What kind of security mechanisms does the crypto world need?

This article was published on February 27, 2020, on Blockchain Pirate, authored by Zheng Jialiang, Research Director at HashKey Capital, and reviewed by Deng Chao, CEO of HashKey Capital.

We reviewed recent DeFi security incidents and believe they reflect a phenomenon of the fallacy of composition. The narrative surrounding the building blocks in the DeFi world deserves reflection. Various security mechanisms can reduce such attacks, including limiting flash loan amounts, restricting low liquidity asset limits, using better price feeding mechanisms, strengthening code audits, and utilizing insurance. We also discussed different decentralized mechanisms and various forms of centralized insurance, concluding that decentralized insurance is still in its early stages, and the effectiveness of products remains to be validated. Insurance for digital assets may lead the way, while the market capacity for smart contract insurance is relatively small. At the end of the article, we present seven outlooks on insurance in the crypto world.

1. DeFi Security Incidents Reflect the Fallacy of Composition

The recent attacks on bZx have garnered significant attention from the community, raising many topics related to the design mechanisms of DeFi and its interaction with the entire crypto world.

Let’s review the roles played by various parties during the first attack on bZx:

1. dydx: Flash loans, ETH liquidity provider
2. Compound: Provides collateralized lending, wBTC liquidity provider
3. bZx: Provides collateralized short selling, site of oracle attack
4. Kyber: Price feeding for oracles
5. Uniswap: Provides token swaps, price provision, and wBTC exchange, the final realization of arbitrage.

Now, let’s look at the roles played by various parties during the second attack on bZx:

1. bZx: Flash loans, ETH liquidity provider, wETH exchange site, site of oracle attack
2. Kyber: Price feeding for oracles
3. Uniswap: Provides token swaps, price provision
4. Synthetix: sUSD liquidity provider

Overall, the attacker's (described as a community attacker) operational steps can be summarized as follows:

1. Obtaining a large amount of liquidity through flash loans
2. Manipulating prices using part of the liquidity obtained in step 1 through low liquidity exchanges
3. Executing trades at the manipulated price using the majority of the liquidity obtained in step 1
4. Repaying the flash loan, completing the attack

Here we can see that the flash loan part was not attacked because flash loans need to be completed within a single transaction; if they cannot be repaid, the loan cannot be completed. Therefore, the flash loan itself is not a significant issue; it merely provided the necessary liquidity for the attack. For example, if the attacker already had a lot of ETH, they could have completed the attack without flash loans; flash loans simply provided them with extremely low-cost liquidity.

The attacker exploited four flaws: 1) the reliance on a single price feeding mechanism on bZx 2) logic issues in the bZx smart contract (the healthy check did not trigger according to code analysis) 3) low liquidity on the decentralized exchange Uniswap, making it susceptible to price manipulation 4) the minting of tokens like sUSD and wBTC, which were relatively early-stage products with insufficient liquidity.

One of the biggest characteristics of DeFi is its openness, which has two dimensions: one is openness to users, and the other is openness between contracts. This is why the community has heated discussions about how DeFi can become building blocks for each other. However, it is precisely this narrative of building blocks that may have led developers to lower their guard, treating calls to other contracts as correct actions while ignoring risks.

Thus, we believe this clearly reflects the phenomenon of the "fallacy of composition." The fallacy of composition is a concept introduced by economist Paul Samuelson. It means that it is a fallacy to assume that what is true for a part must also be true for the whole simply because it is true for the part. The openness of DeFi as building blocks exacerbates the fallacy of composition. Traditional finance is institutionally driven, with regulatory guidance and relative rationality. In its early stages, DeFi lacks regulation and more reflects the relationships between individuals, where the flaw of one individual can lead to a significant number of flaws. Taking the two attack incidents as examples, when viewed individually, the contracts do not have significant issues, and ordinary attacks are difficult to succeed (or not economical). However, the attacker devised a strategy to gradually amplify a single small flaw across different platforms, leading to an overall problem.

