On-Chain Risk Protection

Executive Summary

Over the last few months, we’ve received feedback from members of our community that we should explore insurance options for our protocol. After researching the potential options in the space, we’ve assessed that Nexus Mutual and Risk Harbor offer the strongest fit for the needs of the xToken ecosystem, with Nexus Mutual being our suggested provider (reasoning below). That being said, we would like to present some of our summarized findings in order to solicit feedback from the community on the best and most reasonable path to pursue coverage for those interested.

Both providers offer protection for a range of protocol events and contingencies. However, there are some important distinctions in the mechanics and incentive structures. At a high level, we can summarize each option as follows:

  • Nexus Mutual: Requires KYC at least at some threshold, and claims are adjudicated by token staker voting
  • Risk Harbor: Claim payouts are automated outside of a DAO and coverage does not require KYC

We’re posting this proposal as a means of sharing the preliminary research we’ve done and soliciting input and feedback from our community. We know that members of our community are involved with a variety of projects in the space and may bring some insight that would factor into a decision.


Nexus Mutual

Process
Claims are voted on by members via a binary token-voting model. Members who choose to stake a portion of their NXM can act as Claims Assessors, earning rewards for voting in line with the consensus outcome (therefore incentivizing honest voting).

The Nexus Mutual DAO operates on a governance rewards model. Members who stake on risk protocols are referred to as ‘Risk Assessors’. These members earn a share of cover premiums in NXM. When a new coverage policy is opened, underwriters (capital providers) must stake liquidity into this pool, in order to ensure there is capital to support the covers written. Providing liquidity is equivalent to staking value against the security risk of a protocol or custodian.

When coverage is purchased by a member, NXM rewards are distributed proportionally to those stakers/assessors/underwriters for that specific protocol (risk pool), depending on the amount of liquidity they have deposited into the pool.

Pros

  • Nexus Mutual provides three primary coverage options. Of these three plans (incl. Yield Token and Protocol Cover), the Custody Coverage option is the most fitting for contract exploit protection.

  • Claim abuse is disincentivized via a token burn mechanism. In the case of a suspicious voter (suspected fraud), their NXM staked for voting rewards on that claim assessment could be slashed completely, boosting the integrity of the system.

  • Holders can pay with ETH, DAI or NXM to buy coverage.

Cons

  • Stakers and LPs, as members of the DAO, decide on the validity of a claim. This opens up the protocol to a significant degree of subjectivity risk and a vector for governance attacks
  • Nexus Mutal is non-permissionless and coverage policies have a KYC requirement - these details are stored off-chain.

Risk Harbor

Process
Risk Harbor does not use a governance system to decide on the outcome of claims. The intention is to create a transparent and impartial claims process, therefore automating claim assessments. Eliminating subjective human judgment seems like a good tradeoff for a governance-minimized system, but completely cutting out human bias/partiality comes with downsides as well.

Automation kicks in during the claims process.

In order to validate a claim’s legitimacy, variables within the protocol (determined by policy) track specific changes in public system state variables on-chain. If the conditions of the policy’s protocol-variables are met, a claim payout should be processed.

Pros

  • Risk Harbor adapts a parametric approach, in which payouts occur after a defined set of events. RH policies settle entirely on-chain, in a fully transparent and deterministic way, eliminating the influence of human intermediaries
  • RH does not require a KYC, making the barriers to entry minimal.

Cons

  • Defining what constitutes a payout (in order for a claim to be met) remains vague; this is due, primarily, to the highly technical variables that constitute a claim event in the event of a loss.
  • In the absence of subjective governance, there is some room for confusion and unpredictability given factors that aren’t explicitly considered in the policy.

Outstanding Questions

  • Is the community aligned that Nexus Mutual presents the best option for xToken?
  • If not, are any available insurance options viable?
  • What is the community’s level of comfort with KYC for insurance options?
  • Meta-Governance: Should coverage options be customized and if so, what areas of knowledge does one need to enter safely into such an agreement?
1 Like