This is a work in progress and not a release. We're looking for volunteers. See Issues to know how to collaborate.

Safe Harbor for Whitehats

tag: [SEAL/Initiative, Whitehat]

Why You Should Care

Safe Harbor lets whitehats step in during active exploits to help secure protocol funds. It does so by providing a legal framework that outlines what whitehats can and can't do, how they ought to operate, and protects whitehats in the event of legal action taken by the protocol.

In addition to the legal protections, Safe Harbor also helps whitehats by telling them for every organization that adopts Safe Harbor:

  1. What assets are owned by a protocol
  2. What is the protocol's (asset recovery address)
  3. Who the security contact
  4. What KYC requirements (if any) protocols impose onto whitehats
  5. What bounty terms whitehats will be awarded under Safe Harbor

This information is all neatly catalogued in the Safe Harbor Registry - an on-chain registry cataloging all protocol adoptions and their adoption details. For more details, review the Safe Harbor for Protocols document.

Whitehat Adoption

If a whitehat reads and understands the entire legal framework, they may later be eligible to participate in a whitehat rescue. These rescues should only be taken in very specific circumstances, and it is important to reiterate the following:

  • The framework only applies to active exploits, and it is a violation of the agreement if the whitehat initiates an exploit themselves.
  • The protocol is not responsible for ensuring the whitehat follows the law, and the whitehat can not be protected from criminal charges outside the agreement's scope.
  • There are nuances that can affect the agreement's enforceability, and whitehats will assume many legal risks by becoming involved.
  • If the whitehat decides to proceed with a whitehat rescue, they must follow the process specified in the agreement. This includes transferring rescued funds to the protocol's "Asset Recovery Address" and promptly notifying the protocol of the fund recovery. The whitehat may keep (or later receive) a reward, based on the terms of the agreement.

Safe Harbor may also apply to generalized frontrunner / arbitrage bots. The rules of conduct enforced by Safe Harbor for Prospective and Retrospective whitehats differs in a few key areas.

In the Event of a Hack

Pre-Intervention

In the event of a hack targeting a protocol that has adopted Safe Harbor, whitehats are permitted to take broad actions to secure the protocol's funds. Before taking action, review the following checklist (also present in the Safe Harbor Technical Summary):

  • Is this an active, urgent exploit?
  • Are you unable to responsibly disclose the exploit (e.g. via a bug bounty program) due to time constraints or other reasons?
  • Can you reasonably expect your intervention to be net beneficial, reducing total losses to the protocol and associated entities?
  • Are you experienced and confident in your ability to manage execution risk, avoiding unintentional loss of funds?
  • Will you avoid intentionally profiting from the exploit in any way other than through the reward granted by the protocol?
  • Are you and anyone with whom you directly cooperate during the funds rescue, as well as all funds and addresses used in said rescue, free from OFAC sanctions and/or other connections to sanctioned parties?
  • Have you confirmed the agreement has been duly adopted by the protocol community?
  • Are you fully aware of the risks associated with your actions, including but not limited to accidental loss of funds, claims and liabilities outside this agreement's scope, and the unclear extent of this agreement's enforceability?

In the event that all the above applies, you may chose to take action to protect the protocol's assets.

Post-Intervention

After the funds have been recovered, it is your responsbility to ensure their safe return to the owner protocol. If possible, we recommend contacting SEAL911 immediately to advise on the fund recovery process and to assist with KYC, protocol communications, and bounty collection. Otherwise, you must contact the protocol's posted security contact and return all recovered funds to the protocol's asset recovery address within 6 hours of the event, or 48 hours if reason is provided and the protocol has been made aware.