2. Exposure of Risks in DeFi

We will briefly discuss the risks reflected in DeFi without making specific evaluations of projects. However, DeFi projects are still in their early stages, and some risks can be resolved but need validation.

1. The biggest issue is liquidity, which arises from the market being too new. If the liquidity of DEX is similar to that of CEX, it is hard to say that a few thousand ETH can operate the market, let alone increase the ETH/BTC trading pair to three times the normal level. The liquidity issue amplifies the overall error through the transmission between different protocols. Returning to a fundamental question: must all components of DeFi be decentralized? Is it necessary to use decentralized oracles? On one hand, there is decentralization but with inaccurate data; on the other hand, there is centralization but with accurate data. Which one to choose? Centralization is feared to be seen as manipulation, but it is now evident that decentralization cannot prevent human manipulation either, so there is no significant difference in terms of perceived manipulation. Therefore, perhaps accuracy should be prioritized.
2. The cost and scale of attacks are not very high. The total amount accessed by the attacker through flash loans was basically in the thousands of ETH. The first attack used 6800 ETH (1300 for price manipulation, 5500 ETH for arbitrage), and the second attack used 540 + 20*18 = 1000 for price manipulation, with 3518 ETH for arbitrage. Thus, the scale was roughly between 3000-6000 ETH. The attacker likely calculated the liquidity pools of Uniswap and Synthetix accurately. Therefore, even if the liquidity of the two products expanded tenfold, as long as the amount of ETH used increased, the requirements for the attacker would be higher, making it more difficult. The amount of ETH used for price manipulation was around 1000-1300, which is approximately between $250,000 and $325,000.
3. Attacks will not stop. The attacker does bear some responsibility, but it is hard to avoid. It is very normal in the financial world to use various tools for arbitrage, and even large-scale arbitrage can trigger economic crises, but this is not prohibited; it merely pushes the rules to their limits. For example, in the early 1990s, George Soros's attack on the British pound is a notable example. He exploited the fact that while European countries were economically tied together, their cycles were different; the economic differences between the UK and Germany were significant, yet they were pegged to the currency. Soros's short-selling targeted this weak link. Similarly, the existence of various derivatives is not meant for such currency attacks, but when the system presents such opportunities, arbitrageurs will not miss out. As long as finance exists, arbitrageurs will emerge, whether in centralized or decentralized systems. To borrow a trendy phrase: "Capital never sleeps."

3. Available Security Mechanisms

The mechanisms listed here are more about human intervention, meaning adding an "emergency stop" outside the protocol. Strengthening code audits and insurance may be more readily accepted by the community.

1. Limit the Scale of Flash Loans

The principle is quite simple: flash loans are liquidity providers from start to finish, similar to how a short seller must borrow the underlying asset. Therefore, cutting off the source of liquidity can resolve the issue. Alternatively, limits can be placed on the amount borrowed. As analyzed above, the lending of liquidity serves two purposes: one is to manipulate the coin price, and the other is to arbitrage using the manipulated coin price. Currently, only a little over 1000 equivalent ETH is needed to manipulate the coin price, so limiting unusually large borrowings can help.

2. Limit Trading Amounts of Low Liquidity Currencies

The community has been keen to bring BTC into the Ethereum DeFi system, developing token protocols such as wBTC, tBTC, hBTC, and the ERC20 version of Ethereum. Due to the building block mentality, these tokens have entered the liquidity trading field, but the problem lies in their low volume and the fact that liquidity is split across different pools in DeFi protocols. As shown in the principle demonstration of Uniswap, it is clear that excessive trading amounts can lead to significant slippage. Therefore, limiting the trading amount for a single order makes it cumbersome to manipulate prices using insufficient liquidity, which is also a choice (though it may face community opposition).

3. Use Better Price Mechanisms

bZx has recently prepared to start using Chainlink's oracle mechanism, which is an adjustment to the price feeding mechanism. This indicates that there can be further optimization at the oracle level. Of course, whether to use centralized oracles is another consideration.

