Chapter 12: Decentralized Insurance

Users need to stake tokens in smart contracts before using DeFi applications. Due to the potential for massive expenditure scenarios, tokens staked in smart contracts are vulnerable to security attacks. Although most projects' smart contracts have undergone code audits, it is impossible to know for certain whether a smart contract is truly secure; the possibility of being hacked always exists, which can lead to financial losses.

Recently, two notable DeFi security attack incidents occurred on a DeFi Dapp called bZx. These attacks took place between February 15 and 18, 2020, resulting in a total loss of 3,649 ETH, worth approximately $1 million. The first attack resulted in a loss of 1,271 ETH, while the second attack caused a loss of 2,378 ETH. Both vulnerabilities involved very complex transaction processes, executed through multiple DeFi Dapps.

The enormous losses highlight the inherent risks of DeFi, which is also why many people are skeptical about it. Here are several risk points faced by DeFi users:

1. Technical risk: Vulnerabilities in smart contracts can lead to security attacks;
2. Liquidity risk: Liquidity depletion similar to that on the Compound platform;
3. Key management risk: The platform's master private key may be stolen.

If users are making large transactions using DeFi, they may consider purchasing insurance to mitigate transaction risks. In this chapter, we will introduce two mainstream decentralized insurance providers, Nexus Mutual and Opyn, which will provide security for your DeFi transactions.

Nexus Mutual

What is Nexus Mutual?

Nexus Mutual is a decentralized insurance protocol based on Ethereum, currently able to provide security for any smart contract on the Ethereum blockchain. Below is a list of DeFi smart contracts covered by Nexus Mutual:

What incidents does Nexus Mutual cover?

Currently, Nexus Mutual covers transaction failures caused by vulnerabilities in smart contract code, preventing financial losses due to these vulnerabilities being exploited by hackers. Note that smart contract protection only prevents "accidental use" of the smart contract and does not cover security incidents such as lost private keys or attacks on centralized exchanges.

How does the underwriting mechanism work?

You first need to select the coverage period and the coverage amount. The coverage amount is the amount of protection you wish to purchase; if a vulnerability occurs in the smart contract, the platform will compensate the corresponding amount. After a smart contract security incident occurs, a "claim assessment" process will be initiated, which will involve "claim assessors." Once approved, the platform will pay you the insurance amount.

How is the underwriting mechanism priced?

Nexus Mutual covers all smart contracts, and the pricing criteria depend on the following factors:

1. Characteristics of the smart contract, such as the amount of funds stored in the smart contract and the number of transactions processed.
2. Coverage amount
3. Coverage period
4. Risk assessors' collateral for the smart contract

Smart contracts without sufficient collateral or those that have not been adequately tested cannot be priced normally, meaning that such smart contracts cannot be included in the coverage scope.

Assuming you purchase insurance for a Compound smart contract at a unit price of $200 for 5 ETH. If the insurance premium for each ETH during the one-year coverage period is 0.013 ETH, the total insurance cost for one year would be 0.065 ETH. If Compound is hacked during this period, regardless of how the price of Ethereum changes at the time of the hack, you will be compensated with 5 ETH. If the price of ETH rises to $300 during the hack, as long as your claim is approved, you will still receive back 5 ETH.

Please note that once a smart contract security incident occurs, anyone can initiate a claim within the platform's coverage scope without needing to provide proof of the funds they invested in the smart contract and suffered losses.

How to purchase insurance?

1. Specify the smart contract address to be covered.
2. Specify the coverage amount (ETH or DAI) and the coverage period.
3. Generate a quote and transact using Metamask.
4. Now, you are covered!

NXM Token

Nexus Mutual issues a native token called NXM. The NXM token is used to purchase insurance, participate in risk assessment, and engage in claim assessment. It is also used for capital financing, reflecting ownership of the mutual platform. As the platform's capital pool increases, the value of NXM will also rise.

Through the platform, users can do two things—purchase capital insurance or become risk assessors by staking NXM.

NXM uses a token bonding curve, which is influenced by the amount of capital in the platform and the amount of capital required to meet all coverage needs under certain probabilities.

Currently, the NXM token is not traded on any exchanges and is used solely as an internal token for Nexus Mutual.

What is a risk assessor?

Risk assessors initiate collateral operations on smart contracts (essentially to prove that the smart contract is secure) to earn NXM token incentives, as users will also purchase insurance for the corresponding smart contract. Risk assessors are professionals who understand the risks of smart contracts, or:

(1) Individuals capable of assessing Dapp security themselves, or

(2) Individuals who trust that the smart contract is secure (e.g., code auditors or other stakeholders).

Has NXM paid out claims?

