How to protect against hacks with Nexus

Purchasing cover with Nexus Mutual a bankless insurance alternative.

Level up your open finance game five times a week. Subscribe to the Bankless program below.


Dear Bankless Nation,

Protocol risk stacks.

Keep that in mind when you’re wrapping tokens and farming those yields.

That means lending DAI in Compound means taking on the risk of Ethereum + DAI + Compound. And for each protocol there are three categories of risk to keep in mind.

Smart contract risk is the big one. Hacks, coding errors, bugs.

Smart contract risk is the one that’s cost us the most:

  • The DAO hack—3.7m ETH 🤮

  • The Parity hack—500k ETH 🤒

Audits help but value locked over time is the only metric that truly starts chipping away at the risk profile protocols. Kinda tricky since most DeFi protocols are less than two years old! Many aren’t even two months!

That’s why we need smart contract insurance. And that’s what Nexus provides. They use DeFi to derisk DeFi.

In good news—Nexus already has $15m in smart contract cover!

In less good news—that $15m only represents about .3% of value in DeFi.

Room to grow.

I’d say smart contract insurance as a whole may be one of the biggest things holding us back from mainstream adoption. That’s why we’re cheering them on.

Let’s learn how to use Nexus to protect against hacks.

-RSA


🙏Sponsor: Aave—earn high yields on deposits & borrow at the best possible rate! 


We just released episode 7 of SOTN—all about the magic YFI token….

📺 Watch State of the Nation #7: EXPLOSIVE - w/ Special Guest: Daryl Lao

$YFI TOKEN MAGIC, ETH PUMPED, DEFI RISK


TACTICS TUESDAY:

Tactic #48: How to protect yourself against hacks with Nexus Mutual

Guest Post: Hugh Karp, Founder of Nexus Mutual

If you've been actively participating in the yield farming craze or simply using any of the DeFi protocols then it probably makes sense to consider protecting yourself against potential bugs.

Smart contracts have had major issues in the past and while security practices as a whole are improving, you can never be certain that smart contracts will always work as intended.

In this tactic, we’ll show you how easy it is to purchase a Smart Contract Cover with Nexus Mutual to cover the risk of failure in the Solidity code.

  • Goal: Purchase Smart Contract Cover on Nexus Mutual

  • Skill: Beginner/Intermediate

  • Effort: 20 min

  • ROI: Very high if you avoid loss due to a hack / negative if not.


⛽️ Gas prices are high right now, especially for complex transactions like purchasing Nexus Mutual Covers. If you have smaller amounts we recommend waiting for gas fees to drop as purchasing a cover will cost around $10 - $15!


What is Nexus Mutual?

Nexus Mutual is a people-powered alternative to insurance where members join together in a DAO to share risks with each other. It takes the very old concept of an insurance mutual and uses token incentives to run the mutual in a non-custodial way.

Nexus Mutual’s first product is Smart Contract Cover which provides a claim payment in the event of “unintended code usage leading to material financial loss”.

Events like The DAO hack or the Parity multi-sig wallet issues from 2016/17 are what inspired the product. Members of the mutual vote on claims using a staking process that has already been put to the test.

Earlier this year the mutual made its first claim payments as a result of the bZx hacks.

Understand Your Cover Needs

The first step is to understand which smart contract systems you’re using and what you need to purchase cover against.

Nexus Mutual provides cover on a system basis, meaning you purchase cover on Compound or MakerDAO or Uniswap or Curve, etc. If you are interacting with multiple protocols or if you are using protocols that are built on top of each other, you will need to purchase coverage on each system to be fully covered.

When getting a quote you will need to select which currency to purchase your cover in, either ETH or DAI, and select a cover period in days.

So you need to know:

  • What systems you are using; 

  • How much you are putting into each system; and

  • How long you plan to use the system for.

As an example, if you are lending 5000 USDC on Compound then you would probably want to purchase 5000 DAI worth of cover of Nexus Mutual. If something was to go wrong with Compound you would be paid a claim in DAI.

Alternatively, if you are providing cUSDC to a Balancer pool then you may wish to purchase cover on both Compound and Balancer to be more comprehensively covered.

What it Doesn’t Cover

Smart Contract Cover provides protection against the technical risk of the smart contracts failing, the Solidity code.

It doesn’t currently provide cover for things like oracle failures, governance attacks, using flash loans to manipulate markets, economic/incentive failures, or anything outside the smart contracts. (See tactic #8 for more on the three types of risk)

The Nexus Mutual team is working to broaden the coverage, so keep an eye out for more comprehensive covers in the future.

Becoming a Nexus Mutual Member

If you aren’t a Nexus Mutual member, you will need to sign up and become a member in order to get covered. However, anyone can query the mutual and receive a quote at any time.

At times of high gas costs (pretty much all the time right now!), it’s best to complete membership separately and then return to get a quote afterwards.

Membership involves a KYC process and a small membership fee of 0.002 ETH.

KYC requires an ID document such as a driver's license or passport and is mostly complete in a few minutes but can take up to 24 hours for the team to check manual review cases.

During the sign-up process, The Mutual will approve one ETH address as your Nexus Mutual member address. This is the address you must use to interact with the Nexus Mutual system, and only one address per person/entity is allowed.

You may switch your ETH address afterwards but this only works if you don’t have any outstanding covers in place.


📔 As part of KYC, you will likely need to put shields down or remove any adblockers to allow our 3rd party KYC provider system to work, once KYC is complete these can be reinstated.


How to purchase a cover with Nexus mutual

Purchasing cover is relatively simple once you’re a member and understand your coverage needs.

The first step is to get a quote:

  1. Go to app.nexusmutual.io. Connect your MetaMask, and click the “Buy Cover” option on the sidebar.

  1. Select the desired smart contract from the list that you wish to get coverage on.


👉 If the smart contract you’re looking for is missing from the shortcuts jump into the Nexus Mutual Discord to get the appropriate ENS name. Just hop in and type “!contracts” into the chat and our Bot will give you the full list. You can also ask any of our team members or dedicated community members!


  1. Enter the cover amount and currency. You have the option to be covered in ETH or DAI!

  1. Enter the amount of time you wish to be covered for. Cover periods must be at least 30 days and can go up to 1,000 days.

  1. Get your quote. Getting one doesn’t require a transaction, so you can do this as many times as you like to test different options. Your quote will be valid for 60 minutes. If you’re happy with the quote, click continue.

(Above) A quote from Nexus Mutual for 10 ETH coverage on Compound v2 for 365 days

  1. Once you have your quote generated, you can move on to purchase. You’ll have to accept the disclaimer. You’ll also have to approve NXM token transfers if you haven’t already.

  1. Sign the Metamask transaction. Once confirmed, congratulations! You’re officially covered by Nexus Mutual for that smart contract.


🧠 Fun Fact: Nexus Mutual covers are not actual legally-binding insurance covers. Instead, they are discretionary covers that the Mutual’s members (Claims Assessors) decide on whether a claim is valid or not. The Mutual always has an incentive to pay out valid claims as if they don’t, no one will buy covers anymore!


Submitting a Claim

If something happens then you can submit a claim at any time from the Manage Cover section of the application. This creates a workflow item for Nexus Mutual’s claims assessors to vote on. Submitting a claim requires a small deposit in NXM to prevent spam but you will already have the required NXM as part of the cover purchase process, so there is nothing further for you to do.

If your claim is approved it will be automatically paid to your address.

Summary

Yield farming and interacting with DeFi can certainly provide some outsized returns but there are always risks to consider. Smart Contract Cover can give you protection against technical code failure but always make sure you do your own research and understand the risks you’re taking on.

You can always join the Nexus Mutual Discord chat to ask questions on risks, our community is more than willing to help.


Author bio

Hugh Karp is the Founder of Nexus Mutual, a people-powered alternative to insurance. He has over 15 years of experience in the insurance industry as an insurance professional and actuary, holding a variety of roles in both primary and reinsurance companies including CFO for Munich Re’s Life operations in the UK.


Action steps:


Go Bankless. $12 / mo. Includes archive accessInner Circle & Deals(pay w/ crypto)


🙏Thanks to our sponsor

Aave

Aave is an open source and non-custodial protocol for money market creation. Originally launched with the Aave Market, it now supports Uniswap and TokenSet markets and enables users and developers to earn interest and leverage their assets. Aave also pioneered Flash Loans, an innovative DeFi building block for developers to build self-liquidations, collateral swaps, and more. Check it out here.


Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.


Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. I’ll always disclose when this is the case.