BIP #7 - B.protocol white hat incentive vault funding proposal

Simple Summary

  • Following the setup of the B.protocol vault and committee on Hats.finance dapp, and our last forum post, the goal of this proposal is to fund the vault.

  • Hats.finance is a proactive bounty protocol for white hat hackers and auditors, where projects, community members, and stakeholders incentivize protocol security and responsible disclosure.

Abstract

Hats.finance created scalable vaults using the project’s own token. The value of the bounty increases with the success of the token and project. In addition, NFT artists will create numerous unique NFTs that will be minted specially for hackers and auditors that will responsibly disclose vulnerabilities.

We offer every participant in the Ethereum ecosystem skin in the game to ensure a more secure future for the users of #Ethereum.

This proposal aims to incentivize hackers, auditors, and the community to protect the B.protocol contracts by promoting responsible disclosure.

The proposal suggests depositing BPRO tokens into B.protocol proactive vault on Hats. BPRO vault is a permissionless vault where anyone can participate by depositing and withdrawing. $BPRO.

Motivation

B.protocol:

  • 24/7 audit on your protocol with a proactive approach that incentivizes the hacker to disclose the vulnerability instead of exploiting it.
  • A disclosed vulnerability means no TVL/ TOKEN and, most of all, no reputation loss.
  • PR of disclosure and fix becomes a strength to the project and its development team.
  • Attract more users to the “strong and secure protocol.”
  • Permissionless vault - token holders and the B.protocol community can deposit or withdraw in the same permissionless nature.

BPRO value:

  • BPRO staked in Hats vault increases B.protocol security guarantees
  • Staking BPRO in the hat vaults reduces circulating token supply
  • One-sided yield farming based on your BPRO
  • Participating in Hats pull at this initial phase will be rewarded with extra allocation points (Extra token incentive for the first 20 projects to join). This way, the B.protocol community will have extra voting power in what can potentially become an important security layer of the ecosystem.

B.protocol community / BPRO holders:

  • Join the effort to secure the ecosystem.
  • Financial incentive in the form of Yield farming (Protocol protection mining)
  • Protect their own project token by risking a portion of their holdings. By doing that, get $HAT and become influential in the Hats governance process.

Hats liquidity mining program will start soon.

Specification

The hats protocol is permissionless, meaning anyone can participate and lock BPRO in the Hats BPRO vault. The BPRO vault protects the B.protocol contracts from hacks by incentivizing responsible disclosure through the Hats protocol.

If a hacker responsibly discloses an exploit through the Hats mechanism, a portion (depending on severity) of the locked BPRO tokens will go to the hacker as a reward, some vested, and some immediately. ( See the reward split in Kleros vault, for example)

This is a win-win situation for Hackers, the B.protocol community, and the core team.

As a BPRO holder: Statistically, when a protocol suffers a hack or exploit, its token value will drop between 35-50% at the 24 hours following the hack (Messari). It is rational to lock part of a user’s holdings to protect the rest of her holdings from a potential hack.

Hacker gets a substantial amount of FUNGIBLE money, become known for disclosing a critical vulnerability instead of rekt’ing the protocol and its stakeholders, and receive funds without becoming a worldwide criminal.

We found out that a crucial element for black hat hackers is privacy, permissionless, no KYC.

The decentralization of the protocol is critical in order to incentivize anyone involved in the protocols to protect it: community, artist, investors, team members, & developers.

Rationale

Security underlies the technology of smart contracts; there isn’t such a thing as too much security. We think Ethereum dapps should include both our solution and others.

The beauty of Hats being a fully permissionless protocol is that DAOs, treasuries, and individuals can deposit or withdraw funds from the vault at any point. Utilize Idle funds for active protection with full depositor control for treasuries and users alike.

The Hats contracts are public (find the link at the first comment) verified on Etherscan and can be found by clicking the “View Contracts Covered” under Hats vault in hats dApp (find the link at the first comment)

Audit and safety measures:

  • Audit reports - find the link at the first comment.
  • Hats is live with Hats vault containing more than $130K USDC worth of tokens to further incentivize responsible disclosure.

Vault fund:

As a community, you can take mutual action to incentivize others to make B.protocol a safer environment.

Bear in mind that funds will be released from the vault only due to vulnerability disclosure. The upside from fixing issues is drastically more valuable than the financial face value of the BPRO tokens that are going to be deposited.

It’s in the hands of the B.protocol community to determine changes to this initial deposit and to increase/ decrease its size in relation to changes you are doing in the contracts.

Implementation

  • Fund $BPRO vault on hats

Proposal:

B.protocol DAO will deposit a 100k$ worth in BPRO to incentivize White hats hackers and auditors to make B.protocol a safer environment.

