SEAL’s Whitehat Safe Harbor agreement is a legal and technical framework which can be adopted by protocols and crypto communities to grant advanced permission to whitehats and MEV bots for frontrunning exploits so long as:

1. Funds are returned to a designated Asset Recovery Address determined by the protocol.
2. Action is only taken in the event of an Active Exploit.

By adopting Safe Harbor, protocols and whitehats can work together to increase their chances of recovering funds in the event of an attack.

TLDR

• Safe Harbor is a legal agreement protocols may adopt that grants rights to certain Whitehats who help save protocol funds.
• Under the Agreement, protocols:
  • Must define a list of the on-chain assets which they own.
  • Allow Whitehats to white hat hack these assets during active exploits.
  • Defines requirements the Whitehats must follow while white-hat hacking the protocol and after the hack is compete such as how funds must be recovered, what KYC process the whitehat must be subjected to, and what bounty for which the whitehat is eligible.
• In order to adopt Safe Harbor, protocols must:
  • Decide on their Adoption Details
    • List of all on-chain assets (smart contract, wallet addresses) they own and wish to protect.
    • An Asset Recovery Address that Whitehats can use to return funds.
    • Select bounty terms (Bounty % and Bounty Cap) for successful whitehats (recommended as 10% and $1M USD respectively).
    • Decide what KYC requirements to which Whitehats will be held.
    • Have emergency contact information for Whitehats to use in the event of an exploit.
  • Once Adoption Details are selected, the protocol may adopt safe harbor using any of the compliant adoption methods including SEAL’s adoption form, Skylock or Immunefi’s Dashboards, or the Safe Harbor Adoption Checklist. In general, adoption will require:
    • Creating an agreement fact pages containing the adoption details.
    • (If a DAO) Push Safe Harbor adoption through the DAO procedures like any other initiative.
    • Publish the agreement details in a publicly accessible location, such as the Safe Harbor Registry.
    • Publish the Safe Harbor clauses to your website’s Terms and Conditions.
  • Once Adopted, the protocol should make sure to update their adoption details whenever a new asset is deployed on-chain.
• Safe Harbor has been drafted by Gabe and has been reviewed by top lawyers inside and outside the industry, including those working at A16Z, Paradigm.
• The Safe Harbor Legal Agreement is licensed under CC BY-ND. The source code for the smart contract registry, used during adoption, is licensed under MIT. Both can be found in the Whitehat Safe Harbor Repository hosted by SEAL.

Resources

• Whitehat Safe Harbor Repository - SEAL
• Documents - SEAL