This is a proposal for DappRadar to conduct an audit competition for its xERC20 and Lockbox smart contracts on Hats Protocol.
Hats audit competitions are revolutionizing the world of Web3 security, offering a dynamic, cost-effective, and time-efficient solution for smart contract auditing. By transforming the traditional auditing approach, they ensure enhanced security through a community-driven process. With audit competitions, you retain full control over your budget, attract top auditing talent, and gain valuable insights from the Web3 community, all while preparing your project for a robust and secure launch.
Hats audit competitions work on a simple yet powerful model — rewarding results, not efforts. You, as a project owner, allocate budgets according to the severity level of potential vulnerabilities. The budget is retained if no flaws are found. It’s a model that ensures you pay only for value added to your project, giving you confidence in your investment.
These competitions typically draw over 300 skilled auditors who partake in a race against time, diligently hunting for bugs to ensure your project’s safety. The model operates on a first-come, first-served basis, thus encouraging quick and quality submissions. Each successful auditor is rewarded for their findings, fostering a competitive environment that brings out the best in auditors.
In addition, the evaluation process is designed for efficiency. With rewards given to the first submitter, duplicate submissions are avoided. This not only streamlines the process but also saves valuable time.
Hats audit competition mechanism is unique and no one in the security ecosystem offers a better approach, by time and budget, than Hats audit competition product.
Hats Finance started to offer the audit competition product to its partners in February and many audit competitions have been instrumental in demonstrating the efficiency of our product since then. See the table below for reference:
|Project||Audited by||Total Bounty ($)||Paid ($)||Findings|
|VMEX Finance||yAcademy||67.5k||45k||2 high 9 low 2 gas saving|
|Raft Finance||Trail of Bits||80k||64k||3 high 4 medium 11 low 1 gas saving|
|Gravita Protocol||Solidity & Omniscia||105k||30k||3 medium 11 low|
|Lodestar Finance||Solidity||30k||14.1k||18 medium 2 gas saving|
|Fuji Finance||NA||30k||30k||3 high 6 medium 21 low 2 gas saving|
|Hats Finance||Zokyo & Hexen & G0 Group||40k||31k||1 high 6 low|
Briefly; we have created a no-brainer audit competition product for projects to do before launch because there is no upfront fee or additional cost and 100% payment by results. Imagine that DappRadar conducts an audit competition with a bounty of $50k on Hats Protocol and allocates $30k for high severity, $18k for medium severity, $1k for low severity and $1k for gas optimization, respectively. Let’s explore the options:
- No valid submission: DappRadar does not do any payments and walk away with $50k
- Only low severity findings: DappRadar only pays $1k, allocated for low severity, and withdraws the remaining $49k
- Only low and medium severity findings: DappRadar pays $19k and withdraws the remaining $31k.
Projects can also put a cap on each high severity finding. For example, if a project allocates $60k for high severity and caps each high severity finding with $15k, there have to be at least 4 high severity findings to bounty out all the amount allocated for high severity ($60k).
- 100% payment by results
- Hats Finance is B2B free (Hats Finance takes 20% from the payout and therefore there is no additional cost for DappRadar)
- DappRadar can easily set up an audit competition with a 7 days notice
- DappRadar will get the vulnerability submissions in real time and can start fixing the issues in the process
- DappRadar can attract the wider Web3 security community to get involved with xERC20 and Lockbox with the audit competition
- DappRadar will align with the essence of Web3 by deploying an on-chain audit competition
There are not any drawbacks for DappRadar.