Introduction

Nova Research is delighted to be at the forefront as curator of the upcoming launch of $HAT, the native token of Hats Finance, on Fjord Foundry.

Founded in 2021, Hats Finance is a decentralized security (DeSec) protocol that offers scalable security and AI safety services for Web3 projects. It incentivizes security through a permissionless model that functions as a marketplace, facilitating non-custodial Bug Bounties and Audit Competitions.

This way, Hats Finance aligns the interests of various stakeholders:

• Projects, seeking to enhance their protocol security, whether preparing for deployment and requiring an audit or already live and needing ongoing offensive protection.

• Web3 users, who are potentially subject to loss or hacks.

• Security researchers, looking to earn rewards for applying their expertise to identify errors in the code.

In this research piece, we will explore the multifaceted ecosystem developed by Hats Finance, providing insights into its innovative approach to Decentralized Security and its strategic vision for the future.

Problem and solution

The Web3 landscape is rapidly evolving, bringing to light significant challenges in maintaining robust security protocols. The challenge of scalability is harder than ever, with the spectrum of needs that goes from small projects requiring quick checks to large enterprises needing comprehensive audits. Traditional security audits, while fundamental, often present limitations such as high costs, extensive time requirements, and potential for risks that may cause substantial bottlenecks in project development and deployment. Recent incidents involving notable security firms highlight these challenges:

• CertiK and Kraken incident: in a public disagreement, CertiK revealed itself as the "security researcher" that Kraken accused of stealing $3 million in digital assets. This incident has raised concerns about the potential for conflict and mistrust within the traditional security audit industry.

• Conic Finance and PeckShield: Conic Finance experienced multiple hacks despite being audited by PeckShield. The issues arose from areas not covered by the audit, illustrating the challenges in ensuring comprehensive security assessments under traditional models.

Hats Finance’s Approach

While traditional providers typically operate on fixed-fee models, requiring pre-scheduling and involving manual operations, Hats Finance tries to stand out from its competitors with a platform built on different principles:

• Decentralized: Hats Finance distributes the control and execution of security audits across a permissionless network of over 1000 security researchers, aiming to reduce single points of failure and enhance the diversity and effectiveness of auditing efforts, potentially increasing the detection rate of vulnerabilities.

• Capital efficient: Hats Finance operates on a pay-for-results model, proposing that clients should incur costs only when actionable security insights are provided. This approach could potentially address financial disputes similar to those seen in the CertiK-Kraken incident by aligning costs directly with outcomes.

• No pre-scheduling: Hats Finance offers a system that does not require pre-scheduling. This allows for rapid deployment and responsiveness, a  crucial feature in the dynamic Web3 environment where security needs can arise unexpectedly.

• Self-Service model: while many competitors still rely on traditional, manually intensive processes, Hats Finance leverages automation to provide a self-service platform. This model can significantly reduce the turnaround time for security audits, while also enhancing the scalability of operations.

Hats Finance’s model represents one of several emerging approaches aiming to address the limitations of traditional security audits in the Web3 space. While promising, the effectiveness and reliability of such innovative solutions will need to be demonstrated over time as they are tested against the dynamic and complex challenges of blockchain security.

Product Suite

As of today, Hats Finance is able to provide security support to projects that are already live through an on-going Bug Bounties system, and projects that have yet to be deployed through Audit Competitions. This approach reduces costs by eliminating unnecessary fees, but also enhances security measures by ensuring that only high-quality, impactful findings are rewarded and addressed.

With over $1 million USD disbursed in audits and bounty rewards and more than 40 customers, including high-profile protocols like Safe, Liquity, and Aleph Zero, the protocol already showcases a robust customer portfolio.

Audit Competitions on Hats Finance

Hats Finance's decentralized audit competitions are designed to enhance the security and reliability of smart contracts that are not yet deployed on-chain. These time-sensitive events focus on the code bases of blockchain projects, where auditors and white-hat hackers collaborate and compete to identify vulnerabilities.

The primary goal of these competitions is to ensure the robust security of DeFi protocols by uncovering potential vulnerabilities before they can be exploited. By leveraging the collective expertise of a diverse group of security professionals, Hats Finance aims to foster a spirit of collaboration and innovation, guided by the following principles:

• Pay-for-results: Hats Finance allocates budgets per severity level, ensuring that only successful auditors are compensated, helping to retain budget if no vulnerabilities are found.

• Streamlined evaluation process: the platform rewards the first submitter of vulnerabilities, promptly addressing and eliminating duplicate findings, thereby saving time and resources.

• Competitive edge: Hats Finance can attract top talents in the Web3 sphere by offering competitive rewards to those who successfully find vulnerabilities. The competition model does not require sharing with latecomers, thus attracting the best talent.

