Quantstamp: Scaling DeFi Insurance Claims with Blockchain Oracles

In the presentation below, head of Quantstamp Germany & CEO of Chainproof, Sebastian Banescu discusses the workflow of DeFi insurance claims and how the process could be automated using oracles.

Here are some important points to note from Sebastian’s presentation.

What is Chainproof?
Chainproof is a smart contract insurance provider. It provides regulated insurance policies for non-custodial smart contracts on public blockchains such as Ethereum. Unlike custodial services, non-custodial smart contracts do not require any third-party, like centralized exchanges (CEX) or banks, to be executed. These contracts are also considered less risky than custodial contracts because no human would be able to amend the outcome of the contract. Chainproof is a project that was incubated by Quantstamp, one of the leading providers of blockchain auditing services, and has reinsurance backing from Munich Re

Financial risks in DeFi:
Sebastian Banescu begins his presentation by establishing the importance of insurance in decentralized finance (DeFi). When navigating the DeFi space, users face a range of financial risks. One example would be the recent collapse of the Terra stablecoin, UST. Such serious risks often deter institutional investors like banks and hedge funds from participating in the DeFi ecosystem. According to Sebastian, one way to get more institutional investors involved would be to offer regulated DeFi insurance products. While insurance policies do not always guarantee 100% security, they can act as a safety net that would enable institutions to hedge against some of the risks faced in the current DeFi space. Note that unregulated DeFi insurance has existed since 2019, however, such products are themselves risky from the perspective of being hacked or not being forced to pay claims by a regulator. Institutional investors are therefore less inclined to buy unregulated DeFi insurance.

Quantstamp x Chainproof – Security auditor meets insurance:
Chainproof is currently offering insurance policies for DeFi platforms, NFT projects and liquid staking. Unlike regular staking where users’ funds are “locked” for a certain period of time, liquid staking allows users to stake any amount they wish while still having access to their funds. This grants users the unique ability to use their funds while earning passive income.

In his presentation, Sebastian elaborates on how Quantstamp’s auditing services go hand in hand with Chainproof’s insurance products. In the auditing process, auditors usually look out for vulnerabilities such as reentrancy attacks. Reentrancy attacks can occur when one smart contract interacts with an untrusted, external smart contract. The external contract exploits the code of the vulnerable smart contract to drain it of its funds. A reentrancy vulnerability was the main cause of the infamous DAO exploit in 2016, where $60 million worth of Ether was drained. Read more about reentrancy attacks and The DAO hack in this post by Quantstamp.

Other issues that auditors look out for include integer overflows or underflows, mathematical mistakes like rounding errors as well as use-case-specific bugs. Finally, auditors would release a report on their platform clearly stating all the issues that were found in a protocol’s code, together with a certificate indicating the overall “risk score” of that particular platform’s security.  

Chainproof’s insurance policies would cover vulnerabilities in DeFi protocols that were not detected during the auditing process, as well as vulnerabilities that were marked as “fixed” in the auditor reports. However, issues related to the underlying blockchain layer such as 51% attacks and rugpulls would not be covered by these policies. 

According to Sebastian, providing such services would encourage more institutional investors to  participate in the DeFi space with confidence.

How can oracles help?
Sebastian ends his presentation with a call to all oracle experts at BOS22 to help automate the DeFi insurance claims process. Currently the process is done manually where an auditor checks to see if a particular hack or vulnerability is covered by the insurance policy. Oracles could help to increase efficiency and automate this process by verifying if a certain claim is valid or not. Information about what is covered and what is not under Chainproof’s insurance products would act as inputs for smart contract oracles. According to Sebastian, automating just one part of the claims process would help a great deal and pave the way for more institutional investors to join the DeFi ecosystem.

For more information about Chainproof’s regulated smart contract insurance, check out this blogpost.

Quantstamp was a Gold Sponsor of the Blockchain Oracle Summit. As the world leader in smart contract auditing, Quantstamp’s team of researchers has a vast experience in securing oracles in DeFi. 

Find out more about Quantstamp (they’re hiring!):
Quantstamp Website
Quantstamp Twitter
Quantstamp Github
Quantstamp Youtube
Chainproof Twitter
Sebastian Banescu Twitter


Building Autonomous Multi-Chain DApps Using Cross-Chain Automation Powered by Gelato

In the presentation below, Hilmar Orth, founder of Gelato Network, presented on the evolution of multi-chain applications and the impact autonomous cross-chain dApps would have on the ecosystem.  Below are some highlights from his presentation.  What Is Gelato? Gelato Network is web3’s decentralised backend that enables projects to augment their smart contracts by being able to

Read More »

Zero-Knowledge Proofs: Where Data Verification Meets Privacy

In the presentation below, Laurence Kirk, CEO of Extropy.io, presented on Zero-Knowledge Proof and how it could be applied to Oracles, focusing on the challenges in data verification and privacy standards.  Below are major highlights from his presentation.  What Is Extropy?Extropy is a consultancy firm that offers auditing and software development services for , Distributed

Read More »

The Future is Multichain; Enhancing the Interoperability of DApps with Cross-Chain Oracles 

Ethereum, Bitcoin, Binance Smart Chain, Polygon, Cosmos, Polkadot, Optimism… the list goes on.  As more blockchains are being created with a multitude of decentralized applications (dApps) being built and used on each one of them, the conversation around the need for an interoperable future has never been more important. There have been many discussions about

Read More »

Evaluating the Integration of Subjective Oracles for Executing DAO Decisions

In the presentation below, Clément Lesaege, co-founder and chief technical officer of Kleros, presented on the integration of subjective oracles for executing DAO decisions and the role Kleros could play in the evolution of DAO governance.  Below are the highlights of his presentation.  What is Kleros?Kleros is a decentralized protocol built on the Ethereum blockchain

Read More »

Oracles as a Catalyst for Bridging Real World Assets On-Chain

In the presentation below, Niklas Kunkel, Oracle Core Unit Facilitator at MakerDAO, talks about the role that oracles play in bridging real world assets on-chain. Below are further explanations of key points highlighted during his talk. Introduction to MakerDAO & StablecoinsMakerDAO is a decentralised autonomous organisation (DAO) that guides the development of the Maker protocol.

Read More »

Ensuring Honesty in Decentralised Systems: Oracle Manipulation & OEV 

In the presentation below, Dominik Muhs, Senior Security Engineer from ConsenSys Diligence, dives deep into the world of oracles, explaining how they can be broken and what would be required to prevent future manipulations. Here are some key concepts highlighted in the talk. What is ConsenSys Diligence?ConsenSys Diligence is the blockchain security and auditing arm

Read More »