Smart Contract Cover: A Safety Net for Ethereum Smart Contracts

One of the bigger challenges Ethereum faces is ironically the ability to trust smart contracts. The blockchain gives us confidence that smart contracts will operate as coded but how can regular users be confident they will operate as intended?

Since mid-2016 there have been three high profile “hacks” of Ethereum smart contracts. These hacks all involved large volumes of funds being lost in a way that was clearly against the intention of the code.

The first of these was The DAO hack, a pivotal event for the Ethereum community, where a hacker managed to use the now well known “re-entrancy bug” to drain funds held in The DAO. Whether you believe “code is law” and whether Ethereum should have forked are both debatable points but this action was clearly not the intention of the original code.

The second was the first of the Parity multi-sig wallet issues, whereby a hacker gained control of the multi-sig contract and accessed the funds directly. Once again, this action was clearly against the intention of the code which was to keep user’s funds in one place unless agreed to by the multi-sig key owners. Around $30m worth of Ether was taken with much more actually being saved by friendly hackers.

The third was unfortunately another Parity multi-sig wallet issue, whereby a user managed to gain control of a related contract and delete the underlying multi-sig logic. This has effectively rendered the funds locked forever with over $300m of Ether being made permanently inaccessible.

And these are just the high profile “hacks”. Many more have occurred that haven’t caught the eye of the public. So can we ever be fully confident code works as intended?

I don’t believe so.

Some might argue formal verification techniques allow us to prove that code works precisely as per the specifications, and that is a fantastic help, but there remains a gap. We still have to write the specifications correctly and convert the intentions of humans into cold hard code. As a community we can do much more to significantly reduce the level of bugs but we will struggle to remove them entirely.

At Nexus Mutual we believe that the Ethereum community would benefit from another safety net. An assurance that gives users more confidence their funds won’t be lost due to bugs while also allowing developers to deploy contracts with greater confidence.

To address this need we are developing Smart Contract Cover, a product that is designed to pay-out claims if there is “unintended code usage that results in a material financial loss”. As Nexus Mutual will use a decentralised voting mechanic to determine claims this effectively provides a human overlay to deal with extreme scenarios.

Our goal is to launch a mutual risk sharing entity run entirely on the public chain that allows the Ethereum community to share a critical risk with each other. So how would the product work?

We will start with the pricing approach, which comprises two main steps. The first step will provide a base price for any smart contract based on how battle-tested the code is. For example, how long the contract been on main-net with funds exposed to being hacked. The base price would be conservative and wouldn’t work for newly deployed contracts by itself. This is where we introduce the second step; decentralised underwriting. Here we allow anyone to stake value (in the form of tokens) against any smart contract. This will drop the price of cover considerably but also expose the stake to early claims. In return for staking value, the underwriter will earn a commission for every person who takes out cover on that contract.

Effectively, this amounts to crowd sourced underwriting for smart contracts. For individuals with smart contract coding expertise now you will be able to earn income if you deem a contract to be secure in addition to the more common opportunities of finding issues and claiming bug bounties.

From a customer perspective purchasing cover would simply involve selecting a designated smart contract address, choosing a fixed cover amount and finally selecting the time period they want the cover for. Should there be “unintended code usage” on the chosen smart contract they can submit a claim to the voting process for a simple yes/no decision. One distinction to regular insurance products is that no proof that the individual customer lost funds is required, only that the contract was used in an unintended way and that somebody lost funds.

One particular use would be to cover a multi-sig wallet contract that holds a substantial amount of Ether. While it wouldn’t protect against private key loss or theft it would provide comfort against any smart contract issues that haven’t been discovered yet. However, that is the most basic use case as cover can be purchased for any smart contract including ICO contracts, gambling contracts and even kitten breeding contracts.

In terms of our project, we are in the process of developing the Nexus Mutual platform with the aim of going live before the end of 2018. While we have grand visions of being an alternative risk carrier for the insurance industry we want to prove our model in a niche and start by assisting the Ethereum community grow, develop and become more robust. We believe Smart Contract Cover can play a key role in that journey and look forward to the communities feedback.