Audits R Dead

This project aims to tackle one of the biggest challenges in DeFi: getting to mass adoption.

We believe that one of the biggest blockers to mainstream adoption (especially institutional) is the risk of hacks in DeFi. Audits have gone a long way towards preventing hacks but the space is so dynamic that it is unlikely audits will ever be 100% effective in preventing hacks.

Instead of focusing on 100% effectiveness in preventing hacks, we believe the right approach is to focus on protecting users (especially unsophisticated ones). This can be accomplished by insurance. Insurance effectively shifts the risk of loss from unsuspecting users to investors who are looking for a favorable risk-adjusted return.

There are a lot of existing insurance protocols but none have reached critical mass. We believe they all fail on two dimensions: 1) price and 2) user experience.

1. Price: existing protocols outsource pricing by either making users decide which protocols are safe or by relying on old audits. This results in inefficient insurance prices which are too high for users. Our protocol solves this with an internal smart contract security team whose compensation is aligned with the incentives of the stakers in our insurance pool. They price the insurance for every protocol we cover, ensuring that our stakers always get a favorable risk/reward tradeoff.

2. User experience: Nobody likes buying insurance. Even your stodgy traditional bank doesn’t make you buy insurance on your bank account. But every existing insurance protocol sells to users instead of other protocols, putting the burden of buying and maintaining insurance on the user. Our protocol sells insurance wholesale to protocols, covering every user in that protocol. This means individual users will never have to worry about purchasing insurance.

Here’s how it works:

On the protocol side, we insure the locked funds of protocols up to any amount of their choosing. In return, protocols pay us a small fee proportional to the amount of funds we insure for them.

On the staker side, anyone can put their money into our insurance pool. They will feel comfortable knowing our internal security team is incentivized to make the right decisions on their behalf. And in return, they will receive one of the highest yields in DeFi. This is made possible by our custom Strategy Manager smart contracts that allocate the pool’s funds into the safest and highest-yielding lending protocols. Then our stakers are paid insurance fees ON TOP of the best lending protocol yields, ensuring they receive arguably the highest yield in DeFi for their money.

Our smart contract security analysts will be a part of our team, not “hired gun” auditors looking for transactional relationships. They will be paid out of protocol fees and will receive incentive compensation that is tied to the security and yield of the insurance pool. This way they will have our stakers’ best interests at heart.

Our protocol will incrementally move towards full decentralization but for now insurance claims and payouts will be handled by our permissioned governance structure. This way we can make certain that claims and payouts are done fairly to begin with, and we can start creating the right rules about how this should be done in a programmatic and decentralized way in the future.

We think that by striking the right balance between protocols, stakers and security analysts, we can make DeFi a much safer place!

***Note: We were told by Heather that since our last 2 screenshots were not uploading, we should put links somewhere. They can both be found at this link: https://imgur.com/a/9QOmYNP

We were eager to build an insurance solution for DeFi. At first we started thinking about automated payouts based on on-chain signals about hacks. This didn’t make any sense as hacks itself are unexpected patterns. This meant governance was needed to recognize hacks.

User funds

The contracts are designed to do actions with the least amount of code possible and in a single transaction. For example: if the redirectToStrategy boolean is true in the insurance pool, user stakes are immediately transferred to the strategy manager. In the case of the current live version, Dai is deposited in AAVE V2. This means the insurance pool holds aDAI and is receiving yield on the deposited funds!

On a deposit, stake tokens are minted. These tokens represent the deposit in the insurance pool. These tokens can be sold on the market for immediate liquidity. Or they can be put in the withdrawal vault. After the time lock expires, the user is able to claim funds corresponding to the stake of the pool at that time. This time lock is put in place to prevent a withdrawal run after rumours occur that a protocol has been hacked.

Protocols

Protocols are added by the governance of the insurance pool. Protocols have two interesting fields

maxFundsCovered

percentagePremiumPerBlock

The maxFundsCovered is the maximum amount of funds the insurance pool covers in case of a hack. This value is in the native ERC20 value of the pool. Which is currently DAI. To get the actual funds covered coveredFunds(bytes32) needs to be called. Which returns the total staked funds in case the pool is not able cover the full amount.

The percentagePremiumPerBlock is the percentage of premium protocols paying per block in relation to the value in coveredFunds(bytes32).

Everyone is able to top up balance for a protocol by calling addProfileBalance. accruedDebt shows the protocol's current debt to the insurance pool. This value increases each block. Once payOffDebt is called, which can be done by everyone, the debt is paid and transferred to the insurance pool.

Strategies

Strategies are inspired by yearn. It approximately used the same interface as yearn strategies.

As explained above, aDAI strategy is used for the native pool token (DAI). But we support multi token strategies from the start! As an example, we extended the aDAI strategy with a function called swapToAave. This function can be called by the strategy controller and redeems some (specified by controller) aDAI for DAI, swaps DAI to AAVE via uniswap and deposits AAVE in the strategy manager. Which deposits it in the AAVE strategy.

Upgrading the DAI strategy with this swap functionality is really easy. updateStrategy is called on the insurance manager and all the DAI from the original strategy gets withdrawn and deposited in the new DAI strategy.

With the AAVE strategy we are able to vote on Aave governance proposals and ultimately swap the AAVE back to DAI.

We use Chainlink in the strategy manager to calculate the total assets under management in the native pool token. In this case we use chainlink to get the price of AAVE in USD.

Deployment details

Frontend started out with the Hardhat-React-Hackathon boilerplate so that testing between the frontend and some test contracts could be done easily. Used the hardhat blockchain at first, then forked mainnet, then switched over to Kovan eventually.

The UI is mostly made up of components from Ant Design, and the pie charts were made with Recharts. Used Ethers for talking to the blockchain. Most blockchain-related functions were talking to our smart contract methods on the backend but we also used Aave LendingPool methods directly in the frontend for fetching some Aave APY data.

For DNS and site deployment, we used Netlify.

Our protocol is alive and kicking on Kovan testnet, please visit auditsrdead.com to view the deployed and verified contract addresses.