Since the dedaub smart contract monitoring service has been active for over a year, it’s now time for members to review and evaluate whether or not the mutual should continue to provide funding for this service.

In this post, I’ll review the cost of the dedaub smart contract monitoring service to date, the projected costs, and the impact on Nexus Treasury holdings.

Overview

In May 2021, members voted to work with dedaub to monitor select smart contract systems for vulnerabilities to mitigate potential claimable events. After this vote passed, the Nexus Mutual team worked with dedaub to create, install, and maintain a vulnerability analysis and continuous monitoring service over select smart contract systems that the mutual covers.

Question for members

These monthly payments are made in wNXM, and since wNXM trades below book value, these monthly payments have a larger impact on DAO treasury funding. The bear market has impacted the value of funds held in the DAO treasury since the proposal was first passed.

The continued monthly cost for this program represents 0.65% of the current value of the treasury and the annualized cost is 7.76% of treasury funding.

Members should discuss and decide if we should continue funding this smart contract monitoring service or if we should discontinue funding for this service.

Cost to date

As outlined in the original proposal, dedaub’s fee is $20k per month, which is paid in wNXM.

To date, the mutual has paid 10,102.79 wNXM for dedaub’s smart contract monitoring service.

Projected cost

To continue this service, the cost will remain $20k per month. At today’s wNXM price ($16.77), this is equal to 1,192.60 wNXM per month for the mutual to continue to monitor these smart contracts (~0.65% of current treasury funding).

The annual cost would be $240k per year, or 14,311.27 wNXM (~7.76% of current treasury funding).

Nexus Treasury holdings

Nexus Treasury 11 October 2022998×1465 124 KB

1. Members voted to allocate wNXM acquired through buyback in Dec 2021 and January 2022 in the following Snapshot vote.
2. LDO assets will be used to conduct a wNXM buyback according to the outcome of the following Snapshot vote.
3. Funding that is currently earmarked for programs, grants.

Current smart contracts monitored by dedaub

At present, dedaub monitors the following smart contracts for the mutual:

• Nexus Mutual
• Aave v2
• AlphaHomora V2
• Argent
• BadgerDAO
• Bancor
• Compound v2
• Convex
• Curve
• Hegic
• Liquity
• mStable
• Set Protocol
• Sushiswap
• Synthetix
• Vesper
• Yearn

Past proposal, vote

• Dedaub ↔ Nexus Mutual Collaboration Proposal
• Snapshot: Should we grant Dedaub ↔ Nexus Mutual Collaboration?

Review and discussion period

This proposal will be open for discussion and review for the next ten (10) days. Members can share their thoughts, analysis, and comments below.

Once the community has weighed in and there’s a general consensus, this discussion will be transitioned to a Snapshot vote to determine whether or not this smart contract monitoring service will be continued.

Very important post.

I’d like to hear more about what has been achieved by the dedaub <> Nexus partnership to see if it really provided value(and if no, why not? Was it because there were no hack to prevent or smtg else?). Maybe someone from dedaub can provide some highlights here?

That being said, it’s a bear market that has hit us very hard. I think at the very least we should seriously consider reducing the grant to level that best reflect the current market conditions (vs when the grant was approved).

Dear Community. During the past 11 months Dedaub has been monitoring and applying deep program analysis algorithms to the 17 protocols listed above. We have monitored for a variety of vulnerabilities (many more than in the original proposal, and have also included some quite recent ones, such as ECDSA signature malleability, which became more prominent in Aug’22).

Here are some of the quarterly reports that we have been issuing.

• https://dedaub.com/assets/files/nexus-report-2022-Q2.pdf
• AaveV2 on Ethereum Report
  (The most recent reports will not be shared publicly)

We’ve had an experienced auditor look at the most promising warnings. The inspection results (as well as raw stats) are included in the reports. These independent security assessments are something that could potentially be tweaked towards the side of “preventing hacks” / “assessing security” or “helping protocols” depending on the kinds of vulnerabilities the auditors chose to focus on.

