Smart Contract Cover
Nexus Mutual's first product is Smart Contract Cover. The product covers “unintended uses of code” where someone, not necessarily the cover purchaser, has suffered a financial loss on a smart contract. For example, the cover is intended to pay-out on events like The DAO hack, and the two Parity multi-signature wallet issues.
Members who purchase Smart Contract cover choose a fixed sum, called the Cover Amount, that will be paid out should the claim be approved by the Claims Assessment process. This means that the payouts wouldn't necessarily be matched to the losses incurred by the smart contract bug or hack.
Security of smart contracts is a well-publicised issue within the Ethereum community with many technical efforts focused on improving the situation. Unfortunately, there will always remain a risk that a particular smart contract is not secure, even with formal verification. We believe that providing a further 'human' layer of protection against code bugs for those who are worried about them would be of great benefit to the Ethereum ecosystem.
Longer term, the intention is to expand the product range into more day-to-day products and become a viable alternative to the traditional insurance industry.
Users of centralised exchanges and custodians — who are responsible for the safekeeping of their users’ private keys to cryptocurrency assets — will now be able to purchase custody cover from Nexus Mutual.
Custody cover will protect users who put funds into an organisation which is responsible for the safekeeping of private keys to cryptocurrency assets on behalf of their users. Users will be covered in the event that either;
the custodian gets hacked and the user loses more than 10% of their funds, or
withdrawals from the custodian are halted for more than 90 days.
To buy cover, as a first time user, you follow these steps:
Select 'Buy Cover' in the dashboard.
Input the smart contract address you wish to buy cover for.
Enter the amount in DAI (USD) or ETH you would like as a fixed cover amount.
Enter the length of time you want the coverage to last.
A quote is then generated and cover can be purchased if there is enough capacity at a coverable price (below 50% of Cover Amount per annum). If you are not already a member of Nexus Mutual you will be asked to join at this point. Membership involves paying a small membership fee (currently set at 0.002 ETH) and undergoing a KYC/AML check. Cover can be purchased by paying a Cover Contribution using either Ether, Dai (a USD 'stablecoin'), or Nexus Mutual Tokens (NXM). If paying in Dai or Ether, the system effectively purchases NXM tokens on your behalf before purchasing cover. 90% of the NXM member tokens used to purchase cover are then used (“burned”). The other 10% remain with the member and are either used as a deposit when submitting claims or are returned to the cover purchaser if no claim is made.
Purchasing cover is the primary action performed by members of Nexus Mutual. Indeed, members joining together as a community to provide cover for common risks is the reason for the mutual's existence. When cover is purchased, the members' contributions flow into the Capital Pool, which improves the funding position of the mutual.
Cover is priced so that it is expected to generate a long-term surplus which is then jointly shared between the membership base. This means the mutual grows as its capital resources are expected to steadily increase over time.
Cover holders can make a claim anytime during the Cover Period or up to 35 days after the Cover Period ends. The fixed Cover Amount means claims assessment is a simple 'yes' or 'no' rather than requiring an assessment of how much damage has occurred. Further details and the process for claims assessment are provided in the Claims Assessment section.
To submit a claim, the Cover Holder needs to stake 5% of the NXM tokens locked in at the time of buying cover, like a deposit. With 10% of NXM tokens locked in at cover purchase, the Cover Holder can submit the claim for assessment 2 times. This 'cost' is an incentive against fraudulent claims. If a claim is successful, this stake is returned to the user. If it is denied then the stake is forfeited.
Once submitted, the claim proceeds to be assessed by Claims Assessors - this is explained in more detail in the Claims Assessment section. Claims Assessors are required to stake NXM when they vote on claims. The total staked NXM between all Claims Assessors participating in must be at least 5x larger than the Cover Amount being voted on. Additionally, a consensus of 70% is required for the claim to be successful. If successful, funds representing the cover amount are released to the Ethereum address of the Cover Holder. If there is no consensus or not enough voting weight the claim is automatically escalated to a full member vote which requires a consensus of over 50%.
Even though in the short term the other members do not benefit from a single successful claim, over the long term it is in the interests of the membership base that the mutual pays legitimate claims. If this is not the case, trust in the mutual would be eroded and no new customers or capital providers would be willing to participate in future.
