Should we move forward with Nexus Mutual Community <> Hats Collaboration: Next Steps?

This is a proposal to move forward with the Nexus Mutual community <> Hats collaboration, the second step after the passing of consideration of collaboration 3 proposal. https://snapshot.org/#/community.nexusmutual.eth/proposal/QmaJTF5hP1VKJkoK6SJF3v7sCNQJ7N6Gg9HN1XFCfXdYri

Hats believe that their solution is a direct continuation of the Bug bounty services discussed and proposed by @BravenewDefi back in February. https://forum.nexusmutual.io/t/creating-a-bug-bounty-service-run-by-nexus-mutual/433

The Proposal:

Nexus mutual community sets up a committee and deposits NXM into the Nexus Mutual Vault in Hats.

Set up a committee on Hats vault - Choose trusted members of the dev team that could triage the vulnerabilities that will be sent by the hackers / auditors through the encrypted offline communication channel. This team will have visibility to vulnerabilities of the protocol and should be chosen carefully by the mutual. Availability of that team should also be taken into account as vulnerabilities that will be reported will have to be triaged in a timely manner.

Deposit of 6250 NXM (roughly $500,000). We believe this is a sufficient sum to attract developers, auditors, and hackers to re the NXM smart contracts *Bear in mind that this is not a grant, but a deposit that incentivizes responsible disclosure of vulnerabilities in the Nexus Mutual contracts and products. At any point the Nexus Mutual community / governance can decide to withdraw the NXM from the vault.

Nexus mutual covered protocol 25% reward boost - Nexus mutual will reward hackers/auditors of other vaults on hats that are covered by the mutual with 25% of the reward value that will be given to the hacker in NXM tokens that would not exceed $250k in value per approved disclosure. No deposit is made by the mutual upfront. The mutual will agree to do it and will consider each case on its own. Hats will display this reward boost by the mutual on its UI with a comment (“NXM will consider the boost on a per vulnerability disclosure basis and might not choose to boost every or any vulnerability”). Hats will boost the NXM vault with an additional 25% emission rate over other protocol vaults on hats.

Once Hats PPM (Protocol Protection Mining) program is live, the NXM governance will also automatically farm Hats tokens in return for protecting the NXM protocol. This provides additional upside to nexus mutual and it’s community members who participate in the protection mining.

Future angles of collaboration

Additional rewards to nexus mutual participants on Hats PPM (Protocol Protection Mining) in the form of NXM tokens. ~3,000 NXM tokens over the course of three months. Automatic buying of nexus mutual insurance from, and for Hat vaults for Hats finance will prioritize the onboarding of protocols that are covered by the mutual.

Hats audit and security measures:

Hats contracts has been audited by Zokyo and two individual auditors with no major findings while all the issues were fixed to the satisfaction of the auditors. The funds in the vault and their allocation to hackers/auditors is controlled by the Nexus Mutual committee alone.