The era of decentralized finance (DeFi) saw the rise of novel incentive structures such as liquidity mining and airdrops during the early 2020s. Nonetheless, alongside this growth came a surge in breaches and exploits, presenting significant obstacles for projects in their pursuit of affordable and effective audits.
Recognizing this landscape, the founders of Hats Finance, an onchain audit platform centered around community, seized the opportunity to harness these incentive mechanisms, fashioning a decentralized and cost-effective solution for Web3 security.
Oliver Hörr, the founder of Hats Finance, articulated the platform’s mission, stating, “The goal of Hats is to align incentives for all parties involved—we aim to construct a protocol where collaboration results in mutual benefit for everyone.”
In this discussion, Hörr expounds on his vision for Web3 security and how Hats Finance, a participant in the Cointelegraph Accelerator program, aims to contribute to its advancement.
Cointelegraph: How do you perceive the state of Web3 security? Does the Web3 ecosystem accord adequate importance to security?
Oliver Hörr: The evolution of Web3 security is unfolding gradually. Founders are increasingly recognizing that a single detrimental event impacting their users could spell the demise of their enterprise. In 2021, there were notable instances where projects faced challenges in obtaining audits, subsequently opting to deploy unaudited code, resulting in adverse outcomes.
Teams now grasp the critical significance of security, and the talent pool in the audit domain has expanded and elevated in quality, partly due to our decentralized security (DeSec) approach, which grants individuals worldwide the opportunity to demonstrate their expertise in security.
CT: Security is considered a fundamental underpinning of Web3 that is not yet entirely onchain. How does Hats Finance intend to incorporate more security aspects into blockchain?
OH: Presently, all our bug bounties and audit competitions, along with their outcomes, are onchain. Through Hats, users can inspect onchain data to ascertain whether a specific smart contract has undergone an audit or is safeguarded by a bug bounty. We are also partaking in an initiative to standardize this process through EIP-7512. This standardization will empower wallets to enable users to determine their desired level of security or risk appetite, offering a significant improvement for users navigating Web3 in a more secure manner.
Picture a smart wallet that alerts you if you interact with a smart contract that lacks thorough examination. This would enable users to make more informed decisions.
CT: In what ways does Hats Finance seek to address the inefficiencies and exorbitant costs associated with conventional security audits?
OH: Rather than pre-booking two to three security experts to review a smart contract, our platform allows global participation in audits, with only successful experts receiving rewards. Audits are costly due to the substantial overhead that these audit organizations incur for marketing and distribution. With our platform, auditors need only focus on one task: identifying vulnerabilities. This reduction in overhead allows prices to decrease to a reasonable level, as auditors no longer lose a significant portion of their revenue to another organization.
Auditors are generally uninterested in administrative tasks; we believe in a future where onchain audit DAOs replace traditional audit companies.
CT: Can you elucidate the structure behind your rewards-only payment model and how it benefits protocols seeking audits?
OH: At Hats, we solely levy a fee on successful submission rewards. Consequently, if no vulnerabilities are detected within an audit, the competition is cost-free for the customer. This represents a considerable benefit for the customer, as it often occurs that they pay a substantial sum for an audit, only to find that the auditor failed to deliver any value.
Even when engaging the finest firms in the industry for an audit, there is always the possibility of receiving a team of junior auditors or encountering an auditor on an off day. We are rectifying this issue.
CT: How does unrestricted participation in audit competitions serve to broaden the talent pool and enhance security evaluations?
OH: We have amassed a substantial community in South America and India. Since all activities occur peer-to-peer, we frequently remain unaware of the contributors. A continuous influx of new talent is entering the security space, but these individuals may not have the opportunity to join an audit firm lacking a established track record. Our platform has facilitated the ascent of numerous emerging talents, who proudly showcase their achievements on social media.
We don’t mandate individuals to register before partaking in the contests, ensuring complete flexibility and accessibility for security researchers who are new to the field or who may be disinclined to register on a platform for various reasons.
CT: Why is community involvement pivotal in Web3 security, and how does Hats Finance enable this?
OH: The community is often excluded from security deliberations, which is paradoxical and unjust considering that they are the most affected by these breaches. Through Hats, they can actively shape the future security infrastructure, thereby augmenting the security of projects to which they contribute. Our vision for DeSec encompasses the community and their capacity to influence the security measures to be endorsed with complete transparency, ultimately benefiting from the swift-paced growth environment and economic prospects of Hats and web3 security. We find that to be profoundly rewarding.
We need to enhance the transparency of security for the community and empower them to effect change.
CT: What is the long-term vision for Hats Finance, and what milestones are you aiming to accomplish?
OH: Numerous security-related challenges are looming over Web3. Our next focus is on bolstering artificial intelligence (AI) safety and onchain security for smart wallets. While we view AI as one of the most remarkable developments for humanity, without tools to ensure its responsible use, there are substantial risks. Our decentralized infrastructure is ideally positioned to mitigate these risks.
Smart wallets hold tremendous potential for resolving Web3’s primary user experience challenges. However, akin to all smart contracts, they are susceptible to breaches. We aim to address these security concerns, enabling Web3 to surmount this significant UX bottleneck and achieve widespread adoption.
Our immediate milestone involves decentralizing our protocol and empowering the community to shape the rules and economic dynamics of Hats.
For further information about Hats Finance, visit their site. [Disclaimer: Cointelegraph does not endorse any content or product on this page. While we endeavor to provide comprehensive information in this sponsored article, readers are encouraged to conduct their own research prior to taking any actions related to the company and assume full responsibility for their decisions. Additionally, this article should not be regarded as investment advice.]