[IIP-43] - Adopt The SEAL Safe Harbor Agreement

Category:Proposals
Authors: samczsun (SEAL), dickson (SEAL), @william (Pareto)

Introduction

This proposal outlines Pareto’s adoption of the Security Alliance (SEAL) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Pareto improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.

What is the Safe Harbor Agreement?

The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.

Key aspects of the agreement include:

• Encouraging Whitehats to Protect the Protocol: By adopting Safe Harbor, Pareto incentivizes whitehats to step in and protect the protocol during active exploits by limiting their legal exposure.

• Intervention Only During Active Exploits: Whitehats are authorized to act only when there is an immediate or ongoing exploit that threatens the protocol. This agreement applies only to critical situations where responsible disclosure procedures would not save funds due to the urgency of the exploit, and it is not intended for routine security testing or vulnerability reporting.

• Mandatory Return of Rescued Funds: Under the terms of the Safe Harbor, whitehats are required to return all rescued assets to a pre-designated recovery address controlled by the protocol within 72 hours of recovering them. This ensures that recovered funds are quickly secured, preventing delay or potential loss.

• Clear Guidelines and Legal Protection: The agreement establishes strict rules for how whitehats must operate during an exploit, ensuring recovery efforts are conducted professionally and safely, minimizing the risk of mistakes or further damage to the protocol. By adhering to these guidelines, whitehats can limit their potential legal exposure, allowing them to act in good faith without fear of liability.

• Incentivized Rescue Efforts: To motivate whitehats to act during critical situations, the agreement offers a bounty system similar to a bug bounty. Whitehats are rewarded with a percentage of the recovered assets, up to a predefined cap, for their successful interventions.

Rationale

Pareto is committed to enhancing its security and protecting user funds during critical moments. While security audits and other preventive measures are crucial, the unpredictable nature of exploits requires a swift, decisive response mechanism to minimize potential damage.

The Safe Harbor Agreement empowers whitehats to act immediately during an active exploit, providing a proactive and structured recovery process. By enabling whitehats to step in and recover assets during a crisis, Pareto strengthens its defenses against emerging threats.

Benefits of adopting the Safe Harbor Agreement include:

• Agile Defense Against Exploits: Whitehats are authorized to intervene as soon as an active exploit is detected, enabling them to respond faster than traditional methods. This ensures that Pareto is protected against threats even without the ability to halt the protocol. Immediate action minimizes the window for malicious actors, reduces damages, and accelerates the recovery of assets during critical moments.

• Clarified Rescue Process: The agreement ensures that every step, from intervention to fund recovery, is predetermined and streamlined. Whitehats know exactly where to send recovered funds, preventing chaotic negotiations or rushed decisions during an exploit. This clarity ensures efficient, decisive action when it matters most.

• Clear Financial Boundaries: The predefined bounty system, with a cap matching Pareto’s existing bug bounty, ensures that whitehats are incentivized fairly without creating conflicting priorities between exploit intervention and standard vulnerability disclosure. By setting expectations upfront, it eliminates post-exploit negotiations, ensuring funds are returned promptly without attempts to change the reward amount, keeping the process fair and transparent.

• Aligning with Industry Best Practices: By adopting the Safe Harbor Agreement, Pareto aligns itself with leading security practices across the industry, reinforcing its commitment to staying at the forefront of protocol security.

Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.

Adoption Details

Pareto will adopt the agreement with the following parameters.

1. Asset Recovery Address: Addresses controlled by Pareto, which recovered funds will be returned to in the event of a hack.

2. Scope: List of all on-chain assets protected under Safe Harbor

• “All”: The Safe Harbor Agreement will cover both the subcontracts currently deployed under this contract and any future subcontracts deployed through it. This ensures that all present and future subcontracts are protected.

• In this case, all contracts deployed by the Pareto Deployer EOA would be under scope

3. Contact Details: Designated security contact for Pareto

   • Name: William (@bugduino)

   • Contact Information: security@pareto.credit

4. Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds

   • Bounty Percentage: 10% of recovered funds.

   • Bounty Cap (USD): $50.000

   • Aggregate Bounty Cap (USD): $50.000

   • Retainable: True

     1. This means that whitehats are allowed to retain their bounty directly from the recovered assets. After rescuing funds during an exploit, whitehats may deduct their bounty from the total recovered amount before transferring the remainder to the protocol’s designated asset recovery address. This streamlines the payout process, ensuring whitehats are rewarded promptly while still adhering to predefined bounty terms.

