The decentralized finance (DeFi) space witnessed the flourishing of new incentive mechanisms like liquidity mining and airdrops in the early 2020s. However, this growth also brought an increase in hacks and exploits, posing significant challenges for projects to secure affordable and effective audits.
That’s when the founders of Hats Finance — a community-focused onchain audit platform — saw an opportunity to leverage these incentive mechanisms to create a decentralized and cost-efficient solution for Web3 security.
“The mission of Hats is to align incentives for everyone,” Hats Finance founder Oliver Hörr told Cointelegraph, adding: “Which means we want to design a protocol where everyone wins most if they choose to collaborate.”
In this interview, Hörr shares his vision about Web3 security and how the Cointelegraph Accelerator participant Hats Finance could contribute to building it.
Cointelegraph: How do you see the state of Web3 security? Does the Web3 ecosystem give security due importance?
Oliver Hörr: Web3 security is slowly maturing. Founders are starting to understand that a single incident that hurts their users can mean the end for their company. In 2021, we saw huge issues where projects couldn’t source audits and then decided to deploy unaudited code, obviously leading to negative outcomes.
Teams now understand better how important security is and we have more and better talent in the audit space, partly brought by our decentralized security (DeSec) approach, giving everyone in the world access to prove themselves as security experts.
CT: Security is considered one of the core pillars of Web3 that is not yet fully onchain. How does Hats Finance plan to integrate more security aspects into blockchain?
OH: Today, all our bug bounties and audit competitions, including the results, are onchain. With Hats, users can check the onchain data to see if a certain smart contract is audited or secured by a bug bounty. We are also part of an initiative to standardize this process with EIP-7512. This will allow wallets to let users decide how secure or risk-hungry they want to be, which will be a huge improvement for users who navigate Web3 in a safer way.
Imagine a smart wallet that warns you if you interact with a smart contract that has not been adequately reviewed. This would allow the user to make better-informed decisions.
CT: In what ways does Hats Finance aim to address the inefficiencies and high costs associated with traditional security audits?
OH: Instead of pre-booking two to three security experts to review a smart contract, our platform allows anyone worldwide to join the audit, and only the successful experts are rewarded. Audits are expensive because of the massive overhead these audit organizations have for marketing and distribution. With our platform, the auditors only have to focus on one task: Finding vulnerabilities. This reduces overhead and allows prices to drop to a healthy level since the auditor doesn’t lose most of their revenue to another organization.
Auditors don’t really want to focus on these administrative tasks; we believe in a future where audit companies are replaced by onchain audit DAOs.
CT: Can you explain the structure behind your rewards-only payment model and how it benefits the protocols seeking audits?
OH: At Hats, we only charge a fee on rewards for successful submissions. Therefore, if no vulnerabilities have been identified, the competition is free for the customer. This is a huge improvement for the customer since it happens often that the customer pays a lot of money for an audit just to find out that the auditor wasn’t able to provide any value.
Even when sourcing an audit from the best firms in the industry, you can always get a team of junior auditors, or the auditor can have a bad day. We are fixing this issue.
CT: How does permissionless participation in audit competitions help broaden the talent pool and enhance security reviews?
OH: We have a massive community in South America and India. Since everything happens peer to peer, we often don’t even know who submitted the issue. A constant stream of new talent is coming into the security space, but they can’t just join an audit firm without a track record. Our platform helped many upcoming stars build their reputations, which they proudly share on social media.
We’re thrilled to announce the winners of the Audit Competition! A massive congratulations to all the winners and participants.
— KINTSU ⨀ (@Kintsu_xyz) June 11, 2024
Congrats🥳: @0xmahdirostami @krikoeth @0xRizwann, bitsurfer (Hats handle), web3layman000 (Hats handle)
Thank you to the @HatsFinance team for… pic.twitter.com/14BLibiSc4
We don’t even require anyone to sign up before the contents, allowing for complete flexibility and accessibility for security researchers who are new or may not want to sign up for a platform for various reasons.
CT: Why is community involvement crucial in Web3 security, and how does Hats Finance facilitate this?
OH: The community is often left out of security discussions, which is wrong and ironic since they are most affected by these hacks. With Hats, they can steer the security infrastructure of the future, which will allow projects that they contribute to to be more secure. Our vision for DeSec includes the community and their ability to help decide which security measures to support with full transparency and even benefit from the fast-paced growth environment and economic potential of Hats and web3 security. We believe that is beautiful.
We need to make security more transparent for the community and give them the power to change things.
CT: What is the future vision for Hats Finance, and what milestones do you aim to achieve?
OH: Many security-focused challenges are coming to Web3. Next, we want to focus on supporting artificial intelligence (AI) safety and onchain security for smart wallets. We believe that AI is one of the best things ever to happen to humanity, but if the community does not have tools to keep AI in check and verify that it’s safe to use, there are significant risks. Our decentral infrastructure is perfect to mitigate those risks.
Smart wallets have fantastic potential to solve Web3's main UX issues. But, like all smart contracts, they can get hacked. We want to fix those security concerns so that Web3 can overcome this huge UX bottleneck and reach mainstream adoption.
The most immediate milestone is that we want to decentralize our protocol and activate the community to shape the rules and economic flywheel of Hats.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you with all important information that we could obtain in this sponsored article, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice.