As recent events showed nobody is safe from bugs/hacks, but mitigation game seems to be real. We should aim to get insurance for such cases. But it’s important to not go overboards and cut into yields.
Currently there is no cover available on Nexus Mutual. In case of a failure of an underlying protocol of a vault (e.g. Compound) the insurance for yearn would probably not cover the losses anyways. The Yearn ecosystem is running their own insurance protocol called Cover. Cover currently lacks the liquidity to insure yearn vaults.
Thoughts for Discussion
My own ideas:
There are some issues to be addressed first before we could talk about insurance for vaults:
There is no on-chain insurances that have enough liquidity for vaults (that I know of)
Buying cover for all vaults cuts too deep into the yield.
Possible solutions for 1.:
Bootstrap liquidity somehow
Possbile solutions for 2.:
Only insure a fraction of the holdings of each vault and build mitigation mechanism and hope for the best
Buy insurance for the complete ecosystem in the size of the largest vault and trust, that not multiple contracts can be exploited in the same transaction. Hope that others will be secured by mitigation measures in case of an exploit.
Probably better than my own ideas :
Maybe it is time to talk about a dedicated risk team (e.g. MakerDao also has one), that thinks about risks and mitigation measures with a fixed budget (e.g. from the newly BRRR YFI or funded by the dev funds)
Why not lean into the defi condom narrative (https://twitter.com/hasufl/status/1357703584356442116)? I think it’s clear defi as a whole is iterating too quickly to develop secure software, and test net deployments aren’t a credible simulation of main net conditions. You can burn money trying to transfer smart contract risk; or you can rethink it, turn it into a yield generator.
Imagine Yearn sets up and administers a “defi sandbox”: an evm-enabled L2 with 2 key features, the ability to migrate contract systems to L1 & a 24 hour delay on asset withdrawals (subject to seizure by yearn governance). The first is to make the sandbox an attractive place to launch new features/products. To this end, major price feeds and contract systems would need to be replicated in some form within the sandbox. As to the delay: essentially, when tokens are deposited into the sandbox they get wrapped. An attacker can’t immediately run away with their profits after exploiting contracts in the sandbox. This introduces a lot of, understandably, unpalatable trust assumptions; however I think it opens up a lot of interesting avenues in return.
Wrapping tokens in this way enables synthetic flash loans, and potentially many new forms of synthetic liquidity freely available within the sandbox. Liquidity that would otherwise prefer to stay on L1 or off-chain entirely, could be attracted by the different risk profile that the “defi condom” offers. Additionally withdrawal seizures/victim reimbursement could be limited, e.g. yearn limited to seizing say 90% of a withdrawal. This would reintroduce at least some of that adversarial element that testing in production gives you, transforming the seizure functionality from bailout to retroactive bug bounty. And, of course, yearn stands to earn tx/withdrawal fees for operating the network.
Call it the yZoo: an enclosed, controlled environment where the public can observe (for study or amusement) apes fling shitcoins at one another, all behind the safety of a thick glass pane. But please… don’t tap the glass, it agitates the apes.
Simplified this is just a timelock on deposited tokens with the possibility to intervene if something goes wrong.
I like it - but imo you can be sure that there will be a DEX (e.g. Curve) to instantly swap the tokens for people who don’t want to wait…
but imo you can be sure that there will be a DEX (e.g. Curve) to instantly swap the tokens for people who don’t want to wait…
100%, best is to get ahead of them and build it. Withdrawals could optionally generate transferrable nfts, doesn’t change anything for sandbox users: they’re still covered. If you buy the NFT you’re explicitly buying into the risk of seizure, it’s up to them to price it.
Really? When you take risks you expect something in return , the 10-15 % APY of DAI v1 vault can’t by any mean considered lucrative! And yes banks are giving next to 0% interest but deposits aren’t lost every second day like it’s happening in this early stage of DEFI!
I mean i am willing to take risks (from IL for example) in an LM pool which generates 100%+ APY’s but lose deposits in a DAI vault giving not much greater returns (specially if take into account the huge gas fees) than CEFI competition (Celsius , NExo , etc) it’s simply unacceptable! Most people considered these vaults safe that’s why they deposited their hard earn funds! Failing to compensate all these people will surely result in unrecoverable damage for yearn and trust will be lost!
On the technical side, it is probably best to leave it up to the devs how to best mitigate smart contract risk as they are the most knowledgable about limiting attack vectors. Also, individuals have the chance to purchase coverage through Cover or Nexus Mutual if they see value in doing so.
There could be something to the idea of forming a risk group, especially in light of recent events. The group could tackle things like:
PR and exploit response
Analyzing + documenting different areas of risk (systemic, vault-specific, price sensitivity)
Investor-focused materials outlining important ways yearn lowers risk for users
Any group formed would need defined goals and objectives to be passed in a proposal.
I think insurance needs to be made easy to purchase on the yearn.finance site right next to depositing into vaults. Not really in favor of insurance built into the vaults generally, but if we are going to be compensating when exploits happen in order to save reputation, we should look into it since we are paying anyway. May as well have a program in place. YFI vaults need to be defi’s gold standard risk free rate.