Of course! In the recent bZx flash loan security incident, six users received compensation from the smart contract, with a total coverage amount of approximately $87,000. As of the writing of this article, the platform has processed three claims, and once the risk assessors vote to approve, users will receive compensation immediately.

Nexus Mutual: Step-by-Step Guide

Step 1

• Visit the website: https://nexusmutual.io/, then click on Get a Quote.

Step 2

• Select the smart contract you want to cover or enter a custom address. Here we choose the Maker multi-collateral Dai contract.

• Fill in the coverage amount and duration (the coverage amount must be an integer).

Step 3

• Wait a moment to receive a quote.

Step 4

• After generating the quote, Nexus Mutual will display the insurance cost. Currently, the insurance cost (paid in ETH) is approximately 1.3% of the coverage amount. If you accept this price, you can proceed and will need to complete membership registration.

Step 5

• Register as a member, you need to:

1. Not be a resident of the following countries/regions: China, Japan, Sri Lanka, Ethiopia, Mexico, Syria, North Korea, Trinidad and Tobago, India, Russia, Tunisia, Iran, Serbia, Vanuatu, Iraq, South Korea, Yemen.
2. Complete KYC verification.
3. Pay a one-time membership fee of 0.002 ETH.

• After completing KYC, you can proceed to the next steps to purchase insurance.

Disclaimer

Due to restrictions on residents of certain countries/regions and the requirement for KYC verification to use Nexus Mutual, some people believe it is not a truly decentralized method.

At this point, we can also use another insurance product, Opyn.

Recommended Reading

1. A guide to financial risk in DeFi (Seth Goldfarb)

https://defiprime.com/risks-in-defi

2. The Defiant tweets on the exploits (Camila Russo)

https://twitter.com/CamiRusso/status/1229849049471373312

3. bZx Hack Analysis Exposes Challenging DeFi-Inherent Composable Liquidity Risks (PeckShield) https://blog.peckshield.com/2020/02/15/bZx/

4. bZx Hack Full Disclosure (With Detailed Profit Analysis) (PeckShield) https://blog.peckshield.com/2020/02/17/bZx/

5. bZx Hack II Full Disclosure (With Detailed Profit Analysis) (PeckShield) https://blog.peckshield.com/2020/02/18/bZx/

6. Nexus Mutual NXM Token Explainer (Hugh Karp)

https://medium.com/nexus-mutual/nexus-mutual-nxm-token-explainer-b468bc537543

7. Nexus Mutual (Fitzner Blockchain)

https://tokentuesdays.substack.com/p/nexus-mutual

8. The Potential for Bonding Curves and Nexus Mutual (Fitzner Blockchain) https://tokentuesdays.substack.com/p/the-potential-for-bonding-curves

9. Why Nexus Mutual should be on your radar (Defi Dad)

https://twitter.com/DeFi_Dad/status/1227165545608335360?s=09

Opyn

What is Opyn?

Opyn is another DeFi application that provides security for smart contracts. Currently, Opyn can support insurance for USDC and DAI assets on the Compound platform and also provides protection for stablecoin assets on Curve.

In addition to issues caused by smart contract security attacks, Opyn also offers protection against various other risks, such as financial risk and management risk. Opyn uses financial derivatives (i.e., options) to achieve this.

What are options?

Options are divided into two types: call options and put options. A call option is a right, not an obligation, to purchase an asset at a specific exercise price within a specified period. On the other hand, a put option is also a right, not an obligation, to sell an asset at a specific exercise price within a specified time.

For every buyer of an option, there must be a seller of that option. The buyer of the option pays a premium to the seller to obtain that right.

The following image is an analogy of a call option for Halloween to help you better understand options:

There are two main types of options: American and European. The difference between the two is that for American options, the buyer can exercise the option at any time before the expiration date, while for European options, the buyer can only exercise the option on the expiration date.

How does Opyn work?

Opyn allows users to purchase put options for USDC and DAI stablecoins to hedge against the risk of black swan events occurring on the Compound platform.

As previously described regarding the Compound platform, when someone borrows DAI, they receive cDAI tokens in return. By using Opyn, traders can purchase oTokens, which serve as the right to sell cDAI and redeem DAI when the smart contract on the Compound platform is attacked.

Purchasing insurance worth 1 DAI on Opyn is essentially buying an American put option for cDAI assets at an exercise price of $0.92. When the Compound platform is attacked, any DAI deposits on Compound will no longer be worth $1 but rather less, such as $0.10. Using Opyn's ocDAI tokens, the insurance purchaser can redeem ETH worth $0.92. This protects users from losses caused by smart contracts. There is no need for a centralized entity to verify claims, making it a truly decentralized insurance.

Important Note: Opyn only covers your principal and does not cover the interest you earn on the Compound platform. When you deposit DAI into the Compound platform, you will receive cDAI in return. If you claim from Opyn, you need to send cDAI and oDAI insurance tokens to Opyn to receive coverage immediately.

