Cointelegraph has announced that Hats Finance, a community-focused platform enabling permissionless on-chain audit competitions and bug bounties, has joined the Cointelegraph Accelerator program.
Smart contracts, tiny programs that automate and execute an on-chain agreement, are the backbone of decentralized finance (DeFi). This is why, eliminating any vulnerability via regular audits is vital to prevent attacks against and ensure seamless operation for related decentralized apps (DApp) and Web3 as a whole.
However, reports show that during the first quarter of 2024, only 44% of Web3 projects went through smart contract audits. Avoiding audits may lead to major security risks, as evident in most hacked projects not having audits. And with smart contracts getting more complex due to new use cases such as real-world assets (RWAs) and modular wallets, the need for effective audits is higher than ever.
Decentralized audits for decentralized projects
Traditional audits fall short of meeting the demands of a high-paced and diversified Web3 environment and may be discouraging for projects. They involve a limited number of auditors or a single team, which increases the risk of overlooking vulnerabilities. The process usually takes weeks or even months and the launch of important updates or features may be delayed as a result.
An average audit would cost between $5,000 to $15,000, with more complex and scaled projects could easily face a six-figure bill for an audit. Moreover, payments are required even if no vulnerabilities are discovered. Crowdsourcing smart contract audits can change that.
Hats Finance is a decentralized Web3 security protocol aiming to improve Web3 security with scalable and innovative audits, a result-focused model and community engagement. Identifying and targeting issues related to traditional audits, the platform offers decentralized audit competitions that enhance Web3 safety for all participants.
Projects seeking to ensure the integrity of their codebase may leverage Hats Finance to launch permissionless and automated audit competitions. They can set up the competitions without pre-scheduling or legal work and define the scope, rules and potential rewards for auditors. Security researchers are then called out to scrutinize submitted codes with due diligence.
A fast setup process and the involvement of a crowd of auditors reduce the time from discovering vulnerabilities to patch significantly when compared to traditional ones. As for security researchers, Hats offers an environment where they can transparently compete for substantial rewards while contributing to the security of client projects. Successful submissions may place auditors on the platform’s leaderboard and help build their reputation in the Web3 space.
Hats Finance stands out as the sole auditing platform in the market that employs a pay-for-results model. A 20% payout fee occurs only if the audit provides value and detects a vulnerability. Such a model prevents the waste of resources and encourages audits for projects while incentivizing security researchers and ensuring a higher level of quality assurance in return.
Dashboard for security researchers. Source: Hats Finance
Continuous and autonomous security
The platform presents a bug bounty program as well. After documenting and providing access to the codebase, disclosing previously identified vulnerabilities, establishing communication channels and creating a vault, projects are ready to launch their own bug bounty program. First submissions for each bug -except centralization issues or the ones requiring leaked keys- are rewarded with tokens of related projects.
Hats Finance has received nearly $4 million in seed funding round, which will be utilized to prepare for the next round. Home to 500 active security researchers, the platform is organizing four competitions a month and aims for eight monthly competitions before the third quarter.
By effectively integrating the community into the audit process and lowering entry barriers such as costs and reaching qualified auditors, Hats Finance works to enable continuous and autonomous security for Web3 projects.