More importantly, we made disclosures to teams, and we handled comms and triage-ing directly. It is understood that many of these disclosures in the above protocols were for funds vulnerable to unprotected swaps. E.g., When the balances become too high relative to the size of the pool we communicated this to the protocols concerned. (We’ve definitely been independently motivated: many of these protocols have multi-million-dollar bounties.)

As to whether this was effective, AFAIK none of the protocols we were asked to monitor got hacked (lost funds) over the last year. This alone shouldn’t be the deciding factor - not finding major hacks can be seen both as bad (no value) and as good (no risk).

• What is certain is that the Watchdog service offered value to some protocols and those invested in their security - over the last year we have prevented hacks occurring from other protocols that Nexus covers like Rari (collaboratively) or Multichain. [Links will be posted in next reply].

• Over the last few months as part of our ongoing R&D (which Nexus partially funded through this) we have further improved our monitoring and are imminently going to give select members of the Nexus team a realtime view of our vulnerability discovery workflow, which provides better visibility of our work than quarterly reports and is more hands-on.

If the Nexus community agrees to continue our fruitful collaboration I suggest that over the next year, we work together with the team to 1) optimize the list of protocols to be monitored (e.g., by monitoring more risky protocols, and stop monitoring the more secure protocols) and 2) create interesting metrics for Nexus Mutual’s actuarial efforts to better manage risks. 3) Nexus and Dedaub to market this synergistic collaboration further.

Finally, we certainly recognize the cost to the treasury and the bear market. It is not up to us to make an argument for whether the cost is reasonable, but we want to explicitly assert that Nexus is not overpaying (quite the contrary). Since the Watchdog monitoring system has been improved and further marketed, the Nexus Mutual price is way below the price charged to other clients for the same proportion of protocols (but more volatile and with higher human auditor commitment).

I look forward to answer more questions regarding this project.

Thank you for the detailed response, @Neville_Dedaub!

First and foremost: I don’t think anyone would argue that the cost for this service is too high. Rather, the cost vs. current treasury holdings is what is up for member review, especially given that wNXM trades below book value. None of this reflects on the service that dedaub provides.

I do have a few questions that I hope will give members context on the program:

1. After reviewing the reports that you’ve shared, I wanted to know if any of the reported vulns (included in these reports or the more recent ones not included) were issues that protocol teams mitigated and awarded dedaub with a bug bounty for reporting. Can you comment on this?
2. Initially, when this proposal passed, there wasn’t clear communication with the wider community on dedaub’s work monitoring these select protocols. Given the sensitive nature of vuln disclosures, I understand the lack of public reporting, but would there be any general quarterly reporting you could provide members with to reflect the work you’re doing on behalf of the mutual?
3. How would you differentiate your service from the Immunefi matching bug bounty program members approved for renewal earlier this year? Since both of these programs are up for review, it would be beneficial for members to hear dedaub’s thoughts on the value of funds spent to date on both programs.

I look forward to your answers and for other members to review and discuss.

Hi @BraveNewDefi

Answers to your questions here:

1. Some issues were shared to protocol teams and acknowledged. We didn’t find a major critical vulnerability on these protocols (the protocols were not hacked) but had we did we would have certainly escalated further as the auditor went through most flagged issues. Generally for non-critical issues, protocols would manage risk by slowly decommissioning the risky pool / subsystem in an orderly way. Over this period we did however get 2 major bounties from Multichain ($2m) and Rari (collaboratively, our share was $550k). We only try to claim bounty awards for when we can create a PoC that explicitly demonstrates large amounts of funds can be stolen with current network conditions - this is usually a prerequisite for a bounty payment. Without a working and clearly reproducable PoC, the instinctive reaction from teams is to flatly deny the issue exists. Producing such PoC and following up with the development team for mitigation is labor intensive.