What are the insurance costs?

As of the writing of this article, the cost of purchasing insurance on the Compound platform using Opyn is approximately equal to the following annual percentages: DAI deposits at 1.22%, USDC deposits at 2.61%. This means that if you earn an uninsured yield of 5.41% on DAI deposits, after purchasing insurance on Opyn, you can ensure a yield of 4.19%.

Please note that Opyn was launched relatively late, in February 2020, and as market conditions change, insurance costs will also fluctuate and gradually approach an optimal balance.

Since insurance is tokenized in the form of oTokens, it can be traded on DEXs like Uniswap, which is why the price of insurance depends on market supply and demand.

Why would someone provide insurance on Opyn?

For every insurance purchaser (buyer of put options) on Opyn, there must be an insurance provider (seller of put options) on Opyn. By becoming an insurance provider on Opyn, Ether holders can earn ETH returns.

To do this, they must first collateralize ETH to Opyn's smart contract at a minimum collateralization rate of 160% to issue oTokens. Insurance providers can issue oTokens for USDC or DAI on the Compound platform.

Once oTokens are issued, there are two exciting ways to earn premiums:

1. Become a liquidity provider on Uniswap

Liquidity providers on Uniswap provide liquidity through Uniswap tools, earning fees from users utilizing the Opyn platform, resulting in substantial returns. Liquidity providers can withdraw funds at any time. In the section introducing Uniswap, we show you the steps to provide liquidity on Uniswap.

2. Sell oTokens on Uniswap

Issued oTokens can be sold on Uniswap. You can check Opyn's main control dashboard to calculate the annual percentage of selling oTokens on Uniswap and compute the difference between uninsured yield and insured yield, which is the portion of yield users are willing to forgo to obtain insurance. As of the writing of this article, the annual percentage available for DAI is 1.22%, and for USDC, it is 2.61%.

The returns from ETH collateralization are higher than any other product in DeFi. However, earning this return is not without risks. By selling put options to earn returns, option sellers assume the risk that catastrophic events will not occur, such as technical risks (hacking), financial risks (failure of DAI's peg), or a run on the Compound platform. Users must also maintain a collateralization ratio of over 160% to avoid liquidation.

Is Opyn safe?

Opyn's smart contracts can be publicly verified, and its contracts have been audited by the smart contract auditing company OpenZeppelin. A complete report can be viewed via the link: https://blog.openzeppelin.com/opyn-contracts-audit/.

Opyn is also non-custodial and trustless, relying on incentives for its operational mechanism.

What are the main differences between Nexus Mutual and Opyn?

Opyn: Step-by-Step Guide

Step 1

• Visit the website: https://opyn.co/, then click "Get Started." We will insure DAI on the Compound platform.

Step 2

• Assume we have 20 DAI, and we want to purchase insurance for it.

Step 3

• After clicking "Buy Insurance," we will be redirected here.

• Click to confirm and "Confirm" the transaction.

Step 4

• As you can see, we received ocDAI in exchange for ETH.
• Note that the amounts here are different. 1 ocDAI covers 1 cDAI, not 1 DAI. Remember, as mentioned in previous chapters, 1 DAI does not equal 1 cDAI.

Step 5

• After the transaction is confirmed, if you want to check whether the DAI on the Compound platform is insured, please return directly to Opyn's DAI entry page.

Step 6

• You will see your insured amount here.

Step 7

• When you enter the DAI page, you will see that 20 DAI has been insured in the transaction.

Conclusion

It is important to note that since the pricing of oTokens depends on supply and demand, it can serve as a signal mechanism to check for issues on Compound. If people believe that a black swan event will occur on the Compound platform, they will purchase more oTokens, causing the price of oTokens to rise.

Ultimately, whether to insure or not is up to the user to decide. However, we at CoinGecko strongly recommend purchasing insurance, as we cannot predict what will happen in the future, especially in the early DeFi market.

Recommended Reading

1. Convexity Protocol Announcement (Zubin Koticha)

https://twitter.com/snarkyzk/status/1194442219530280960

2. Options Protocol Brings 'Insurance' to DeFi Deposits on Compound (Brady Dale) https://www.coindesk.com/options-protocol-brings-insurance-to-defi-deposits-on-compound

3. Getting Started (Opyn) https://opyn.gitbook.io/opyn/

4. Opyn launches insurance platform to protect DeFi users (Zubin Koticha) https://medium.com/opyn/opyn-launches-insurance-platform-to-protect-defi-users-fdcabaca7d97

5. Exploring the Decentralized Insurance Arena That's Rising on Ethereum (William Peaster) https://blockonomi.com/decentralized-insurance-ethereum/