As a discretionary mutual, Nexus Mutual doesn't approve or reject claims according to conditions like a regular insurance company would. Instead, this is decided via the member voting process. Nexus Mutual provides a platform where members can act as Claims Assessors by voting on claims submitted by other members.
The member voting process has full discretion on whether to pay a claim or not and their opinion is final. While there is no opportunity to escalate a claim to any regulator or ombudsman the benefit is increased flexibility. Members can decide to pay claims as they wish, including by applying their discretion in a positive way. This might include paying claims which may be declined according to strict terms and conditions but where there is a genuine loss.
In order for this to work, there needs to be an incentive for people to vote on claims and a strong disincentive to prevent fraudulent reporting. This is achieved by distributing a reward to those Claims Assessors voting with the consensus outcome and punishing those voting against.
However, assessment of whether a claim is fully legitimate is often challenging, so automatically burning high values of staked tokens for genuine differences of opinion needs to be avoided. The general approach uses a basic incentive structure at its core and then overlays timing windows and human intervention to prevent more extreme scenarios. Full details of the incentives can be found in the more detailed Docs Page. In aggregate, the incentive structure encourages Claims Assessors to provide their true opinion when assessing a case.
Any Member can see all the live claims pending by using the 'Claims Assessment' interface. Existing Members are able to become Claims Assessors by staking a portion of their NXM tokens for a specific period of time. Provided claims are assessed honestly, this stake is returned at the end of the staking period. If the Advisory Board deems a Claims Assessor to be acting dishonestly, it has the power to burn the Claims Assessor's stake.
Once your NXM tokens are staked, it is possible to vote on pending claims once every 12 hours, using a simple 'yes' or 'no' decision. It is entirely up to the Assessor how they determine if a claim is valid or not. They may check social media, review the transactions on a block explorer, like Etherscan, or use any other method they choose.
Voting with the consensus outcome entitles the Assessor to a share of the fee pool in proportion to their voting power. The fee pool consists of newly minted NXM member tokens valued at 20% of the price the Cover Holder paid for their cover. Voting against the consensus outcome results in locking of the stake for a longer period.
If the consensus thresholds (>70% consensus with a min 5x Cover Amount in staked NXM) aren't reached the Claims Assessors' fee pool is reduced and the claim is escalated to all Members for a vote where the majority outcome is final.
The principles to be followed for assessing whether a claim is legitimate or not can be found in the Smart Contract Cover product document (coming soon!).
Nexus Mutual uses the UK discretionary mutual model. Therefore, in contrast to a traditional insurance company, claims assessment is performed by the members rather than a centralised entity.
This empowers the Members of the mutual to decide what claims should and shouldn't be paid out, given the basic product definition of Smart Contract Cover. The approach also allows for a more principles-based case-by-case assessment of each individual claim rather than codifying an extensive list of terms and conditions for what is and isn't paid out.
Those with skills as smart contract auditors can participate in the mutual by becoming Risk Assessors and staking value against specific smart contracts they think are well-coded and secure. They are economically incentivised by earning rewards, in the form of extra NXM tokens, as cover is taken out on the staked smart contracts.
It is also possible for Risk Assessors to "follow" other Members who they think are skilled in assessing smart contract security by staking NXM against contracts that others have already staked against.
Members can stake value against any smart contract address. The 'Risk Assessment' interface of the Nexus Mutual application allows Members to stake available NXM tokens against a chosen smart contract address. The stake is then locked and can be unstaked at anytime subject to a 90-day withdrawal period.
If another Member takes out cover on the contract a Risk Assessor has staked NXM tokens against the Assessors earns commission in the form of newly minted NXM tokens. The commission earned from each cover purchased on the contract is equal to 50% of the price of cover and is shared proportionally among Risk Assessors on the particular contract.
NXM earned from commissions as well as stake that have been released needs to be withdrawn on the Members' Dashboard. Only after the NXM has been withdrawn can it be used for other purposes.
If there is a claim, Risk Assessors have their stakes burned on a proportional basis up to the claim amount.
It is entirely up to the Assessor to decide why they believe a contract is secure. They may assess the code directly themselves, use automated tools, put faith in an audit firm which has independently assessed the contract, follow a different Risk Assessor that they trust or use any other method they choose.