   • Identity Verification: Anonymous

     1. Whitehats are allowed to remain anonymous and are not required to provide their legal name or undergo identity verification. This ensures privacy for whitehats while still enabling them to participate in the bounty program and assist during exploits without revealing personal information.

   • Diligence Requirements: None

Implementation Plan

1. Register Agreement On-Chain:

   • The agreement will be registered on Ethereum in the Safe Harbor Registry, including all adoptionDetails. This ensures transparency and immutability.

2. Communicate Adoption:

   • An official announcement will be made across all Pareto communication channels, explaining the adoption and its significance to the community.

3. Future Updates to Scope:

   • New versions of Pareto will be reviewed and added to the Safe Harbor Agreement scope via Pareto Governance vote, ensuring continued protection for all new contracts and functionalities.

Conclusion

Adopting the SEAL Whitehat Safe Harbor Agreement equips Pareto with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Pareto’s commitment to proactive security.

References

• SEAL Whitehat Safe Harbor Agreement: https://github.com/security-alliance/safe-harbor

• Pareto Bug Bounty: Immunefi Bug Bounty

Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.

Hey everyone - I’m Dickson one of the leads of Safe Harbor!

Feel free to comment and let us know if you have any questions! Always happy to talk about Safe Harbor!

Thanks for posting this @samczsun and thanks for the support @Dickson.

Giving legal protection and economic clarity to whitehats is paramount, this agreement will allow them to act quickly to limit or prevent losses.

With Idle and now Pareto we always focused on security and the adoption of the SEAL Safe Harbor agreement can potentially be the extra layer of protection we need when it matters most.

I’m ofc in favor of this proposal and if no specific concerns are raised in the next 24 hours we will proceede to create a vote on snapshot.

I’m in favor of the proposal, thanks for posting it, @samczsun.

Security has always been a top priority for Idle/Pareto, and adopting the SEAL Safe Harbor Agreement would further strengthen the protocol’s defenses in the event of an attack.

That said, it looks like there may be a typo in the bounty terms. The cap appears to be set at $50, while it likely should be $50,000:

If approved, I believe it would be valuable to add this to the security section of our the documentation.

Nice to meet you Biaf! Thanks for catching the typo - let me fix it up!

Yes for sure would love it Pareto could add it to their documentation!

UPDATED PROPOSAL

[IIP-43] - Adopt The SEAL Safe Harbor Agreement

Category:Proposals
Authors: samczsun (SEAL), dickson (SEAL), @william (Pareto)

Introduction

This proposal outlines Pareto’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Pareto improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.

What is the Safe Harbor Agreement?

The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.

Key aspects of the agreement include:

• Encouraging Whitehats to Protect the Protocol: By adopting Safe Harbor, Pareto incentivizes whitehats to step in and protect the protocol during active exploits by limiting their legal exposure.

• Intervention Only During Active Exploits: Whitehats are authorized to act only when there is an immediate or ongoing exploit that threatens the protocol. This agreement applies only to critical situations where responsible disclosure procedures would not save funds due to the urgency of the exploit, and it is not intended for routine security testing or vulnerability reporting.

• Mandatory Return of Rescued Funds: Under the terms of the Safe Harbor, whitehats are required to return all rescued assets to a pre-designated recovery address controlled by the protocol within 72 hours of recovering them. This ensures that recovered funds are quickly secured, preventing delay or potential loss.

• Clear Guidelines and Legal Protection: The agreement establishes strict rules for how whitehats must operate during an exploit, ensuring recovery efforts are conducted professionally and safely, minimizing the risk of mistakes or further damage to the protocol. By adhering to these guidelines, whitehats can limit their potential legal exposure, allowing them to act in good faith without fear of liability.

• Incentivized Rescue Efforts: To motivate whitehats to act during critical situations, the agreement offers a bounty system similar to a bug bounty. Whitehats are rewarded with a percentage of the recovered assets, up to a predefined cap, for their successful interventions.

Rationale

Pareto is committed to enhancing its security and protecting user funds during critical moments. While security audits and other preventive measures are crucial, the unpredictable nature of exploits requires a swift, decisive response mechanism to minimize potential damage.

