Only 0.66% of DeFi is covered, one major problem is capital efficiency of DeFi insurance protocols.
Current insurance protocols covers DeFi protocols as a whole (Nexus Mutual, Cover Protocol) ,but this should not be the case. This makes premium too high for potential coverage buyers(14% premium in the case of Cover Protocol), or APY too low for coverage providers(3.91% in the case of Nexus Mutual).
In this article we will see why DeFi insurance should provide coverage for individual products(vaults or pools) of DeFi protocols instead of protocols as a whole.
Nexus Mutual: Top 6 covered are all protocols as a whole.They are Anchor(lending),Bancor(DEX),Curve(DEX),RenVM(cross chain),Sushiswap V1(DEX) and Yearn(yield aggregator)
Cover Protocol: The pool with yield mining program is covering protocols as a whole.
Why is this bad?
For insurance to be sustainable, both parties should be made happy,
- Premium should be fair so that coverage buyers are happy.
- APY for coverage providers should be high enough to represent the risks they face.
As of now, only providers or buyers are happy.
For Cover Protocol, premium is as high as 14% as shown below (3.5%/3 months),
Providers decide it should be 14%, but seekers won’t agree.
Who will buy it? Actually no one bought the coverage shown above.
For Nexus Mutual, premium is much lower (average 2.74% according to data on nexustracker.io). But rewards for providers are low(as of now it is 3.91% as whon on the official website).
As analized above, Cover Protocol sells coverage for too high and no one is buying. Nexus Mutual sells for too low that providers earns little.
What should insurance protocols do?
Enhanceing capital efficiency could make providers and seekers. Providers could enjoy high APY while seekers pay low premium. The key is to provide coverage based on vaults/pools (vs for protocols).
For example Cover protocol provides coverage for Yearn. But in practice, an investor will only invest in 1 or several vaults(there are 50+ vaults on Yearn).If he buys coverage for Yearn as a whole, he will be over paying for his positions. Providing coverage for vaults (liquidity pools for DEXs), will make it cheaper to buy coverage. And actually, hacks/exploits happens only to one vault.
The Yearn hack
On Feb 4,2021, yDAI vault of Yearn v1 was exploited, causing a 31% loss of yDAI vault, and 1.2% of Yearn TVL.
Reimbursment from Cover Protocol
Cover Protocol paid coverage holders 36% of their covered amount.
Claiming transactions can be found here,
If the coverage is to cover Yearn protocol as a whole, it should pay the loss percentage of the whole protocol (1.2%). But Cover Protocol actually paid 36% (based on 31% loss of the vault).
There are 50+ vaults on Yearn, the probability of having Yearn hacked is much higher than one vault hacked.
For coverage providers, this is much riskier, so they ask for high premium.
For coverage seekers, high premium will turn them away. But whales got a solution. Assume Alice is the whale and has $1m to be deposited on Yearn, diversified. She puts $100k each in 10 vaults.
How much coverage should she buy if she wants to be covered?
$100k. It is unlikely that two vaults got hacked at the same time, so whichever of the 10 vaults got hacked, she is protected.
So she paying $14k (14% of $100k) and she is safe from any hacks targeting her $1m funds.
What is the actual premium for Alice? $14k/$1m=1.4%.
Pretty low according to our previous analysis which came to the conclusion that for blue-chip projects, 2% is fair.
But this is unfair for small investors who need to pay 10x higher (14%) premiums.
Provide coverage for vaults, and Alice will buy at the same premium of small investors. And the premium will be between 1.4%~14% to is likely to be near the lower end.
We will compare two senarios,
Senario 1. Covering all vaults
Senario 2. Covering individual vaults
- The likelyhood of a blue-chip project to be hacked is 10%. Yearn is a blue-chip project.
- Yearn has $2290m TVL across a total of 10 vaults with different amount of funds. (This is just an example for simplicity and does not need to be the real case.)
- With larger incentives for hackers, larger vaults are more likely to be hacked.
- Only one vault hacked each time.
- As discussed in previous article, for blue-chip projects, a hack will cause a loss of 3.8% of ptotocol total TVL($2290m*1.2%=$27m) or the whole value of the vault, whichever is smaller.
- Premium for a vault is 2%.
- There is only on investor (Alice) on Yearn, and she wants to be fully covered.
What we want to do?
We want to find out what is the appropriate premium for coverage providers to earn the same APY in the two senarios mentioned above.
- The red parameters are based on our assumption and analysation in the other article.
- Risk of being hacked for each vault is calculated according to fund size on pro rata basis.
- Loss of senario 1 is calculated by multipling fund size and loss ratio. Loss of senario 2 is either same as senario 1 or all vault funds.
- Standard premium for senario 1 is the calculation result to make APY the same as in senario 2.
For coverage providers
We can see that in both senarios, a coverage provider enjoys APY of 6%, not bad.
What about covering 5x projects with similar risks?
You get 30%, quite high,right?
What about risks?
You get risk adjusted APY of 25%,juicy!
For investors (whales)
Whales are more likely to diversify in various vaults. To make thing simple, let’s assume a whale deposits a total of $10m to 10 vaults, with $1m in each vault.
In senario 1, he will only need to buy coverage (5.8% premium)for $1m to cover all his funds. He pays $1m*5.8%=$58k for his $10m holding. The actual premium is $58k/$10m=0.58%.
In senario 2, he will need to buy coverage (2% premium) for $10m to cover all his funds. He pays $10m*2%=$200k for his $10m holding. THe actual premium is $200k/$10m=2%.
For investors (small investors)
Small investors will most possibly just put his funds in on vault. Assume a small investor deposit $10k in vault 1.
In senario 1, he buys coverage(5.8% premium) for $10k and pays $580. The actual premium he pays is $580/$10k=5.8%.
In senario 2,he buys coverage (2% premium) for $10k and pays $200.The actual premium he pays is $200/$10k=2%.
It is easy to observe that in senario 1, small investors pays 10x premium (5.8%) vs 0.58% that whales pay. At the same time, 5.8% is too high for blue-chip projects and will not gain massive adoption.
In senario 2, all investors pay the same premium (2%). And based on our calculations, 2% is fairly priced for blue-chip investors.
100% potential APY for coverage providers
As calculated above, for insurance purposes, coverage providers earns 30% if all the 50 vaults(5 protocols x 10 vaults/protocol) were fully but not over covered.
But Cover Protocol is kind of similar to prediction market since it does not require proof of loss when claiming for reimbursement. This makes it possible for protocols to be over covered.
What does this mean?
It means for vault 10, coverage providers could also sell $800m coverage even though its size is only $10m.
How could this happen?
When the premium is attractive, speculators & predictors & hackers may want to bet on it.
What does it have to do with coverage participants?
For coverage buyers, they still pay 2% premium as discussed.
For coverage providers, potential APY is much higher than 30% as calculated above (surely with higher risk). If they sold all their coverage out, the highest potential APY could be:
100%=2% premium/vault * 10 vaults/protocol * 5 protocols.
Of course if 50% coverage sold, the APY is 50%(with lower risk).
Coverage providers should provide coverage for vaults/pools of protocols. The benefits are:
- Enhance capital efficiency, lowering the premium.
- Make coverage more affordable while coverage providers enjoying juicy risk adjusted APY.
- Make coverage more fair for both whales and small investors.