bZx flash loan event

Published in

Nexus Mutual

6 min readFeb 19, 2020

The recent, well documented, attack on bZx has sparked essential discussions around understanding risk in DeFi. Since the event was announced there have been wide speculations as to whether it would be covered by Nexus Mutual’s smart contract cover. The short answer is that it is up to our members, who fully own the mutual.

This is the first time our system was being tested in such a way. Hugh’s message to the community on Saturday:

Hugh’s message to our community on Saturday

First claim

Of our six members with bZx cover, one submitted a claim (one was invalid as it was purchased after the event). The claim was submitted on 15th Feb on the same day as the announcement. To resolve it, our claims assessors (any member willing to stake NXM to vote on the outcome) then had to assess the situation and vote whether to pay out on the claim or not.

It is worth noting a few things at this stage:

The incident particulars were unclear at this time— so our claims assessors had to work with the information that was available at the time.
Our documentation explicitly excludes activity where the smart contracts act as intended.
Our members have the power to vote and pay the claim anyway.
The claiming member can submit one more time if they wish (which we encouraged them to in light of the bZx report).

The first ever Nexus Mutual claims process finalised with the 30,000 DAI claim on bZx being declined. 7/8 assessors voted no after staking a combined 76,000 NXM (over $300,000) in the process.

Our new board member Rei Melbardis summarised his own thought process.

Declining a claim

Our community has been feverishly discussing the pros and cons of accepting or declining the claim. It has also given them a chance to give us feedback on the claims process itself.

Declining the claim:

“The rules have been explicit from the beginning that Nexus Mutual covers smart contract failures only.”
“If bZx are going to compensate lenders for their loss, as they have indicated, the mutual should decline the claims; especially if there is no smart contract failure. The mutual should be used to indemnify, not lead to a profit for claimants.”

Accepting the claim:

“It caused loss of funds, could be reliably repeated, and requires code change to fix. It should be treated as a hack.”

Discretionary mutual

Being a discretionary mutual means that our members (who fully own the mutual) had the power to decide whether to pay out on the claims or not. They voted based on the information available to them at the time of the vote.

Isn’t there an incentive for claims assessors to reject any claim?
If Nexus Mutual begins denying legitimate claims and thus failing in its core purpose, then no new users would come to the platform and make contributions to it. While it’s true that claims would lower the value of the pool — and hence the value of NXM tokens that the claims assessors hold — in the short-term, claims assessors are also financially incentivised to take a long-term view as they are required to lock up their stake.

Loss of funds

At this point it is worth explaining the process of obtaining smart contract cover with Nexus Mutual.

Become a member.
Select a contract to cover against (anything verified on Etherscan).
Select how much cover you want to take out.
Select how long you want cover for.
You’re covered!

The term ‘loss of funds’ in our documentation refers to the total funds lost, caused by the hack and not a loss incurred by the individual member. So our claiming members do not have to prove any loss of their own funds in order to make a claim.

bZx post mortem

The bZx post-mortem was released on Monday, giving more detailed information that could change the way that claims assessors see the incident, now being called an attack. (Remember, the original claimant can re-submit their claim once more.) The key point in post mortem:

“8:30 am MST: The team identified a safeguard that was bypassed. There was a safety check that did not fire, caused by a logic error in flagging the loan as overcollateralized. Overcollateralized loans don’t involve swaps, which bypasses the final slippage check.”

Although it was originally thought that there was no unintended use of code; that the smart contracts operated precisely as they were designed to, this is actually not the case. Thus we enter the territory where our five members who purchased cover before the attack have valid claims to make.

One of our community members, who had taken out cover on bZx before the attack, supported the decision to reject the initial claim based on the available evidence at the time. However, after the post-mortem surfaced they changed their opinion to be in favour of paying out on claims; and provided guidance to the community by cross referencing the smart contract cover wording and the post-mortem documents, their subsequent table follows.

General requirements

Documentation wording on the left. Response on the right.

Material losses

Cover period

Exclusions

Paying the first claims

We recieved two further claims after the release of the bZx report.

Claim #2 was accepted with 4/4 assessors voting yes, staking a total of 10,051 NXM (USD $43219).

Etherscan transaction details.

Claim #3 accepted with 9/10 assessors voting yes, staking a total of 11,1183.45 NXM (USD $478,088).

Etherscan transaction details.

Both claimaints immediately recieved their pay-outs once the voting closed.

Conclusions

Nexus Mutual has delivered on its promise to pay out claims in the case of unintended use of smart contract code. The voting mechanisms that give our members full control over whether to pay out on a claim or not, have proven to work as they were designed.

The flexibility of the Nexus Mutual system was put to the test. Claims assessors were able to demonstrate that they were using the information available to them at the time to cast their vote(s). The initially rejected claimant was able to submit a, subsequently successful, second claim once more details became available.

Traditional insurance would have automatically declined the first claim because the cover wording said so. Our community was able to act together to make decisions that will impact the future of Nexus using the fundamental mechanisms of a discretionary mutual.

If you want to come and talk to us about this event, our new board member or anything else then please join our next community call on Thursday 20th February at 9am GMT.

For those who can’t make it we will record the call — we’re going to be rotating the times of our calls to accommodate our members in all time zones.

Reddit https://www.reddit.com/r/NexusMutual/
Discord https://discord.gg/YXajyhj
Twitter https://twitter.com/NexusMutual
Telegram https://t.me/joinchat/K_g-fA-3CmFwXumCKQUXkw

Thanks to @chainomics for the table.