AI and communities lead the future of Web3 audits: AMA with Hats Finance


From cointelegraph by Victoria Li

In the race to build secure decentralized ecosystems, traditional security models adapted from Web2 are proving inadequate for Web3’s unique demands. During a recent Cointelegraph AMA, Oliver Hörr, founder of Hats Finance, shared his views on how current security approaches fall short and outlined how their platform aims to offer a more efficient, transparent alternative for safeguarding decentralized projects.

The familiar security frameworks from Web2 come with hidden inefficiencies, mainly when applied to decentralized ecosystems. “Auditing firms have a lot of overhead. The person auditing the code may only see a fraction of the payment due to marketing, distribution and management costs. Bug bounty programs also increase security risks because they rely on humans to review vulnerability information. There’s always a chance that someone could misuse that information for personal gain, especially for high-value vulnerabilities,“ Hörr explained.

In response, Hats Finance, a decentralized protocol for hosting non-custodial bug bounties and audit contests, proposes a solution that eliminates intermediaries. “We connect security experts directly with those in need of audits,“ Hörr detailed. “Our peer-to-peer system uses incentives and game theory. The more money in the system, the more attractive it becomes for experts to join.“ With over 50 active programs, including projects such as Safe and Liquity, Hats Finance aims to make security more accessible and effective.

Enhancing Web3 security for developers and users

One of the standout features of Hats Finance’s approach is the dual advantage it offers both users and developers, according to Hörr: “End-users are less vulnerable to attacks, while developers gain peace of mind knowing their projects are secure, reducing the risk of hacks that could destroy their reputation. Our solution makes security more cost-effective and achievable, allowing new talent to contribute.

Another key challenge of traditional bug bounty programs is the uncertainty surrounding payments. Hackers who discover vulnerabilities often face delayed or denied compensation, especially during bearish market conditions when projects are short on funds.

Cointelegraph Accelerator participant Hats Finance offers a more ethical approach, with the key difference being onchain escrow. “The bounty is held in a smart contract that anyone can verify. If a project disputes a payout, the hacker can trigger a decentralized dispute resolution process. If hackers know they’ll be fairly compensated, they’ll be more likely to report vulnerabilities responsibly, ultimately improving the overall security of the ecosystem.”