

Find further discussion concerning this proposal here.

Simple Summary

• Following the setup of the B.protocol vault and committee on Hats.finance dapp, and our last forum post, the goal of this proposal is to fund the vault.

• Hats.finance is a proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.

Abstract

Hats.finance created scalable vaults using the project’s own token. The value of the bounty increases with the success of the token and project. In addition, NFT artists will create numerous unique NFTs that will be minted specially for hackers and auditors that will responsibly disclose vulnerabilities.

We offer every participant in the Ethereum ecosystem skin in the game to ensure a more secure future for the users of #Ethereum.

This proposal aims to incentivize hackers, auditors, and the community to protect the B.protocol contracts by promoting responsible disclosure.

The proposal suggests depositing BPRO tokens into B.protocol proactive vault on Hats. BPRO vault is a permissionless vault where anyone can participate by depositing and withdrawing. $BPRO.

Motivation

• 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of exploiting it.
• A disclosed vulnerability means no TVL/ TOKEN and, most of all, no reputation loss.
• PR of disclosure and fix becomes a strength to the project and its development team.
• Attract more users to the “strong and secure protocol.”
• Permissionless vault - token holders and the B.protocol community can deposit or withdraw in the same permissionless nature.

BPRO value:

• BPRO staked in Hats vault increases B.protocol security guarantees
• Staking BPRO in the hat vaults reduces circulating token supply
• One-sided yield farming based on your BPRO
• Participating in Hats pull at this initial phase will be rewarded with extra allocation points (Extra token incentive for the first 20 projects to join). This way, the B.protocol community will have extra voting power in what can potentially become an important security layer of the ecosystem.

B.protocol community / BPRO holders:

• Join the effort to secure the ecosystem.
• Financial incentive in the form of Yield farming (Protocol protection mining)
• Protect their own project token by risking a portion of their holdings. By doing that, get $HAT and become influential in the Hats governance process. Hats liquidity mining program will start soon.

Specification

The hats protocol is permissionless, meaning anyone can participate and lock BPRO in the Hats BPRO vault. The BPRO vault protects the B.protocol contracts from hacks by incentivizing responsible disclosure through the Hats protocol.

If a hacker responsibly discloses an exploit through the Hats mechanism, a portion (depending on severity) of the locked BPRO tokens will go to the hacker as a reward, some vested, and some immediately. ( See the reward split in Kleros vault, for example)

This is a win-win situation for Hackers, the B.protocol community, and the core team.

As a BPRO holder: Statistically, when a protocol suffers a hack or exploit, its token value will drop between 35-50% at the 24 hours following the hack (Messari). It is rational to lock part of a user’s holdings to protect the rest of her holdings from a potential hack.

Hacker gets a substantial amount of FUNGIBLE money, become known for disclosing a critical vulnerability instead of rekt’ing the protocol and its stakeholders, and receive funds without becoming a worldwide criminal.

We found out that a crucial element for black hat hackers is privacy, permissionless, no KYC.

The decentralization of the protocol is critical in order to incentivize anyone involved in the protocols to protect it: community, artist, investors, team members, & developers.

Rationale

Security underlies the technology of smart contracts; there isn’t such a thing as too much security. We think Ethereum dapps should include both our solution and others.

The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control for treasuries and users alike.

The Hats contracts are public (find the link at the first comment) verified on Etherscan and can be found by clicking the “View Contracts Covered” under Hats vault in hats dApp (find the link at the first comment)

Audit and safety measures:

• Audit reports - find the link at the first comment.
• Hats is live with Hats vault containing more than $130K USDC worth of tokens to further incentivize responsible disclosure.

Vault fund:

As a community, you can take mutual action to incentivize others to make B.protocol a safer environment.

Bear in mind that funds will be released from the vault only due to vulnerability disclosure. The upside from fixing issues is drastically more valuable than the financial face value of the BPRO tokens that are going to be deposited.

It’s in the hands of the B.protocol community to determine changes to this initial deposit and to increase/ decrease its size in relation to changes you are doing in the contracts.

Implementation

• Fund $BPRO vault on hats

Proposal:

B.protocol DAO will deposit a 100k$ worth in BPRO to incentivize White hats hackers and auditors to make B.protocol a safer environment.

As a reference, Kleros and Liquity already decided to deposit 200k$ and 250k$ worth of tokens in hats vault.