• Cost efficiency: service fees are set at 20% of the audit payout, significantly lower than the industry standard, which can be as high as 35%. This fee is only applied when results are produced, making it a cost-effective solution for projects.

As of today, Hats Finance has successfully facilitated 39 Audits for a total payout  of $889,065.

Bug Bounties on Hats Finance

Security is a crucial concern for smart contracts that are already live and contain user funds. Hats Finance offers these projects the possibility to host bug bounties and ensure ongoing protection of deployed products through its P2P market for the exchange of vulnerability information. Hats Finance came up with an architecture that puts cost-efficiency and flexibility first:

• Spam protection: the on-chain submission mechanism acts as a filter against low-effort spam, saving time and effort for projects.

• No intermediary risks: Hats Finance offers a non-custodial approach, meaning there’s no intermediary handling funds or vulnerability reports.

• Quick launch time: projects can set up a bug bounty vault in as little as 30 minutes, ensuring rapid deployment and security coverage.

• Ongoing protection: costs are only incurred for successful exploit mitigation, making this an economically efficient model compared to traditional methods that require upfront payments.

As of today, Hats Finance is supported by nearly 40 projects that created vaults with over $1.6m worth of tokens deposited as potential rewards for the bug bounty.

Traditional models vs. Hats Finance

The approach highlighted above clearly distinguishes Hats Finance from traditional security service models. Projects preparing for contract audits will therefore face the million-dollar question: which model is superior?

Traditional Web3 auditing firms have built their reputation over the years by auditing well-known protocols that are now industry giants. Acting as the guardians of top-tier protocols created a positive feedback loop, enhancing the standing of both the audit firms and the platforms. However, many infamous hacks and exploits have targeted these large protocols, tarnishing the reputations of the associated audit firms. The traditional auditing process is notably opaque, with the only visible outcome for outsiders being a final approval and no indication of who is involved in the process. This lack of transparency, similar to Web2 auditing firms that often employ junior consultants with limited experience, highlights significant potential for innovation.

A shift to a permissionless security service may initially seem too radical, but it can make sense for some projects. Audit competitions can attract individual talents who either lack the track record to work for an audit company or prefer to work independently. Having more eyes on a smart contract can be advantageous, especially since traditional audit firms usually assign only 2-3 employees per project. Additionally, the process is fully transparent: even if participants are not vetted, they can showcase their track record in previous competitions or on their GitHub repositories.

Flexibility is another key advantage: permissionless protocols like Hats Finance potentially have unlimited scalability, which means no waiting time for projects. The larger the auditor community, the more smart contracts can be simultaneously verified. This is a compelling selling point for projects that might otherwise need to wait several weeks to schedule an audit with traditional firms.

Finally, cost sensitivity is a factor: a pay-for-results structure, like in the case of Hats Finance, ensures that customers don’t pay if no vulnerabilities are identified, only spending when they receive proven value from the audit competition.

In conclusion, the choice between these two models depends on the project’s preferences. Some might favor the traditional model, valuing the reputations of well-known audit firms, while others might lean towards the flexibility and cost-efficiency of a permissionless process. A combination of the two could be the best approach, combining the strengths of each model and aligning the interests of both the project—ensuring maximum attention on their contracts at an optimal expense—and the users, who would receive a thorough analysis from both reputable firms and independent Web3 talents.

Team

Core Team

Hats Finance is powered by a seasoned team of 13 members who collectively boast over 40 years of experience in the crypto sector. This group brings a wealth of cross-functional expertise from prestigious global organizations, including JP Morgan, Merck, Prysmatic Labs, and Lista DAO, reinforcing their commitment to enhancing security within the decentralized finance (DeFi) ecosystem. The Core Team is composed of:

• Founder: Oliver Hörr, has been active in the crypto space since 2017, and was ex CFO portfolio strategist at Merck KGaA

• CTO and ideator: Shay Zluf, has been a web3 developer since 2014 with his first bitcoin-powered ride hailing startup and professional experience with Prysmatic Labs

• Head of Marketing: Adelia Su, was a founding member and ex-marketing lead at Lista DAO. Previously worked as management consultant at Roland Berger and Corporate Analyst at JP Morgan.

Advisors

The advisory board of Hats Finance includes distinguished figures from the blockchain security and investment sectors:

• Omer Greisman: Head of Security Services at OpenZeppelin, leading multiple teams tasked with securing value for the largest projects in the blockchain space.

• Richard Meissner: Co-Founder of Safe, the largest multi-sig infrastructure in the blockchain space.

• Eylon Aviv: Partner at Collider Ventures, contributing strategic insights and investment expertise to the growth and development of Hats Finance.

Backers and Financial Support

Hats Finance has successfully raised a total of $4.2 million USD through multiple funding rounds. Over the years, well-known VCs such as Collider, IOSG, and Lemniscap have joined the cap table.

