The DeFi space experienced a surge in new incentive mechanisms such as liquidity mining and airdrops in the early 2020s. However, this growth also led to an increase in hacking and exploitation, creating significant challenges for projects to ensure affordable and effective audits.
The founders of Hats Finance, a community-focused onchain audit platform, saw an opportunity to utilize these incentive mechanisms to develop a decentralized and cost-effective solution for Web3 security.
“Our goal at Hats is to align incentives for everyone,” said Oliver Hörr, the founder of Hats Finance. “This means designing a protocol where collaboration leads to the most benefits for all parties involved.”
In this interview, Hörr discusses his vision for Web3 security and how Hats Finance, a participant in the Cointelegraph Accelerator, can contribute to its development.
Cointelegraph: How do you view the state of Web3 security? Does the Web3 ecosystem prioritize security?
Oliver Hörr: Web3 security is gradually improving. Founders are beginning to recognize that a single incident that harms their users can spell the end for their company. In 2021, we witnessed significant issues where projects were unable to obtain audits and consequently deployed unaudited code, resulting in negative outcomes.
Teams now have a better understanding of the importance of security, and we have seen an increase in talent within the audit space, partly due to our decentralized security (DeSec) approach, which provides global access for individuals to prove their expertise in security.
CT: Security is considered a fundamental aspect of Web3 that has not fully transitioned to onchain. How does Hats Finance plan to incorporate more security aspects into blockchain?
OH: Currently, all our bug bounties and audit competitions, along with the results, are stored on the blockchain. With Hats, users can verify onchain data to determine if a specific smart contract has been audited or secured through a bug bounty. We are also part of an initiative to standardize this process with EIP-7512. This will enable wallets to allow users to decide the level of security or risk they are comfortable with, greatly enhancing safety for Web3 users.
Imagine a smart wallet that warns you when interacting with a smart contract that hasn’t undergone adequate review. This would enable users to make more informed decisions.
CT: In what ways does Hats Finance aim to address the inefficiencies and high costs associated with traditional security audits?
OH: Instead of pre-booking two to three security experts to review a smart contract, our platform allows anyone worldwide to participate in the audit, with only successful experts receiving rewards. Audits are expensive due to the significant overhead that audit organizations incur for marketing and distribution. With our platform, auditors can focus solely on finding vulnerabilities, reducing overhead and lowering prices to a more reasonable level, as auditors no longer lose most of their revenue to other organizations.
Auditors do not want to spend time on administrative tasks. We envision a future where onchain audit DAOs replace traditional audit companies.
CT: Can you explain how your rewards-only payment model is structured and how it benefits protocols seeking audits?
OH: At Hats, we only charge a fee on rewards for successful submissions. Therefore, if no vulnerabilities are found, the competition is free for the customer. This is a significant improvement for customers since it often happens that they pay a large sum for an audit only to discover that the auditor did not provide any value.
Even when sourcing audits from top firms in the industry, there is always a risk of receiving a team of junior auditors or an auditor having an off day. We address this issue.
CT: How does allowing permissionless participation in audit competitions expand the talent pool and enhance security reviews?
OH: We have a large community in South America and India. Since everything operates on a peer-to-peer basis, we often do not even know who submitted an issue. This results in a constant influx of new talent entering the security space. However, these individuals may not be able to join an audit firm without an established track record. Our platform has helped many rising stars build their reputations, which they proudly share on social media.
We do not require anyone to sign up before participating, ensuring complete flexibility and accessibility for security researchers who are new or have their reasons for not wanting to join a platform.
CT: Why is community involvement crucial in Web3 security, and how does Hats Finance facilitate this?
OH: The community is often excluded from security discussions, despite being the most affected by hacks. With Hats, the community can shape the future security infrastructure, making projects they contribute to more secure. Our vision for DeSec involves the community and their ability to determine which security measures to support with full transparency, while also benefiting from the rapid growth and economic potential of Hats and Web3 security. We believe this is a beautiful concept.
We need to make security more transparent for the community and empower them to enact change.
CT: What is the future vision for Hats Finance, and what milestones do you aim to achieve?
OH: Web3 will face numerous security challenges in the future. Our next focus is on supporting artificial intelligence (AI) safety and onchain security for smart wallets. We believe that AI is one of the greatest advancements for humanity, but if there are no tools for the community to ensure its safety and verify its usability, there are significant risks. Our decentralized infrastructure is perfectly suited to mitigate these risks.
Smart wallets have incredible potential to address Web3’s main user experience issues. However, like all smart contracts, they are vulnerable to hacking. We aim to address these security concerns, allowing Web3 to overcome this significant UX bottleneck and achieve mainstream adoption.
Our immediate milestone is to decentralize our protocol and involve the community in shaping the rules and economic flywheel of Hats.
Learn more about Hats Finance.
Disclaimer: Cointelegraph does not endorse any content or product on this page. While we aim to provide important information in this sponsored article, readers should conduct their own research before making any decisions related to the company and bear full responsibility for their choices. This article should not be considered as investment advice.