As a reference, Kleros and Liquity already decided to deposit 200k$ and 250k$ worth of tokens in hats vault.

2 Likes

Useful links:
Audit
Contracts

1 Like

Website
dApp

1 Like

Going to give it a week for people to put their comments for this proposal and I’ll submit another BIP for the community to vote on :slight_smile:

1 Like

Thanks, @a7om!
If there is additional info you will need, please tagged me here or B.protocol Discord.

1 Like

Thanks for the updated proposal after launch @sombrero

  • Is the HAT emission for b.protocol vault on Hats reliant on this proposal passing?
  • How does a commity reach agreement? Simple majority? I see the commity is 3 people, 2 of which are anon Hats, correct?
  • Has it been confirmed or denied whether the 50k BPRO Immunifi bounty can be used for BOTH incentives? I think this was discussed.
4 Likes

Hi @TragedyStruck,
Thanks for your questions. I’m sorry for the late response due to time zone differences.

I will try to answer.

*** Is the HAT emission for b.protocol vault on Hats reliant on this proposal passing?**

Participating in Hats pull at this initial phase will be rewarded with extra allocation points (Extra token incentive for the first 20 projects to join), we are still under 20 projects, but not for long, as there are more projects in different stages of onboarding.

*** How does a commity reach agreement? Simple majority? I see the commity is 3 people, 2 of which are anon Hats, correct?**

Yes.
currently, the B.protocol committee includes Yaron and another 2 Hats team members as initial setup. We recommend that the committee will be structured from B.protocol team (devs/signers) only as the committee members might be exposed to sensitive info.

*** Has it been confirmed or denied whether the 50k BPRO Immunifi bounty can be used for BOTH incentives? I think this was discussed.**

t’s an important question.
Eitan mentioned this possibility at the community call without any response from the community. It’s the B.protocol DAO to decide how to use the funds.

I will mention again that $BPRO vault on Hats is a permissionless vault - token holders and the B.protocol community can deposit or withdraw in the same permissionless way.

Please let me know if you have any other questions regarding the Hats proposal.

Thanks!

2 Likes

I agree with that. I have nothing against the fact that the Hats Finance team is anonymous (maybe only I can’t find that info) but that’s why the committiee should be made up of Bprotocol community members, i.e. multi-sig. Maybe I dont understand role that committiee play in that game?
I think that such solutions are much more effective than audit firms because in this way each staker (holder) has a “skin in the game” and simply increases degree of protocol decentralization.
What are the features of “active vaults”?
In the case of a bounty prize payment, whose funds and in what proportion are paid to the white hacker? Proportional % of the individual address stake amount?
What are HAT token utilities?

1 Like

Thanks for your answers. To make sure I’m getting this 100% right:

  • Will the B.Protocol vault (which I see is already up on your website) receive HATs if this proposal fails? I’m kind of asking this since there seems to be some community support for your vault even before this proposal is live.
  • If this proposal succeeds, will both the project contribution and “other contributions” (deposits of BPRO) receive the “extra allocation points”? Any details of the specifics of this “extra”?
  • I see you concerns about having commity be team members due to disclosure, but to me it seems odd that Hats members are the deciding entity, in case e.g. Yaron is against. Are other project commities majority from the protocol? I guess in either case you might end up in a situation where one delegation is “in denial” about a vulnerability, but from a point of being familiar with B.Protocol and its members and not at all familiar with Hats and the anon devs and team it would feel more “safe” to me to have it be majority of B.Protocol team members. May just be me.
  • Perhaps @EitanK can clarify if it is at all possible to go with this proposal and make it work with Immunifi?I think currently the funds are simply in an account controlled solely by B.Protocol? If deposited into this Hat vault, would that be OK with Immunifi, given that they can be withdrawn from the vault and “given” to Immunifi, if a bounty has to be payed out there? Is this also OK with Hats?

Given that the same BPRO can be used for both Immunifi and Hats I think this is definitely interesting. I feel like there probably mostly the “early adopter” risk that comes with smart contracts… I do see you’ve had several rounds of audits though.

2 Likes

Thanks, @dabar90 , for your support and for those questions that make things clearer.
I will try to answer:

Committee responsibilities:

  1. Triage auditors/hackers reports/claims.
  2. Approve claims within a reasonable time frame (Max of 6 days)
  3. Set up repositories and contracts under review. (List of all contracts under the bounty program and their severity)
  4. Be responsive via its telegram bot.

What are the features of “active vaults”?

