Ensuring Smart Contract Security.
Smart contract reliability is key for Blockchain adoption. As the market leader in Solidity code audits, we are relentlessly working to make sure that people and companies can put their trust and value in smart contracts. With Nexus Mutual we are integrating a decentralized alternative to insurance, that will bring smart contract security to a new level.
The Bug Prediction Market aims to fix the few bugs remaining in the current audit process of smart contract code. One of the major improvements is ongoing feedback on a smart contract’s security even after it was deployed on the main net.
To receive an early warning on a compromised contract prior to the vulnerability being disclosed is an overdue improvement.
However, as a preventive measure, it does not completely avert the risk of value being stolen or frozen.
To get closer to the goal of business ready and compliant smart contracts, we are partnering up with an awesome project: Nexus Mutual. The UK based team has an ultimate aspiration to disrupt the insurance market and are starting with cover for bugs in smart contract code.
We are both equally excited to synergistically develop a whole new level of security and assurance for developers, companies and — most importantly — users of smart contracts.
At the London Blockchain Summit, Nexus Mutual’s CEO Hugh and our CEO Eduard met again and talked about the collaboration.
Hi Hugh, hi Eduard, how did this collaboration begin?
Hugh: We had heard about Solidified through multiple channels and decided to get in touch as they were interested in insurance for smart contracts. We realised they had been talking with the regular insurance industry without much success. As insurance experts, this was nothing new to us, the blockchain industry needs specifically tailored products for our risks and insurers aren’t there yet.
Eduard: Prior to Nexus Mutual, we’ve been in talks with several large insurance providers who were all trying to apply the same centralized risk-assessment practices to the blockchain applications, which simply does not work. They were not quite ready to commit to creating the right type of product for the decentralized community needs.
What do your projects have in common?
Hugh: We are both heavily focussed on the security of smart contracts, which is a massive issue for the Ethereum community. For the first time ever, pieces of code are both available publicly and have huge amounts of value sitting in them. While Solidified concentrates on the preventative measures, we at Nexus Mutual provide the safety-net should something go wrong.
Eduard: Both services are highly complementary and add to each others solution. What caught my eye immediately about Nexus Mutual is that they understood that
- no matter how many security audits you do, there will always be a chance of a potential vulnerability, thus a final safety net must exist and
- you need to leverage the expert Solidity community in order to provide an accurate measure of security of any given smart contract, so something like an insurance can actually work.
Hugh: Think of it like prevention and cure. We are two sides of the same coin. Additionally, both projects rely on a decentralized pool of smart contract security experts to operate, so our communities and values are the same.
Where do these complementary systems meet?
Eduard: Solidified provides the most complete smart contract security audits on the market (initial audit, tooling, verification of fixes, bug bounty and Bug Prediction Market) with the largest community of Solidity experts. However, even as advanced as our process and community are, not even our audits will always be 100% foolproof.
Hugh: Insurance is all about risk and once a contract has gone through Solidified’s rigorous auditing process the risk of failure is much, much lower, but — as Eduard said — it still exists.
That’s why Nexus Mutual will offer cover to all contracts that pass through the Solidified model.
Not only that, we plan to hook into Solidified’s Bug Prediction Market, which we believe is a wonderfully symbiotic product for Nexus Mutual. Anyone staking value on the Bug Prediction Market on the ‘no bugs’ side would also naturally stake value on the Nexus Mutual platform and earn value from cover being taken out against these contracts. This staking would also reduce the cover prices for the relevant contracts on the Nexus Mutual platform, benefiting the community overall.
How does such a partnership actually work?
Hugh: The partnership is both a technical one and a collaborative one. We will not only integrate our offers closely together but also support the wider Ethereum security community by promoting collaboration and understanding of security issues and approaches.
Eduard: Right, as both services are in development, we can leverage this chance to align on release timeline of the Bug Prediction Market and Smart Contract Cover, to make sure these offerings go hand in hand and are effective. A lot of testing and behavioural economics with the expert community still needs to be verified to ensure a successful rollout of these products.
Hugh: We’re also really excited by the ability to not only offer our products to the audit customers of Solidified but to have Solidified’s massive community of smart contract auditors (numbering around 200) be highly familiar with the Nexus Mutual platform where they will be able to participate as and when they please.
Eduard: There is a lot of room for collaboration on other levels like hosting community events or hackathons together. But first and foremost we are eager to really provide significant value to the Ethereum community with what we are building.
What value does this provide for the community?
Eduard: For businesses, this means having the highest possible level of confidence in the security of their contracts, with a peace of mind that even if something ever goes wrong, they are protected. We believe this security to be absolutely crucial to allow naturally hesitant and risk-averse companies and actors to join the market.
Hugh: I completely agree. We need to increase our standards to drive corporate adoption of smart contract-based solutions by combining both preventative measures and a safety net against significant issues in the code. We’re hoping this will benefit the whole blockchain ecosystem.
Eduard: In general, we aspire to improve the concept of smart contracts by making them not only more secure technically but by providing an improved feeling of safety and assurance for the people that matter the most in the end: non-technical users, the masses really.
Hugh: At Nexus Mutual we have our heads down #buidling our release product. So we will firstly focus on the collaborative side of the partnership and increase standards, knowledge and best practice within the security community. The technical integrations will come later but, as now we are both developing along the same path, the journey to business-ready smart contracts will be a lot shorter.
Eduard: Same for Solidified. We partnered up with Gnosis to build on their experience and infrastructure for our Bug Prediction Market. Currently, we are developing the MVP for the first decentralized Bug Verification Oracle.
With our respective sides of the product in development, we are discussing the timeline and strategy for integration points. Bug Prediction Market is a complex system with its own economy that requires a high degree of testing to get right and we will be using Nexus Mutual’s help to make sure it launches successfully to the public.
Another major next step will be our token sale, which will start on the 23rd of July. The Solid Token will fuel the Bug Prediction Market and act as a form of collateralized reputation for smart contract auditors during the audit process. The token sale is primarily targeted at Ethereum developers and the audit community.