(Un)insuring DeFi Holdings with Ease

Key Insights

  • According to Bitcoinist, only 2% of DeFi holdings were insured in 2021.
  • DeFi insurance protocols are challenged with scalability and cost-efficiency issues, leading to their general underutilization in the space.
  • Ease has developed a scalable, cost-efficient, and secure asset protection product called “Uninsurance,” which allows users to share risk and share the costs of malicious attacks.
  • Ease’s farming program is a growth and diversification initiative. It will allocate a pro rata value of EASE to users in each vault and encourage users to deposit assets into vaults with less funds.

Decentralized finance (DeFi) protocols have faced many infamous hacks over the last few years. There have already been at least 25 exploits in 2022, resulting in over $1 billion in total losses. That’s on top of at least 72 exploits the last two years. As more DeFi protocols are launched in the market, the number of hacks in the space and the amount of money lost will continue to rise. Elliptic reported that the estimated loss from hacks and other malicious activity on DeFi protocols was $10 billion in 2021. Yet, despite the clear benefits of insuring against such losses, Bitcoinist found that only 2% of DeFi holdings were insured in 2021.

DeFi insurance coverage is so low due to cost inefficiencies and scalability challenges, among a few other factors. As a demographic, DeFi users are less likely to pay upfront insurance premiums in an industry where losses are often widely accepted.

Assuming the demand for DeFi insurance increases, scaling issues on the supply side of these services would likely still remain. Most DeFi insurance projects require underwriters to assess protocol risk before offering asset coverage. If demand for DeFi insurance increased from 2% to 50%, the protocol underwriting workforce would need to grow exponentially. Knee-jerk solutions to resolve scalability challenges, such as outsourcing underwriting, could present credibility and adverse incentive issues in an unregulated market. Because the DeFi industry is still nascent and lacks sufficient data, third-party risk ratings are often inefficient, limited, and inconcise. All things considered, asset protection services that address demand, supply, cost, and scalability issues are likely to capture and create more market share in the DeFi insurance sector.

Uninsurance, developed by Ease (previously known as Armor.fi), is one such asset protection service that aims to address demand, supply, cost, and scalability issues. The protocol leverages a peer-to-peer architecture, where risk is shared in a method called “Uninsurance.” This methodology forgoes underwriting and requires zero upfront premiums. Ease’s main Uninsurance product functions by promoting cost efficiency, alleviates scalability challenges, and strengthens security. This report will also account for Ease’s competition, risks, and roadmap.

Uninsurance is Cost Effective

Reciprocally-Covered Assets (RCAs)

To receive asset protection coverage, a DeFi user would simply deposit into Ease’s Uninsurance vaults yield-bearing tokens and other tokens vulnerable to price falls from hacks, for example, Yearn’s yield-bearing tokens or Uniswap’s LP tokens. Based on how much was deposited into the vault, the user receives a Reciprocally-Covered Asset (RCA) that represents their pro rata share of the asset’s vault. The RCA serves as the policyholder’s proof of coverage. More specifically, the RCA shows how much coverage the user is entitled to for that specific asset.

RCAs are essentially the underlying asset and insurance policy combined, but unlike other protocols, policyholders do not need to pay premiums to hold the insurance policy.RCAs are transferable ERC-20 tokens that can be redeemed for the underlying asset, similar to aTokens on Aave. Because RCAs are transferable, policyholders can sell their tokens, including coverage, which isn’t possible with other insurance protocols. In the event of an exploit, the price of the asset prior to the exploit would be “locked in.”

By depositing their assets into Uninsurance vaults, DeFi users collectively supply funds to the asset protection plan’s endowment. The asset protection system works by allowing users to cover each other with their collective asset deposits.

Suppose some users have deposited LP tokens into an Uninsurance vault and the underlying protocol is exploited. A small percentage of assets are liquidated from the other Uninsurance asset vaults to cover the losses of the exploited protocol’s asset vault, splitting the cost among vaults. Unless losses are higher than what the DAO agrees to cover, there are only very small costs for covering the exploited asset’s policyholders. The RCA holders of the hacked vault would need to pay the same percentage as they would for any hack itself, but the losses would be minimal and the RCA holders would be granted the majority of their full coverage. The amount of coverage they receive is their full coverage minus the amount lost in the hack as a percentage of Ease’s total TVL. So, for example, if $1 was lost in the hack and Ease’s total TVL was $10, then RCA holders would be granted 100% -10% = 90% of their full coverage.

If the protocol is hacked for over 33% of its ecosystem, then the exploited policyholders would need to pay 33% of their payout (which is based on their RCA) back to the protocol. However, this 33% “maximum fee” applies only in extreme circumstances, and $EASE holders can reduce the 33% fee by staking in the protocol and contributing to the platform’s security.