2. Now that we’ve streamlined the reporting, it is easier to share a statistical report with the community - we’ll work on something that provides an easily digestable summary.

3. Bug bounties & Monitoring - Swings and roundabouts. They are synergistic. We have benefitted from bug bounty programs, some of which were mediated by Immunify - it’s great to see that bug bounties have increased in size and popularity! Bug bounties are passive - the last layer of defence in security. When everything else fails (good coding practices, audits, monitoring & deep analysis like watchdog) bug bounties can incentivize hackers who are on the fence to do the right thing and report the vulnerability. On the other hand it is known that in any software development process that the earlier an issue is resolved the cheaper it is to mitigate. So helping preventing bugs from happening in the first place should have a higher ROI. The difficulty in assessing ROI is compounded by the fact these $200k matching bounties are offered on top of much larger bounties offered by the protocol itself. If both measures are kept, the Monitoring service we provide should in theory increase the ROI of a bounty program, as the number of times this is triggered (assuming such service if effective) is reduced. Ultimately there is no silver bullet in smart contract security, and any technique including manual auditing, formal verification and program analysis has its blind spots.

I think your discussion will revolve on how to ensure the program is sustainability to your treasury. We understand that times are tough, and that things could get worse before they get better. We’re willing to structure this service in such a way that if the treasury funds keep dipping (say 50% of current Mark-to-market) we waive the fee during such period. Hope this helps.

This topic was automatically closed after 7 days. New replies are no longer allowed.

Thanks @Neville_Dedaub for being open to working with the mutual to ensure we can work together, while taking in consideration the cost to the treasury. I’ve put together an alternative option that wouldn’t end the watch dog service but would be more cost effective for the Nexus Treasury.

Alternative service agreement

The proposed agreement would be as follows:

• Reduce monitored protocols to 10 total
• Reduce cost to 750 wNXM/mo regardless of price, which would be paid on a quarterly basis.
• Revisit the protocols the mutual monitors on a quarterly basis to adjust based on risk and existing liabilities.
• If Dedaub is to receive bounties on vulnerabilities found on the mutual’s 10 monitored protocols, 25% of bug bounty amounts, capped at 2,250 wNXM/yr, is to be deposited to the Nexus Treasury.

If adopted, this agreement would apply for 1 year and would be up for member review in October 2023.

This would reduce the scope and cost of the service, while allowing the mutual to monitor protocols, where risk and/or liabilities are higher. We’d also offset some of the cost if dedaub is rewarded with bug bounties found when monitoring these protocols.

If members supported this option going forward, I’d be happy to work with you on co-marketing efforts and help establish quarterly reporting for members.

Let me know if you’re open to this alternative agreement

Thank you @BraveNewDeFi for the alternative agreement. We also feel this is a more sustainable proposal and better aligns both Dedaub’s and Nexus Mutual’s interests.

We look forward to keep supporting the Mutual. Irrespective of the outcome of the vote, we’re proud to have made a small contribution to Nexus and look forward to working together on many different fronts as the protocol evolves.

An update:

This proposal will transition to a Snapshot vote on Monday (24 October). Based on the discussion to date, the leading choices for the vote will tentatively be:

• Option A: Renew w/ existing terms–contract dedaub to monitor 20 protocols for $20,000/mo paid in wNXM, with the agreement coming up for review in October 2023
• Option B: Renew w/ alternative terms–contract dedaub to monitor 10 protocols for 750 wNXM/mo (regardless of price), with the agreement coming up for review in October 2023
• Option C: Do not renew.

You can still share your comments before this goes to vote. If you haven’t commented, please share your thoughts!

Agree thanks for bringing this up, would stronger favor not renewing it, seems fairly expensive without much value thus far delivered to the mutual members.

This proposal has been transitioned to a Snapshot vote to determine if members would like to continue the service agreement with dedaub, agree to alternative terms, or to end the service agreement with dedaub.

