The art of smart contract insurance
A story of tears, pizza and how to safely gamble your money
Sometimes you have to break some eggs to make a omelet. And in the case with DeFi, a lot of eggs are broken on quite a regular basis.
If you turn off ‘chad mode’ for just one minute, you should ask:
How do you know your funds are safe?
Most developers will maybe point towards how they might have a smart contract audit. Maybe they’ll say that they have multiple ones. Or maybe they just don’t really give a shit. It’s web 3 anyways, right?
In this article, I will explain why smart contract security audits don’t necessarily guarantee safety and what DeFi users can do right now to mitigate the risk of any future DeFi hacks and black swan events.
But before we do so, let’s take a look at the fabled story of devops199.
“I accidentally killed it.”
These were the famous last words of devops199, a lone developer who triggered the Parity multi-sig hack in 2017 that froze $300M+ of funds.
Unlike the original ‘DAO Hack’ , this time, the code had been put through rigorous rounds of internal review and third party security audits.
But even then, there were still vulnerabilities in the code.
How did this one “eth newbie” manage to rekt the one of the most well funded companies in the crypto space?
While yes, we can blame the fault on the mechanics of the smart contracts…
But, the real culprit in reality was a general community ignorance around the realities of smart contract risk.
Smart contract audits = funds are safu?
Security engineers = humans = potential possibility of human errors
When an audit happens, bugs may or may not be found.
But if not, all it means that they weren’t discovered.
It doesn’t mean: they don’t exist.
Smart contract audits are not where risk ends:
- Code changes: Smart contracts undergo changes and need to audited frequently. Whenever code changes, new potential threats are introduced.
- New DeFi possibilities: When bZx was flash fucked, it was not actually a bug in their smart contract code but rather the emergence of flash loans into the DeFi ecosystem. No one previously had designed their systems with flash loans in mind. This will repeat itself with new DeFi primitives.
- Humans error: Humans miss things. We’ve seen this countless times, waves of audits happen and suddenly out of the blue seeing serious bugs being picked up by some random 19 year old hacker (h/t samzcsun).
- 1 Audit does not equal 1 audit: Not all audits are the same. Audits are different with every firm, they all follow different practices. Some firms conduct 1 day audits, some run audits for 1 week, others for 2–3 months. They are not all equal. Some cost 3–10k, some cost 50–60k.
- Code complexity: As code is more complex the certainty of security greatly decreases. DeFi code is some of the most complex code on Ethereum.
While smart contract audits are rightfully a standard industry practice part of creating safe and secure applications, they are no means able to provide guarantees to safety at all.
There is a 0% chance of 0 risk.
As one wise man one said: The guarenteed is guarenteed.
Enter: Nexus Mutual, smart contract insurance
Nexus Mutual is a project that provides insurance around smart contract hacks for DeFi users. You buy cover for your funds and if the DeFi dapps that you use get hacked, then you are able to claim a full refund.
Insurance is essentially a bet on a highly unlikely future event.
- Person A (buys insurance): Wants to risk it all and stick their DAI somewhere crazy, but wants protection in case shit goes south.
- Person B (sells insurance): Willing to provide insurance and fully refund the cover taken out as long as protection fees are paid.
The protocol is designed so that Nexus Mutual is always over collateralize at 130% of the minimum amount of capital (MCR) it needs to pay out all its covers simultaneously all at once — at anytime (imagine a black swan event with DAI that cripples all of DeFi causing cascading chaos).
The concept of insurance comes from communities in the past who pooled their resources to protect each other from the risks they all faced. But this method isn’t generally scalable as it relies on a local trust based system where everyone needs to know each other.
In the traditional world, we solved this by delegating the responsibility of gauging trust to centralized insurance companies.
Smart contracts allow us to scale coordinate capital for insurance.
The cost of insurance is covered by:
- What smart contracts insurance is for (more liquidity, more capacity)
- Amount of funds insured (more funds, more expensive)
- Time and duration of insurance (longer time frame, the more expensive)
In the event of a smart contract hack, users who have active cover can create a claim to get refunded their funds back by Nexus Mutual. This decision is determined by all the different fat tonies of who hold $NXM.
If Nexus Mutual doesn’t rightfully pay out when it should do so, it is unlikely anyone will rely on it again for smart contract insurance. And $NXM will all go to $0, leaving a lot of fat tonies without pizza. If Nexus Mutual, rightfully pays out, then as more claims happen — proves even more reliable. And helps create a positive feedback loop, generating more demand/purchases for Nexus Mutual insurance.
How to play this game of black swans?
- Become a fat tony yourself, provide cash to the house — get $NXM to stake, get fees for lying around ‘protecting the neighbourhood’
- Use the protocol as armour and as your last mile trap card in case shit shit the fan (always have a backup plan)
While you can get cover for yourself, if you use any other DeFi dapps regularly, then if you annoy the creators enough, you might be able to get them to pay for your own cover as a user. It works, trust me ;)