Source: Ease Protocol Whitepaper

Note: The graph above shows that the amount paid to the vault is still less than the total amount lost in the hack. That’s because the other vaults don’t fully “pay off” the vault’s loss, but instead the loss from the hack is “shared” across all of the vaults in this graphic. The user is not always fully covered — they are covered based on the pro rata share of the asset vault they are entitled to per their RCA.

Liquidation Process

Ease is notified of hacks and exploits off-chain through governance proposals via Ease’s DAO. On-chain hack reporting may fail to detect all attacks, which could make off-chain reporting safer. This introduces an attack vector on Ease’s DAO, but Ease takes precautions to prevent hacks from its DAO voting process (explained later under “Security”).

Before Ease’s DAO certifies that the hack does entitle a liquidation event, it determines the maximum amount lost in the attack and gives a one-week grace period to see if the protocol recovers the lost funds. If the hack does entitle a liquidation event, Ease’s DAO will enter a settlement period where a maximum of 33% of vaults are frozen and users cannot deposit into or withdraw assets from the vault. The limit of frozen vaults ensures that only 33% could be lost in the rare event that the multisig, DAO, and price oracles are all compromised simultaneously. In most cases, the vault will only freeze the percentage TVL of Ease that was hacked from the protocol. For example, if Protocol A was hacked for 1% of Ease’s total TVL, then only about 1% of each vault is frozen (contingent on vault risk ratings and maximum losses).

All RCA holders from the hacked protocol’s asset vault receive asset protection equivalent to their pro rata share of the vault. An “RCA Guardian,” which is a multisig entity, sets a liquidation ceiling that caps the amount any single vault can be liquidated and feeds this value via an oracle to a smart contract. Because the liquidation ceiling is likely higher than the actual liquidation per vault, the RCA Guardian simultaneously proposes the actual liquidation value for this specific hack off-chain to Ease’s DAO. If the DAO approves of the proposed liquidation value for the hack, this value is also onboarded to the chain and the smart contract executes the vault liquidations.

The Ease price oracle will oftentimes lag, allowing arbitrage bots to purchase the liquidated assets with ETH on Ease’s platform or through its integrations with other protocols. If necessary, the Ease team may turn on discounts to further incentivize bots to purchase liquidated assets. Finally, the hacked asset’s policyholders receive a payout based on their RCA or pro rata share of the vault.

Protocol Profit Considerations

To support cost efficiency, Ease is adopting a novel business model. Most insurance protocols profit from taking a percentage of premiums paid on coverage policies. Some insurance protocols profit from leveraging, or reinvesting, premiums. Because the RCA model does not charge premiums, Ease has to evaluate a couple of different business models. The protocol has implemented a fee switch on RCAs, but the fee is currently set to zero. If the fee is turned on, then users would pay a small annual percentage fee, like 0.1%, on their RCAs. The fee can only be proposed, approved, and adapted by the DAO. Like many emerging startups, Ease is focused on attracting growth and will draft a profitable business model in the future.

Scalable Coverage

Uninsurance is scalable because its model distributes risk among all its vaults, reducing the need for intensive risk assessment or underwriting. Instead, risk mitigation on Ease relies on asset vault diversification.

Risk-Adjusting Uninsurance Model

Because not all assets hold the same risk, Ease will eventually adopt a risk scaling metric. This metric will determine how much to pull from specific Uninsurance asset vaults in the event of hacks. Before Ease Uninsurance is sufficiently diversified, a hack will trigger liquidations from other vaults in equal amounts regardless of the risk associated with the assets in the vaults. After meeting a certain threshold of growth, the platform will rank assets in a sliding scale from the least riskiest to riskiest, measured by publicly-available rating sources like DeFiSafety.

Outsourcing risk assessment is inherently risky due to possible incentive misalignments even if the risk assessor is generally credible. However, Ease plans to aggregate publicly available risk rating sources that generally have an intrinsic, reputation-based incentive to accurately assess protocol risk. Aggregating these risk ratings sources avoids overreliance on any one source. In addition, Ease will add diligent commentary to each of the sources. These risk rankings are meant to mitigate adverse selection risks and are still comparatively less time-consuming and more scalable than underwriting.

When a hack occurs, assets from the riskiest vaults are pulled first. Assets from low-risk asset vaults are only liquidated to provide coverage for large hacks. As a result, users are incentivized to deposit more assets in safer vaults to avoid being liquidated even in small amounts.

