Bug Bounty Vault Proposal by Hats Finance

Summary:

This is a proposal for Idle DAO to collaborate with Hats.finance, create a hacker/auditors incentive pool to protect the Idle smart contracts. The goal of the vault is to incentivize vulnerability disclosure for Idle smart contracts. Liquidity can be added permissionless and LPs will be rewarded with $HAT token once the liquidity mining program is launched.

Motivation

Project coverage:

• 24\7 audits on your protocol with a proactive approach that incentivizes hackers to disclose vulnerabilities instead of hacking
• A disclosed vulnerability means no TVL\ TOKEN loss
• Permissionless vault — token holders and the protocol community can deposit or withdraw in the same permissionless nature.
• Public relation regarding mitigated vulnerabilities and security becomes a strength of the project.
• Attract more users that have high security requirements

Token value:

• Token staked in vault → Token with higher security guarantees.
• In the future one-sided yield farming based on $IDLE
• Staking tokens in the Hat vaults reduces circulating token supply

Committee:

• The main incentive of a committee to triage reports is the potential to rescue users’ funds and the protocol’s reputation. In addition, Hats has two incentive mechanisms in place in addition:

• Each call to approve function (confirmation of an exploit that was resolved by the project committee) triggers a split function that sends part of the reward (default 5%) to the committee for triaging the issue and solving it in a responsible manner.

• Each exploit claim is attached with ETH denominated fees. This fee is intended to prevent bad actors to use the reporting function to create spam reduce the exploit report spam and to incentivize report triage by committees. The fees are transferred to the Hats governance wallet in order not to expose the project that was reported and will be transferred to the respected committees from time to time upon receipt of disclosure descriptions that correspond to the hash of the vulnerability on-chain. Submission fees are currently set to 0 so only tx gas costs apply.

Project community \ Token holders:

• Join the effort to secure the ecosystem of Idle DAO.
• Protect their $IDLE by depositing a portion of their $IDLE holding to the bug bounty vault to make their holding more secure. By doing that, depositors potentially get $HAT tokens (on liquidity mining program launch)
• Permissionless vault — token holders and the protocol community can deposit or withdraw in the same permissionless nature.

Hacker/Auditors:

• Fungible funds - no need to move the funds into mixers
• Incentivized by the big reward prize, less than what they could hack, but still a meaningful amount.
• Play by black hat rules and get a white hat rewards.
• Easier to disclose vulnerability than to exploit it
• No KYC
• Reputation and notoriety as a proficient hacker
• Be good, do good for the ecosystem

Actions:

• Idle DAO will deposit $10.000 worth of $IDLE tokens to the Bug Bounty Vault on Hats Finance.

Voting Options

Please cast your vote on one of the following options: FOR: Approval of creating a Bug Bounty Vault on Hats Finance AGAINST: Rejection of creating a Bug Bounty Vault on Hats Finance DISCUSS MORE: Discuss more the proposal

This poll is available for both $IDLE token holders and stkIDLE holders. The final $IDLE voting weights will be calculated using the approved calculator.