Risk Assessors stake value and their reputation by claiming that they believe the smart contract in question is unlikely to have any bugs. The mutual is then able to provide a certain amount of additional capacity on those contracts at a lower price, the full dynamics of which are described in the Pricing Model section of the Docs Pages. This allows Members to obtain cheaper cover for their risks.
The mutual relies on crowd-sourced assessment by Risk Assessors in order to offer cover on early-stage contracts.
Nexus Mutual strives to be a decentralised alternative to insurance, using the UK's discretionary mutual model. As such, in keeping with the ethos of both the mutual structure and the decentralised nature of public blockchains, the governance process is driven by the members themselves.
All members of the mutual can vote on proposals. They can also submit new proposals to be voted on by the membership base.
All proposals put to a member vote are firstly put to the Advisory Board (described below), who will white-list the proposal and make a recommendation on the outcome. Members are then given a specified time-frame to vote on the proposal. If a specified quorum is met then the majority outcome prevails, otherwise the vote proceeds as per the Advisory Board recommendation.
As a reward for participating in the governance process all voting members will be awarded a share of additional NXM tokens that are generated for each proposal (chosen by the Advisory Board within limits). Additionally, any member may delegate their vote to any other member, allowing them to rely on a fellow member they believe has more expertise than themselves. In this case, the delegating member continues to earn all the voting rewards.
Voting on a governance proposal (including via the delegation process) prevents a member from redeeming their tokens from the mutual for the following 7 days. This lock-in period was introduced in order to ensure that voting Members are affected by the decisions they make.
In an ideal world, all potential actions can be defined by the code. However, reality is much more complex and a fall-back option is required in several circumstances. As such an Advisory Board will be set-up to facilitate interaction with the real world, as well as act on behalf of the mutual in some of the more extreme scenarios.
Importantly, the Advisory Board has no custodial rights over the fund pool and cannot release funds to any particular person. Furthermore, any member is able to submit a proposal to replace any member of the existing Advisory Board with themselves and this proposal by-passes the white-listing process meaning it cannot be stopped by the Advisory Board.
As mentioned above, the Board will also white-list member governance proposals in order to highlight important ones and reduce clutter. There are certain types of proposals which do not require Board white-listing, for example, replacing members of the Advisory Board.
Membership tokens represent membership rights in Nexus Mutual. Anyone can become a member, subject to KYC and country restrictions, and can therefore hold NXM tokens.
If cover is purchased regularly using Ether or DAI (USD), and the claims performance of the mutual is within expectations then the total value of the Capital Pool would be expected to increase. As more NXM are minted and if the capitalisation levels remain within the desired range the token price will increase. More details can be found in our Token Model page.
While it is possible to simply hold NXM tokens, there are economic incentives to be an active member of the mutual. Membership actions (other than buying cover) result in rewards in the form of new NXM tokens - this is essentially a version of 'mining' - effort provided to the system results in new tokens being minted. Therefore, by not participating in these activities the value of NXM tokens may be diluted.
Purchasing NXM Tokens can be performed directly on the Nexus Mutual platform, there is no need to go to an exchange, all your need is Ether. The token price is set according to the level of funding against the Minimum Capital Requirement (MCR) and the MCR itself. More detail can be found on the Token Model page.
Redeeming NXM Tokens can also be performed directly on the Nexus Mutual platform, subject to the following restrictions:
The Capital Pool must be above the MCR.
There must be enough liquidity in Ether in the Capital Pool.
Volume restrictions apply to prevent the funding levels dropping below 100% of the MCR.
NXM are burned in exchange for Ether at the current token price less 2.5%.
These restrictions ensure the mutual always has enough capital to be confident of paying members' claims.
The buying and selling of NXM enables the mutual to manage its capitalisation levels. If the mutual is over-capitalised, the value of NXM goes up creating an incentive for some of the token holders to cash out into ETH. By contrast, if the capitalisation is low, the low NXM price incentivises potential capital providers to buy, depositing ETH in the pool and thus recapitalising the mutual.
Another goal of the Token Model is to reward early contributors to the mutual for the risk they have taken in supporting potential claims, without excluding new participants. The price of the token is linked to the capitalisation levels, as well as the number of tokens in circulation. Therefore, there is a direct link between the value that token holders obtain and the overall success of Nexus Mutual.