Each vault is assigned a “maximum loss percentage,” which is calculated from its risk profile. It determines the percentage of the liquidation payout that will be pulled from that vault. The liquidated amount for a specific vault is calculated by taking the difference between the total assets lost to the hack and the amount riskier vaults have already paid, and then paying the maximum loss percentage for that vault.

Security

Staking EASE

The EASE token is a one-to-one swap for ARMOR, but it has yet to officially debut. Its token utility will be critical to the protocol’s governance. When a user deposits 1 EASE for staking, they receive 1 gvEASE back. The amount of gvEASE an EASE staker receives grows linearly with the time they staked EASE. In other words, the longer EASE is staked, the more gvEASE the $EASE staker receives and the more voting power the staker holds. After staking EASE for 6 months, the staker will receive 1.5 gvEASE for every EASE. One year would result in 2 gvEASE for every EASE.

Those who stake a significant amount of EASE and thus hold a large portion of gvEASE have consequential voting powers in the DAO, granting them significant decision-making power over the legitimacy of hack events, liquidation values, payouts, and more. Because voting in Ease’s DAO gvEASE cannot be purchased on the market, potential hackers would need to stake in Ease for an extended period of time before gaining notable voting power in the DAO. While the gvEASE mechanism does not guarantee that Ease cannot be hacked, it does discourage hackers from exploiting Ease DAO.

gvEASE

Ease designed its “growing vote tokens (gvTokens)” to positively align with incentives that work for the protocol’s security. gvEASE is a non-transferable governance token with two major benefits: governance/voting power and the ability to lower the 33% maximum fee. The general maximum fee for vaults is 33%, but a user holding enough gvEASE could decrease the stakers’ maximum fee to 20%. The other 13% of the fee would be distributed to other vaults. Theoretically, users can stake enough EASE and earn enough gvEASE to lower their maximum fees to 0. Users or protocols can pay EASE to bribe users with extra gvEASE to stake on a specific vault in order to reduce maximum fees. However, gvEASE from bribes hold zero governance voting power. The purpose of gvEASE is to incentivize staking $EASE on the protocol and provide users a method to receive dividends.

Competition

Ease’s RCA model is novel and doesn’t face any direct competitors. That said, the protocol could compete with other DeFi insurance protocols for market share if its potential customers choose not to use more than one form of insurance to protect their assets. There are other attractive asset protection services in the market that also seek to resolve scalability, capital efficiency, and demand for coverage issues.

Nexus Mutual combines traditional finance-inspired contracts with a peer-to-peer risk sharing model. According to DeFi Llama, Nexus is currently the second largest insurance DeFi protocol with a TVL of $245.05 million (the first is Armor, which takes an overwhelming majority of its contracts from Nexus). The major differences between Nexus Mutual and Ease is the impact of risk assessment, inclusion of insurance mechanisms, and the stage of supporting infrastructure development. Nexus’ profit model reinvests premiums and uses staking for risk assessment, making it susceptible to heavy losses when risk is incorrectly gauged in the market. Meanwhile, Ease aggregates risk ratings from various sources while conducting in-house due diligence. As one of the oldest and largest insurance protocols by TVL, Nexus Mutual has been highly tested in the market, but Ease also adopts a shared risk approach that could mitigate risks better and eventually be a more attractive offering as a result. Furthermore, depending on future traction and how well Ease takes advantage of economies of scale, the Uninsurance product could become more profitable than Nexus Mutual.

InsurAce also differentiates its design from the majority of insurance protocols by offering coverage for users’ entire portfolios. This approach allows InsurAce to scale underwriting by assessing multiple protocols at once. Ease’s risk assessment strategy directly takes risk ratings from third parties, which invites possible risks itself, but can still be more scalable than underwriting. Both Ease and InsurAce don’t require KYC and plan to build a robust cross-chain ecosystem (InsurAce is currently built on 20 public blockchains).

Saffron Finance is tranched insurance that incentivizes users to pay for asset protection through yield farming earnings opportunities. The protocol takes advantage of DeFi users’ demand for more yield earnings by allowing risk-taking users to essentially subsidize risk-averse users’ asset protection coverage. Therefore, like Ease, Saffron developed a cost-efficient model that eliminates the need for upfront premiums. However, this model results in an imbalanced two-sided market: easily attracting demand on the risk-taking, high-yield side but struggling to attract demand on the risk-averse, insurance side.

The Total Value Covered (TVC), estimated from Bitcoinist’s claim that 2% of DeFi holdings are insured, is around $2 billion. This low coverage can be attributed to the sector’s inability to attract and retain consumer demand, but new business models that do not require upfront premiums may increase demand. Ease’s model may be projected to increase the total addressable market (TAM), especially when DeFi users may be more likely to purchase asset protection services during an unfavorable market cycle. Whether Ease’s Uninsurance increases the “insurance” market sector depends on the protocol’s ability to gain traction and educate its target audience on the product.