The Safe Harbor Agreement empowers whitehats to act immediately during an active exploit, providing a proactive and structured recovery process. By enabling whitehats to step in and recover assets during a crisis, Pareto strengthens its defenses against emerging threats.

Benefits of adopting the Safe Harbor Agreement include:

• Agile Defense Against Exploits: Whitehats are authorized to intervene as soon as an active exploit is detected, enabling them to respond faster than traditional methods. This ensures that Pareto is protected against threats even without the ability to halt the protocol. Immediate action minimizes the window for malicious actors, reduces damages, and accelerates the recovery of assets during critical moments.

• Clarified Rescue Process: The agreement ensures that every step, from intervention to fund recovery, is predetermined and streamlined. Whitehats know exactly where to send recovered funds, preventing chaotic negotiations or rushed decisions during an exploit. This clarity ensures efficient, decisive action when it matters most.

• Clear Financial Boundaries: The predefined bounty system, with a cap matching Pareto’s existing bug bounty, ensures that whitehats are incentivized fairly without creating conflicting priorities between exploit intervention and standard vulnerability disclosure. By setting expectations upfront, it eliminates post-exploit negotiations, ensuring funds are returned promptly without attempts to change the reward amount, keeping the process fair and transparent.

• Aligning with Industry Best Practices: By adopting the Safe Harbor Agreement, Pareto aligns itself with leading security practices across the industry, reinforcing its commitment to staying at the forefront of protocol security.

Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.

Adoption Details

Pareto will adopt the agreement with the following parameters.

1. Asset Recovery Address: Addresses controlled by Pareto, which recovered funds will be returned to in the event of a hack.

2. Scope: List of all on-chain assets protected under Safe Harbor

• “All”: The Safe Harbor Agreement will cover both the subcontracts currently deployed under this contract and any future subcontracts deployed through it. This ensures that all present and future subcontracts are protected.

• In this case, all contracts deployed by the Pareto Deployer EOA would be under scope

3. Contact Details: Designated security contact for Pareto

   • Name: William (@bugduino)

   • Contact Information: security@pareto.credit

4. Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds

   • Bounty Percentage: 10% of recovered funds.

   • Bounty Cap (USD): $50,000.00

   • Aggregate Bounty Cap (USD): $50,000.00

   • Retainable: False

     1. This means that whitehats cannot retain their bounty directly from the recovered assets. Instead, all rescued funds must be returned to the protocol’s designated asset recovery address, and the bounty will be paid out separately after verification.

   • Identity Verification: Anonymous

     1. Whitehats are allowed to remain anonymous and are not required to provide their legal name or undergo identity verification. This ensures privacy for whitehats while still enabling them to participate in the bounty program and assist during exploits without revealing personal information.

   • Diligence Requirements: None

Implementation Plan

1. Register Agreement On-Chain:

   • The agreement will be registered on Ethereum in the Safe Harbor Registry, including all adoptionDetails. This ensures transparency and immutability.

2. Communicate Adoption:

   • An official announcement will be made across all Pareto communication channels, explaining the adoption and its significance to the community.

3. Future Updates to Scope:

   • New versions of Pareto will be reviewed and added to the Safe Harbor Agreement scope via Pareto Governance vote, ensuring continued protection for all new contracts and functionalities.

Conclusion

Adopting the SEAL Whitehat Safe Harbor Agreement equips Pareto with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Pareto’s commitment to proactive security.

References

• SEAL Whitehat Safe Harbor Agreement: https://github.com/security-alliance/safe-harbor

• Pareto Bug Bounty: Immunefi Bug Bounty

Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.

The updated proposal has 2 changes:

Fixing the typo from 50.000 to 50,000 - Sorry about that!

Changing retainable = True, to retainable = False. This means that whitehats are now required to send all funds back to the protocol first before receiving their bounty. Before this was not the case, but after some discussion with William, we’ve decided to set the retainable = false!

Proposal is now published on Snapshot
https://snapshot.box/#/s:idlefinance.eth/proposal/0xeea476267b5488f6b79705eab938c477b145cc61f013e5294081c5d48d56f906

Voting period: 2025-07-25T09:25:00Z→2025-07-28T09:24:00Z

Snapshot vote passed with 587k “For” votes so the agreement is effective from now

image691×441 15.1 KB