4. Strengthen Code Audits

From the attack incidents, it can be seen that if the logic determinations related to bZx's contract code had not encountered issues, the attack would have been difficult to carry out. Therefore, robust code is essential, and future DeFi projects will place greater emphasis on the results of code audits.

5. Use Insurance

Due to the widespread attention on the attack incidents, the community has begun to focus on insurance. A brief overview of the operational mechanism of traditional insurance companies is as follows: 1. Actuaries calculate the probabilities of various events (such as illness, death, disasters, etc.); 2. The product department designs corresponding products, and actuaries price them based on probabilities; 3. Policyholders purchase products; 4. Policyholders pay premiums during the policy's duration; 5. In the event of a claim, the insurance company underwrites, assesses damages, and pays out the claim amount; 6. The insurance company's reserves are used for investment.

Currently, we see decentralized insurance mechanisms that do not have actuaries or investment departments, so they differ from traditional insurance companies operating on a corporate basis and are more akin to mutual insurance. Of course, mutual insurance has always existed and is the oldest form of insurance, operating in the form of mutual insurance cooperatives. The global mutual insurance market accounts for about one-third of all insurance contracts.

4. Centralized and Decentralized Insurance

Decentralized Insurance:

Currently, there are two types of decentralized insurance (or protection) mechanisms on the market, and we can look at their main operational mechanisms:

1. Mutual Type Insurance

Nexus Mutual

Nexus Mutual only provides one fixed amount insurance product: this product covers "unintended code usage" of smart contracts, meaning that certain individuals (not necessarily the policyholder) suffer economic losses on a smart contract.

Three conditions must be met for a claim:

1. The specified smart contract address, or a smart contract address directly related to it within the smart contract system, was hacked during the "coverage period," resulting in improper use of the smart contract code;
2. Due to the hacker attack, significant losses occurred in the funds of the smart contract or smart contract system, with funds moved to an address controlled by the original owner or another address that the owner cannot control; or permanently unrecoverable;
3. The insured member files a claim within the insurance period or within 35 days after the insurance period ends.

Several directions are not covered in claims:

1. Loss of funds due to phishing, private key security vulnerabilities, malware, exchange hacks, or any other activities involving smart contracts;
2. Any claims if the deployment of the smart contract or smart contract system was primarily for the purpose of making claims rather than for actual use by customers;
3. For any hacking that occurs during the "coverage period," if hacking or publicly disclosed bugs occurred against the specified smart contract address or a smart contract address directly related to the smart contract system before the "coverage period" began;
4. Hacking caused by errors introduced within 250 days after changes to the smart contract logic.

In terms of investment, Nexus Mutual has also proposed the potential use of insurance pool funds in the future, including:

1. Staking income under the future PoS mechanism of ETH
2. Collateralized lending
3. Guarantor income from state channels and payment channels

The legal structure adopts the UK's discretionary mutual structure, which is relatively traditional and similar to the general mutual insurance structure in the UK.

Overall, the product design is relatively simple, and simplicity is not necessarily a bad thing. For new products, a simple design allows pool supporters to avoid losses. However, the coverage capacity is limited, and the scope covered by fixed policies is not large enough. Additionally, we see that in terms of risk management, Nexus Mutual has also learned from the new generation of insurance regulatory framework Solvency II in Europe (similar to Basel III in banking), which can be continuously enriched but is still insufficient. Therefore, in terms of the three functions of insurance—underwriting, investment, and risk control—there is still a long way to go.

2. Options

Options can be considered a risk protection mechanism, but they do not strictly count as insurance. The biggest feature of insurance is the existence of a pool, which is a mechanism for transferring individual risks to the collective. On a larger scale, both insurance and options can be considered risk management mechanisms.

Opyn

Opyn, based on the Convexity Protocol, achieves risk protection through options and has just launched deposit insurance for Compound users. Users can protect their deposits on Compound by purchasing otokens, which is a form of risk hedging. Opyn has received support from Compound, Maker, and USDC.

The mechanism of Opyn is conceptually easy to understand; users can issue their own put options on the platform, and these put options are also ERC20 tokens, referred to as oTokens. The option writer receives a premium, and oTokens can also be traded on various DEXs, with the buyer obtaining protection from the option.