Challenges

Attracting Enough Vault Diversity

Ease had hoped to kickstart the RCA ecosystem with Armor’s Shield Vaults but sunsetted the vaults in June 2022, pivoting to a complete rebrand from Armor to Ease. RCA’s strength and weakness is that coverage supply grows with the demand for coverage, which means that the viability of the RCA insurance ecosystem depends on economies of scale. To increase the security and strength of Ease’s Uninsurance model, the number of asset vaults and users need to grow. In addition, the number of unique users in different asset vaults also needs to increase because of the solvency issues if a hack affected a few asset vaults where the majority of users were concentrated. Ease Uninsurance has capped capacities for any asset vaults that become overexposed. When asset vault capacities reach their cap, Ease reinsures the protocols with Nexus.

Stacked Risk

The DeFi ecosystem consists of several protocols that have intertwined their risk. This contagion risk or “stacked risk” occurs when DeFi assets hold risk from multiple protocols. For example, one asset could be issued by one protocol but heavily staked in another. Or, some tokens are designed to be burned/minted for other tokens and are thus directly tied to the other asset’s risk. In these cases, a hack on one asset would affect another asset in its risk stack.

Ease intends to cover every protocol in the stack, so theoretically, stacked risk is always covered. However, any deposits into one vault with stacked risk would increase risk exposure for protocols that are in the stack and vice versa. Stacked risk is also a consideration for Ease Uninsurance asset vault caps, which are intended to limit risk exposure. For example, the protocol is not currently covering Curve because its exposure to Curve is already capped through its stacked risk from covering Convex.

Black Swan Events

The number of hacks on assets in Ease vaults could potentially exceed the ability for the protocol to sufficiently use the other non-hacked vaults to cover losses. In these extreme cases, other insurance protocols and the greater DeFi ecosystem would most likely also be greatly impacted.

However, Ease would have a better handle on the situation compared to other insurance protocols that follow the traditional underwriting model. Ease’s Uninsurance smart contracts do not leverage underwriting capital and its asset protection is fully backed. Here, leverage refers to the underwriting-based insurance protocols taking out a coverage that is significantly higher than its underwriting capital (only having $1,000 to cover a $10,000 insurance policy). Ease is exactly collateralized — so while the protocol would still lose the same amount as other premium-based insurance protocols from the hack itself, it wouldn’t risk an inability to pay out claims.

Roadmap

Initiatives to Attract Asset Diversity

To promote asset diversity in Ease vaults, Ease hopes to roll out new farming incentives.The farming program will allocate the pro rata amount of EASE to users in a vault on a weekly basis, which means that users who own a more significant percentage of a vault will be allocated more EASE. The incentive should attract more users and encourage them to deposit into vaults with less funds. The end result would be the diversification of Ease’s vault holdings and a lower default risk.

Additionally, when EASE launches, the team will airdrop EASE to users that were hacked in the last year, hoping to attract attack victims that are familiar with the consequences of lacking hack protections.

Ease will also expand its ecosystem to more blockchains within 1–2 years. Ease ecosystems on separate chains will likely include their own DAOs and communities.

Conclusion

Ease has developed a novel approach to insuring DeFi assets from hacks and other malicious attacks. The protocol’s Uninsurance design takes advantage of smart contracts’ ability to retroactively charge users, allowing it to charge policyholders only after an attack occurs. The protocol relies on vault diversity and high traction, which has yet to be realized, but the model’s promise to deliver a scalable, cost-efficient, and secure protection program is likely to attract future users.

Looking to dive deeper? Subscribe to Messari Pro. Messari Pro memberships provide access to daily crypto news and insights, exclusive long-form daily research, advanced screener, charting & watchlist features, and access to curated sets of charts and metrics. Learn more at messari.io/pro

This report was commissioned by Ease, a member of Protocol Services. All content was produced independently by the author(s) and does not necessarily reflect the opinions of Messari, Inc. or the organization that requested the report. Paid membership in Protocol Services does not influence editorial decision or content. Author(s) may hold cryptocurrencies named in this report.

Crypto projects can commission independent research through Protocol Services. For more details or to join the program, contact ps@messari.io.

This report is meant for informational purposes only. It is not meant to serve as investment advice. You should conduct your own research, and consult an independent financial, tax, or legal advisor before making any investment decisions. Past performance of any asset is not indicative of future results. Please see our terms of use for more information.

Let us know what you loved about the report, what may be missing, or share any other feedback by filling out this short form.

Leave a Reply

Your email address will not be published.