Active vaults meaning:

  • Permissionless- users can deposit and withdraw in a permissionless way.
  • The vault is open to any hacker, anywhere in the world, he can participate anonymously in disclosing exploits.
  • Continuous vault, as long as token are locked, hackers are incentivized.

In the case of a bounty prize payment, whose funds and in what proportion are paid to the white hacker? Proportional % of the individual address stake amount?

The B.protocol vault contains 4 severities (atm); each one has X% of the total amount of vault, which means different prizes to different severities.

Each exploit that will be fixed and rewarded through the protocol will trigger a split function that will incentivize hackers, committees, and protocol participants to further use the protocol. The split function parameters can be set by the governance and their default is:

  • 60%: 30 days vested Vault tokens for (Hacker reward)
    • In order not to put high sell pressure on the rewarded token
  • 20% Vault tokens (Hacker reward)
    • Fungible tokens for immediate hacker use
  • 5% Committee
    • To incentivize committee resolution and triage of vulnerabilities reports.
  • 5% Converted through Uni v3 to Hats and vested for 90 days (Hacker reward)
    • To make the hacker invested in the protocol, he had just added value to and to incentivize him to further disclose vulnerabilities through Hats protocol
  • 10% Converted through Uni v3 to Hats and sent to Governance
    • To incentivize the long-term sustainability of the protocol and its community needs.

When the split function happens, after the committee approves it, and all the security measures have been made, the amount will be paid to the white hacker from the total amount. It will be in a proportional percentage of the individual staked amount.

What are HAT token utilities?

Governance:

  • HATs token is the voting weight in the governance (Hats governance might require users tokens to be locked or staked to participate in governance decisions).

Farming:

  • The goal of the farming program is to Incentivize token deposits to the bounty vault, increasing the size of the vault while receiving $HAT’s rewards as a PPM (protocol protection mining) program.
  • Provide liquidity of HAT token on Uniswap v3 ETH<> HAT pool and get liquidity mining HAT’s rewards for locking your liquidity NFT.

Hats security vault:

  • The Hats token vault, which incentivizes disclosure for the hats protocol, will also further incentivize Hats token locking . Similarly to Sushi and xSushi, successful disclosures made in any one of Hats vaults will distribute a certain % of the tokens to Hat token lockers. (Pending governance decision)
1 Like

Hi @TragedyStruck , thank you again for taking the time to write.
I will try to answer:

Will the B.Protocol vault (which I see is already up on your website) receive HATs if this proposal fails? I’m kind of asking this since there seems to be some community support for your vault even before this proposal is live.

Each vault has an emission rate, and the first 20 projects to be onboarded will have the extra allocation points.

How does it calculate:

  • Calculating the $HAT reward share for each pool (Vault):

PoolRewardPerShare = HatsEmissionRate*(Time)*PoolAllocPoint/TotalAllocPoint

Higher Pool Alloc Point will drag higher emission rate.

Calculating the $HAT reward for the user:

HatReward = (PoolRewardPerShare * UserShare ) — UserDebt

*** If this proposal succeeds, will both the project contribution and “other contributions” (deposits of BPRO) receive the “extra allocation points”? Any details of the specifics of this “extra”?**

You are right. All the participants of the vault will receive the extra allocation points. It will be an extra of 15 allocation points to the first 20 projects.

When DAOs become stakeholders in other DAOs, it leads to a mutual growth of both communities and the ecosystem as a whole. Our goal is to have as many DAOs as possible to participate in Hats governance. This is one of the reasons why we are excited from the B.protocol community collaboration.

I see you concerns about having commity be team members due to disclosure, but to me it seems odd that Hats members are the deciding entity, in case e.g. Yaron is against. Are other project commities majority from the protocol? I guess in either case you might end up in a situation where one delegation is “in denial” about a vulnerability, but from a point of being familiar with B.Protocol and its members and not at all familiar with Hats and the anon devs and team it would feel more “safe” to me to have it be majority of B.Protocol team members. May just be me.

If I understand your concern correctly, I absolutely agree with you.
As I mentioned, we encourage the B.protocol team to add new committee members that are familiar with the B.protocol community.

The hats dev team are the committee members of the Hats vault, 2 members joined to B.protocol committee as well. Unless there will be a project that will ask us to be part of his committee, we are not planning to join any other committees, as for now.

Perhaps @EitanK can clarify if it is at all possible to go with this proposal and make it work with Immunifi?I think currently the funds are simply in an account controlled solely by B.Protocol? If deposited into this Hat vault, would that be OK with Immunifi, given that they can be withdrawn from the vault and “given” to Immunifi, if a bounty has to be payed out there? Is this also OK with Hats? Given that the same BPRO can be used for both Immunifi and Hats I think this is definitely interesting. I feel like there probably mostly the “early adopter” risk that comes with smart contracts… I do see you’ve had several rounds of audits though.