Interestingly, in the Convexity Protocol white paper, some issues they perceive with Nexus Mutual are mentioned, such as:

1. Over-subscription: Nexus Mutual is currently trying to solve the insurance problem in DeFi, but unfortunately, it may be over-subscribed, making it unable to cover new buyers. Therefore, the fact that their insurance contracts are over-subscribed while confirming user insurance needs is problematic.
2. Human participation: In the Nexus model, Nexus Mutual itself acts as a single risk underwriter, leading to strict limits on the insurance amount. Additionally, Nexus requires personnel to participate in claims and fraud assessments, which is very difficult to execute in subjective cases.
3. Limited policy coverage: Furthermore, Nexus Mutual's coverage is limited because it only targets hacking incidents; for example, its insurance for Compound contracts does not provide recourse for liquidity crises.

While the Convexity Protocol believes they have many advantages over Nexus Mutual, we do not entirely agree. The product form of Nexus Mutual is indeed simple, but a simple product does not mean ineffective; it targets a very specific event, namely the failure of smart contracts, which options cannot protect against. Options can only protect against events related to price; if the event does not involve price, how can it be protected? Of course, pricing can be done, but it is more complex. We believe that option-like products can continue to explore protection for smart contracts in the future, while protection for specific events can include price changes.

Moreover, if options require setting many parameters, it can lead to the fragmentation of oToken liquidity (as mentioned in the Convexity Protocol white paper), so oTokens should aim to minimize option parameters to combat liquidity fragmentation. As for what problems low liquidity options may cause, it is indeed unclear, and the risks are unknown. Of course, oTokens themselves are options, and besides protecting assets, they can have broader uses. Therefore, from this perspective, both products have their merits.

Note: The above analysis of Nexus Mutual and Opyn is based on limited information for reference and discussion purposes and may not be accurate. We also hope to see both projects develop richer product forms to provide users with more choices.

3. Prediction Markets

Prediction markets can also serve as a form of insurance mechanism, but they require enough people to place bets, and their protective capacity is still relatively lacking, so we will not elaborate further.

At the end of last year, an article in the Orange Paper listed comparisons made by the founder of Nexus Mutual regarding the accumulation of decentralized insurance, and we present the comparison results below:

Centralized Insurance

Currently, there is verifiable centralized insurance for crypto assets, which we can roughly categorize (the following information is partially sourced from Chain News):

1. Insurance products incubated by crypto companies themselves

Nakamoto, an insurance company built by Gemini, offers coverage of up to $200 million. Nakamoto will provide coverage for Gemini Custody, which is the cold wallet storage provider for Gemini Trust Company, covering human losses, natural disasters, and other situations.

2. Custody companies/exchanges collaborating with insurance companies

KNØX: KNØX currently operates cryptocurrency custody services, allowing institutional clients like asset managers and exchanges to trial the custody services offered. At the same time, KNØX collaborates with the insurance service provider Marsh to provide services for the custody of crypto or assets. KNØX has received investment from Fidelity Group. Marsh is a global professional services company headquartered in New York City, engaged in insurance brokerage and risk management. Marsh is a subsidiary of Marsh & McLennan Companies and a member of its risk and insurance services division.

Anchorage: Anchorage also provides cryptocurrency custody services and has received investments from several well-known entities, such as Visa and Blockchain Capital. Anchorage has proposed an "end-to-end" insurance solution for institutional digital assets in collaboration with the British insurance group Aon. Aon is one of the largest insurance groups globally, integrating risk management services, insurance brokerage, reinsurance brokerage, and human resources consulting services. The group is headquartered in London, UK, and is publicly traded on the New York Stock Exchange.

Coinbase: The cryptocurrency exchange Coinbase has been providing $255 million in insurance for its hot wallets in collaboration with Lloyd's, the largest insurance organization in the UK, since November 2013.

