In the presentation below, head of Quantstamp Germany & CEO of Chainproof, Sebastian Banescu discusses the workflow of DeFi insurance claims and how the process could be automated using oracles.
Here are some important points to note from Sebastian’s presentation.
What is Chainproof?
Chainproof is a smart contract insurance provider. It provides regulated insurance policies for non-custodial smart contracts on public blockchains such as Ethereum. Unlike custodial services, non-custodial smart contracts do not require any third-party, like centralized exchanges (CEX) or banks, to be executed. These contracts are also considered less risky than custodial contracts because no human would be able to amend the outcome of the contract. Chainproof is a project that was incubated by Quantstamp, one of the leading providers of blockchain auditing services, and has reinsurance backing from Munich Re.
Financial risks in DeFi:
Sebastian Banescu begins his presentation by establishing the importance of insurance in decentralized finance (DeFi). When navigating the DeFi space, users face a range of financial risks. One example would be the recent collapse of the Terra stablecoin, UST. Such serious risks often deter institutional investors like banks and hedge funds from participating in the DeFi ecosystem. According to Sebastian, one way to get more institutional investors involved would be to offer regulated DeFi insurance products. While insurance policies do not always guarantee 100% security, they can act as a safety net that would enable institutions to hedge against some of the risks faced in the current DeFi space. Note that unregulated DeFi insurance has existed since 2019, however, such products are themselves risky from the perspective of being hacked or not being forced to pay claims by a regulator. Institutional investors are therefore less inclined to buy unregulated DeFi insurance.
Quantstamp x Chainproof – Security auditor meets insurance:
Chainproof is currently offering insurance policies for DeFi platforms, NFT projects and liquid staking. Unlike regular staking where users’ funds are “locked” for a certain period of time, liquid staking allows users to stake any amount they wish while still having access to their funds. This grants users the unique ability to use their funds while earning passive income.
In his presentation, Sebastian elaborates on how Quantstamp’s auditing services go hand in hand with Chainproof’s insurance products. In the auditing process, auditors usually look out for vulnerabilities such as reentrancy attacks. Reentrancy attacks can occur when one smart contract interacts with an untrusted, external smart contract. The external contract exploits the code of the vulnerable smart contract to drain it of its funds. A reentrancy vulnerability was the main cause of the infamous DAO exploit in 2016, where $60 million worth of Ether was drained. Read more about reentrancy attacks and The DAO hack in this post by Quantstamp.
Other issues that auditors look out for include integer overflows or underflows, mathematical mistakes like rounding errors as well as use-case-specific bugs. Finally, auditors would release a report on their platform clearly stating all the issues that were found in a protocol’s code, together with a certificate indicating the overall “risk score” of that particular platform’s security.
Chainproof’s insurance policies would cover vulnerabilities in DeFi protocols that were not detected during the auditing process, as well as vulnerabilities that were marked as “fixed” in the auditor reports. However, issues related to the underlying blockchain layer such as 51% attacks and rugpulls would not be covered by these policies.
According to Sebastian, providing such services would encourage more institutional investors to participate in the DeFi space with confidence.
How can oracles help?
Sebastian ends his presentation with a call to all oracle experts at BOS22 to help automate the DeFi insurance claims process. Currently the process is done manually where an auditor checks to see if a particular hack or vulnerability is covered by the insurance policy. Oracles could help to increase efficiency and automate this process by verifying if a certain claim is valid or not. Information about what is covered and what is not under Chainproof’s insurance products would act as inputs for smart contract oracles. According to Sebastian, automating just one part of the claims process would help a great deal and pave the way for more institutional investors to join the DeFi ecosystem.
For more information about Chainproof’s regulated smart contract insurance, check out this blogpost.
Quantstamp was a Gold Sponsor of the Blockchain Oracle Summit. As the world leader in smart contract auditing, Quantstamp’s team of researchers has a vast experience in securing oracles in DeFi.