The funding rounds for Hats Finance were structured as follows, with a bridge round a couple years after the seed and private round, and a small public round in the current year:

• Seed Round, 2021: raised $1.8 million at a valuation of $16 million, pricing each token at $0.16.

• Private Round, 2021: one month after their first round, Hats Finance raised $2 million at a doubled valuation of $36 million, with tokens priced at $0.36.

• Bridge Round, 2023: a bridge round followed with a $360,000 raise, confirming the $36 million valuation at a token price of $0.36.

• Public Round, 2024: the most recent funding, a public sale, raised $56,000 at a valuation of $40 million, setting the token price at $0.40. This small round was conducted on De.Fi Launchpad.

$HAT Tokens

Hats Finance aims to integrate holders into the core operational and community fabric with the introduction of $HAT tokens, tailored to enhance both individual and collective platform engagement:

• $HAT token holders can participate in governance decisions, influencing feature updates, community guidelines, and resource allocation.

• Users can earn $HAT tokens by discovering vulnerabilities, participating in hacking competitions, and contributing to community governance.

• Users that support the platform’s infrastructure by depositing $HAT tokens into the Hats Finance bug bounty vault receive a variable APY on their deposits.

• Hats Finance rewards its audit clients with $HAT tokens upon the successful completion of audits.

The total $HAT supply is 100 million, with a detailed allocation that ensures long-term engagement and contribution from all parties involved:

• Team: 20% of the supply, with a 27-month linear vesting period post a 9-month lock-up.

• Advisors and Incubation: respectively 4.8% and 5%, both following the same vesting and lock-up protocols as the team.

• Community and Incentives: over 39% of the supply is earmarked for community initiatives, including airdrops and incentives to stimulate participation and reward contributions.

• Public Sales: up to 4% of the supply is reserved for the token launch, which will take place on Fjord Foundry on July 22nd, 2024.

• Airdrop: Hats Finance has designated 5.23% of the total supply to compensate the security researchers and the early core users of the platform.

How to Get $HAT Tokens

Users can acquire $HAT tokens primarily through participation in the token launch sale and by interacting with the platform, which may also qualify them for airdrops.

The $HAT token sale is set to launch on Fjord Foundry via a Liquidity Bootstrapping Pool (LBP) on July 22nd. Up to 4% of the total token supply will be available for participants. $HAT will be deployed on Arbitrum, and the initial liquidity pool will be established on the native Arbitrum DEX, Camelot. Any unsold tokens from the initial sale will be transferred to the Hats DAO, which will determine their eventual utilization.

The primary goal of employing an LBP is to facilitate fair price discovery, allowing market forces to equilibrate and stabilize the token's valuation at an optimal level. For more details about the LBP mechanisms, the HATS team has written a comprehensive article, available here.

Roadmap

Hats Finance has charted a bold course for the coming years, setting out a roadmap that promises transformative changes in the DeSec landscape. The initiatives include:

• Enhanced Engagement: With the launch of security educational games initiatives, Hats Finance aims to attract new users and increase awareness of security threats.

• HATS DAO: the establishment of a DAO reflects a deeper move towards a fully community-driven model, where security researchers and holders of $HATS tokens can directly influence the platform's future and operational decisions.

• AI Safety Competitions: these competitions are designed to harness advanced AI technologies to identify and mitigate emerging security threats.

At the core of Hats Finance's mission is the development of a platform that is not only decentralized, but also incentivized to promote continuous collaboration and innovation. In the team’s vision, the platform will serve as a hub for security researchers, protocols, and the wider community to contribute and benefit from a secure, transparent, and efficient ecosystem.

Conclusion

Hats Finance presents a compelling new approach for projects seeking to bolster their security through its offerings in Decentralized Securities (DeSec).

The approach and the result achieved we have seen so far, while relatively new, could attract projects that are seeking for flexibility and cost-efficiency. Certainly, the ability to develop a large and effective community is crucial for the success of Hats Finance, but the customer portfolio that already includes some significant names highlights that there is market space for such a model. The upcoming months will serve as an excellent test to see how many projects are ready to embrace DeSec, preferring it over the traditional auditing models that have dominated Web3 in recent years.

As Nova Research curates the launch of $HAT, we are confident in the project's potential to significantly enhance the security landscape of DeFi, offering robust, scalable, and user-centric security solutions that align with the needs of the community.

⚠️ Disclaimer ⚠️ : This research has not been commissioned by Hats Finance and is not a paid piece. For full transparency regarding potential conflicts of interest, it should be noted that we are curating the launch that is taking place on Fjord Foundry. While this article reflects our genuine opinion on the project, it should not be considered as investment advice in any way. The same rule always applies: DYOR (do your own research).