Please read the prior article to understand how three methods of security in DeFi works, and the pros-cons of each.
Dear Builders,
InsureDAO has made insurance and bug bounty one. I would be glad if you could go through this article and give us your thoughts!
Background
InsureDAO is originally an insurance protocol where a pool is prepared for each protocol. The underwriter funds the pool, and the insurance buyer pays a fee to reserve the money for future attacks. If there is an attack, the loss can be recovered from the reserved funds.
Underwriters (insurance sellers) are welcome to fund bug bounty payments if they can prevent hacking and limit losses, so insurance and bug bounty should be offered together. This would also solve the problem of the amount of funding that bug bounties have. For the protocol, it also allows third-party professionals to scrutinize the vulnerabilities that are submitted, and also allow them to operate without having their own funds die.
The ReportingDAO, which InsureDAO uses to determine insurance payments as an incident oracle, is composed of auditing firms and is best suited to reproduce the attack methodology, estimate the amount of damage, and determine the bug bounty payment amount.
How it works
Below is a diagram showing how current bug bounties work:
The point here is that most of the Insurance fund is not being used, implies that it is only the protocol that contributed to the bug bounty; and depending on the scale of the hack, the fund is susceptible to hacks. The insurance fund and bug bounty fund should be linked or in the same pool because there is an incentive for underwriters to prevent hacking. From a financial efficiency point of view, the money in the insurance pool earns premiums, but the money that the protocol contributes to the bug bounty is completely dead, so it is a great waste.
Next, this is the diagram how bug bounty on InsureDAO works:
InsureDAO outsources insurance payment decisions and other matters to a group of professional auditing firms and teams called ReportingDAO.
This allows a third-party professional to come in and work with the protocol to determine vulnerabilities, whereas in the past, the protocol would make its own vulnerability determination.
This allows for accurate severity labeling and damage estimates.
For protocols, it also allows them to operate their raised fund and make profits while improving their own safety.
Moreover, InsureDAO uses veToken model: by earning INSURE, it can increase the amount of reward for its own protocols and attract more underwriters.
Easy Integration
All you need to get started with insurance and bug bounty is to create an insurance pool on InsureDAO. Once you have deposited USDC into your pool, you can start offering insurance and bug bounty at the same time. (Bug Bounty is still in the preparation stage)
Front API will be provided soon as well. You can start providing your insurance option for users on your UI very easily.
If you are interested please contact us on discord and we are happy to help you.
Future Plan
Here is our roadmap
https://medium.com/insuredao/the-secret-insuredaos-master-plan-just-between-you-and-me-77e08d3ab193
We pursue the most protocol-friendly security module among the defi ecosystem.
Thank you!
About InsureDAO
App: insuredao.fi
Twitter: https://twitter.com/insuredao
Discord: discord.gg/8BA5f5rurq
Telegram: https://t.me/InsureDAO