BitGo: The cryptocurrency custody company BitGo also provides $100 million in insurance for theft or loss of private keys through the Lloyd's insurance market in London. Custodial assets held in cold wallets by BitGo or its qualified custodian, BitGo Trust Company, are insured against theft of private keys, employee internal theft of private keys, and physical loss or damage of private keys. However, there is also information indicating that the insurance services provided by BitGo have limited practical effects, with underwriting and claims processes being complex, and there being a certain upper limit on the coverage per account (considering asset splitting), indicating that insurance companies still need a long time to assess the risks associated with crypto assets. Additionally, BitGo has some regulatory considerations.

It is worth mentioning that the collaboration between Coinbase and BitGo with Lloyd's is significant. Lloyd's is an insurance organization in the UK that does not directly operate insurance businesses but provides trading venues and related services for its members, making it the only organization in the world that underwrites insurance business by individuals. Lloyd's originated in London over 300 years ago and has developed to occupy a significant portion of the London insurance market, operating in over 200 countries and regions worldwide.

3. Insurance businesses of startups

Coincover is a startup based in Cardiff, UK, claiming to have launched the first-ever cryptocurrency insurance service aimed at protecting users from theft and asset loss. Coincover offers a comprehensive cryptocurrency insurance service. This product is the only one providing continuous monitoring and protection services for cryptocurrency users. Coincover claims to provide 24/7 protection for all assets stored in software-based cryptocurrency wallets. Moreover, Coincover aims to monitor all funding sources by conducting due diligence on senders.

4. Traditional insurance companies directly selling policies

Bloomberg has reported that dozens of insurance companies are offering services for crypto assets, but these policy issuers refuse to disclose their identities, indicating they may be more conservative or are also swaying between business exploration and regulatory compliance.

In summary, insurance for crypto assets is a field that many traditional giants hope to enter. Many giants choose to collaborate with crypto custody service companies, which has become a very popular practice. Although the overall coverage is not high at present, as insurance companies become more familiar with the crypto industry, we believe that the coverage limits and scope will increase. While crypto-native insurance companies exist, their capabilities remain to be validated, and we hope more capable players will participate to enrich the ecosystem.

6. Conclusion and Outlook

The security of DeFi code and the security of cryptocurrency assets are two directions that will be emphasized in the future. The security of crypto assets is also one of the barriers preventing institutional investors from entering the crypto world. For instance, insurance giant Aon has indicated that many large insurance companies, such as XL Group, AIG, and Chubb, have quietly begun to incorporate cryptocurrency insurance into their policies.

Currently, it seems that insurance specifically covering DeFi is still too early, while we judge that the maturity of digital asset insurance will come sooner. The overall market capitalization of crypto assets has reached $300 billion, with Bitcoin's market cap around $180 billion, indicating a relatively mature market. In contrast, the locked ETH in DeFi is only about $1 billion, showing insufficient motivation to develop insurance products.

As general property insurance companies typically take 3-4 years to break even, and the frequency of incidents in cryptocurrency is higher, the development of insurance will not be quick and requires a long-term commitment. Decentralized insurance will quickly launch products that align with the characteristics of DeFi and smart contracts but will need to be tested by similar security incidents and extreme liquidity events.

Seven outlooks:

1. Digital asset insurance will still be pursued by traditional insurance companies, as the potential market primarily targets traditional institutional investors.
2. Insurance for DeFi security will be partially or largely undertaken by decentralized insurance, as customers are already crypto players who understand crypto assets and decentralized applications, and have more faith in crypto assets or have learned to choose decentralized products.
3. It will take longer to derive a probability loss table for crypto assets.
4. As the market capitalization of crypto assets expands, there may be insurance companies or organizations that go bankrupt or restructure due to cryptocurrency security incidents.
5. Reinsurance companies for crypto assets will emerge.
6. B2B insurance will dominate in the long term, while B2C business will take time. We see relatively more collaboration between custody service providers and insurance companies, as one has sufficient asset volume and the other has richer data for pricing. Digital asset insurance targeting individuals may exist, but the business may not grow large, and profitability will be limited.
7. Demand remains strong, while supply is chronically insufficient.

Article link: https://www.8btc.com/media/589110