After an open comment, review period of more than one week, the choices presented in the Snapshot vote are:

• Option A: Renew w/ existing terms–contract dedaub to monitor 20 protocols for $20,000/mo paid in wNXM, with the agreement coming up for review in October 2023
• Option B: Renew w/ alternative terms–contract dedaub to monitor 10 protocols for 750 wNXM/mo (regardless of price), with the agreement coming up for review in October 2023
• Option C: Do not renew.

Members can vote to signal their support for continuing this service or for ending this service.

You can vote on the Snapshot proposal from 24 October at 10am EST / 2pm UTC until 29 October at 10am EST / 2pm UTC.

• Should members renew dedaub’s smart contract monitoring service agreement?

Thanks for putting forward an alternative agreement.

But I must say I do not find the terms good at all:

In the midst of a bear market, odds are skewed towards future upside for wNXM. Moreover, we’re actively working on plans to bring wNXM price to Book Value (wNXM is already valued at BV for Investment Committee members’ remuneration ).

So under the new terms, if the Tokenomics revamp project is successful and wNXM price goes back to book value, it means we will pay 750 * 0.023 * 1300 = $22 425/month for a reduced service. This is assuming a stable $ETH price, and 0 growth in book value. If market conditions improve, there is no ceiling to the $ amount we will pay Dedaub.

Given all this, I’m strongly in favor to not renew the collaboration.

agree, this makes it more expensive than before… but think the bigger main problem is that the value provided by this is not clear, especially for the steep price tag

@vincentj @Gauthier Please refer to the original proposal from last year

We delivered on the original proposal. Reports were delivered every quarter to Hugh and Rox.

The original proposal was to monitor for the following vulnerabilities, but the mutual benefited from many others that were added since the original proposal:

• potential for Uniswap/Balancer price manipulation
• interaction with untrusted tokens
• “unchecked sender” in flash loans
• contracts not properly initialized
• inconsistent scaling factors (i.e., powers of 10) for monetary amounts
• ECDSA signing that is not unique per signed message
• conventional errors: arithmetic overflow, reentrancy.

As to the value, this was Hugh’s argument last year:

Prevention of claims has significant value for the mutual. In regular insurance there are many instances of monitoring systems, usually bundled with the insurance purchase, that give early warning of system malfunction and allows repair crews to be dispatched before severe losses occur. Examples include flood warning systems, boiler monitoring and many others. I see this proposal in a similar vein.

In particular, for protocols where contracts can be upgraded sophisticated monitoring tools can save users and the mutual a lot of money. eg Uniswap is less likely to need such tools, but Yearn would likely benefit a lot from it.

I also see it as a potential strategic differentiator, eg if a project is willing to distribute Nexus cover at point of sale they we can include them on the monitoring list.

Certainly it’s understandable to not repurchase something if one doubts they can afford it at the moment. We did try to structure the proposal relative to the Mutual’s treasury strength - which is why we accepted wNXM pricing. But we cannot agree that the cost is steep, when it is in fact quite low relative to other security solutions. At current levels, the yearly cost of the service is equal to the cost of ~7 weeks of auditing time. For ongoing security analysis of code, some individual protocols pay more than 15x than the cost of this service! (Aave has a $3.6m/yr deal with Certora, Compound has a $4m/yr deal with OZ.)

Definitely agree tha tit was delivered, just saying that it isnt relevant for the mutual imo, and doesnt significantly reduce risk or pricing of risk for mutual members etc.

This Snapshot vote has closed, and members voted 100% to not renew the dedaub smart contract monitoring service going forward.

Per the choices outlined in the Snapshot vote and the proposal, members have signalled that they would like to reduce DAO treasury spending on this service agreement at this time.

For more information, you can review the Snapshot vote: Should members renew dedaub’s smart contract monitoring service agreement?

This topic was automatically closed after 40 days. New replies are no longer allowed.

This topic was automatically closed after 169 days. New replies are no longer allowed.