Hats dont have an opinion about it; B.protocol DAO should consider the best for the DAO interest. Having said that, we are aiming to have the largest and the most significant incentives for hackers to submit the vulnerability through Hats dApp.

You can check our audits reports if you missed them.

I can add that each of the onboarded vaults and the ones who will join soon took their time to check our contracts very carefully. We are more than happy to assist, answer all the questions, and hear new thoughts about requested features and consider including them in Hats V2.

I hope it makes things more clear, don’t hesitate to reach out again.

Ofir

2 Likes

Hey @TragedyStruck
The Immunefi bug bounty has no requirements to lock any funds.
The DAO has voted to “put aside” the required funds for a potential bug bounty payout and currently 50k BPRO are in a separate account from the DAO reservoir.

As far as I see it, there is no prevention for the DAO to use these funds, or part of them, in the HATS vault and get some yield on it. If a bug will be reported it can not be reported twice on both platforms (or at least there is no need to pay for it twice as hackers can’t report a reported bug).

Of course, as Hats Finance is a new protocol the DAO should take the usual smart contract risk factor into account when deciding on if and how much to deposit into its vault. As @sombrero mentioned the Hats protocol was audited several times, and yet as we know this is not a guarantee for anything in DeFi (and in fact part of the reason Hats Finance was established as far as I understand).

Even if the DAO will not pass the vote to deposit into the Hats Vault, BPRO holders could still deposit their funds (as some have already done) as a way to farm HAT tokens - might be a temporary single-sided staking solution for BPRO… ;).
Yaron made it clear over Discord that it would be possible for BPRO-Hat Vault depositors to participate in votes (just like we did with LPs in Uni and Sushi).

And if I understand correctly HATs holders can even deposit their HATs tokens into the Hats Finance Vault to compound their yields…

As the Immunefi bug bounty is capped to $100k, with 90% being paid out in BPRO, at current market price range this is equivalent to ~15k BPRO, which might be a good reference number to start with.

From the good experience we had with the last Epoch Voting process, which bundled a few votes together, I would suggest the DAO to consider getting a few proposals together in order to level up the chances to pass a vote on this (or other proposals).

*Not a financial advice…

2 Likes

Thanks @EitanK. From my point of view then this seems great for a vote! Summary of my general observations in terms of risk/reward:

  • Speculative yield (unknown value of HAT)
  • Smart contract risk
  • Hats majority in commity

Other than that it is a protocol that is more in sync with the ecosystem, being a (after HATs) DAO. Good luck with the proposal :slight_smile:

2 Likes

Hi @a7om,
Please update here or at sombrero@hats.finance when the proposal is ready for voting.

Thanks for the support

Ofir

2 Likes

Probably gonna be posted on Oct. 7th but gotta get with @yaron before then to make sure all the pooled tokens can vote. Will keep you posted.

Your proposal is up for vote. → Snapshot

3 Likes

I like the approach in general and i know questions/notes are late but still:

In my opionion there should be 1 more known person onboarded midterm to get it even to avoid a situation as @TragedyStruck described. Actually i missed what happens in a “undecided” (2-2) situation or if a committee member is absent. @sombrero: maybe some info on that?

From my understanding the “yield” will go back to the DAO. Is that correct?

Is @yaron willing to invest the time of the committee (7days/twice a day theoretically) longterm - but rather the 6days reaction possibility for claims. I assume here yes.

1 Like

Hi @Tidal, it’s never too late:)
Thx for the asking.

The committee members can be replaced/changed 24/7 simply by adding new members. So, it’s the B.protocol decision.

If there is any dispute, it will be Hats governance decision with the possible help of kleros dispute resolver.

The yield will go to each depositor; for example, if the DAO will deposit $100k worth of BPRO, the reward will go to the beneficiary wallet of the DAO, and if you wish to deposit, it will go to your wallet.

I hope it answers your questions.

I am not sure I understand the question. But in general, also without HATs, the dev team will spend time on any serious bug report that will be given to us.

B.Protocol has an active bug bounty program since day 1 (almost a year now), and so far maybe we got one or two reports (that were turn out to be wrong).
So the workload is not expected to be big.

1 Like

well i was rather the thing about the committe having 2 dates/day theoretically. So basically my expection is that never something happens but actually would be possible to approve even an unjustified decision.

But i think it will be fine when i think about it again. Its still the same risk as 2-1 vote.

Good luck with the vote