From the Nexus Mutual blog post regarding the CREAM v1 hack:
If impacted members submit claims and those claims are approved through Claims Assessment, the mutual can provide a payout to impacted cover holders. If cover holders are reimbursed in the future for their loss after receiving a claim payment from the mutual, those members should provide the reimbursed funds back to the mutual. Any reimbursement to the mutual would be in good faith, as repayment cannot be enforced.
This seems to violate the principle of indemnity and allow the insured double recovery of their losses.
Would Nexus support working with governance in covered protocols to add a rule whereby blockchain records of payouts from Nexus are cross referenced with users eligible for reimbursement to ensure that funds are returned by the protocol to Nexus where the user has already been compensated?
Can members of the community just pitch in to get this done by approaching the other protocols through their governance or is there a more formal structure here?
I agree in principle, the difficulty is in the execution! One by one agreement with protocols is hard work when we have 100 and growing.
One possibility is the Nexus community develops a standard statement that other protocols can adopt as they wish. If they do adopt it there should be pricing benefit as stakers should be more willing to stake.
Note: It will likely become more possible to differentiate pricing like this when we move to dynamic and delegated pricing, current pricing mechanics are unlikely to pick up this level of detail.
More generally, I’m aware others have been thinking about the reimbursement issue so I encourage more discussion around this topic. I don’t have all the answers here!
Legal background - happy to contribute a first draft if that’s not duplicating someone else’s’ remit? Suggest we adopt the principles (and some language) direct from the standard indemnity/conduct of claims practice and wrap in a plain English summary which DAOs can understand, initially on the understanding that it is not legally binding.
Also willing to work with your team to develop a policy statement mentioning how signing up 1) impacts pricing and 2) fosters the collaborative ethos we need to drive adoption of DeFi
If this sounds good I’ll get it done but please be flexible on time as I’ve some urgent deliverables elsewhere. Appreciate your quick responses on matters related to our valuation of Nexus thanks.
@BraveNewDeFi is doing some related work on the Protocol Cover wording and reimbursements, so I think it would be worth syncing on this. They seem complimentary pieces that could overlap slightly so would benefit from being aligned.
Hey @BowTiedIguana! As Hugh mentioned, I am working on a forum post that addresses this issue. I feel as though there is a gap within our current Protocol Cover protections for users, and I’d like to start a wider discussion on amending the Protocol Cover wording. My hope is to share it next week, but if you’d like to collaborate on this forum post, send me a message on Discord (BraveNewDeFi#0027).
The main challenge I see is balancing the cover holder requirement for immediate reimbursement (understandable and a key selling point for Nexus) with the reality that a hacked protocol with finances and reputation in disarray may take several weeks to offer a credible (partial) repayment plan.
I think tokenizing the right to reimbursement (where a tokenized representation of the affected position does not already exist) is the cleanest way to solve the temporal issue while providing a blockchain based record of who is entitled to reimbursement. This has a side benefit for affected users who were not covered by Nexus in that they could then trade their claim at a discount in the secondary market to access immediate liquidity.
Cooperating with 100+ protocols will be time consuming, suggest we triage by outstanding cover amount:
(Optional) 1. Discuss and implement a technical standard to create an ERC-20 token representation of losses suffered in a hack or other loss event - we may find support for this in other communities/protocols.
Draft an agreement to be used between protocols covered by Nexus and the Mutual obliging the covered protocol to promptly issue such tokenized claim representations after a loss event, and to only apply any future compensation payments to the holders of those tokens rather than the originally affected wallets. This should be straightforward for protocols where there is already a tokenized representation of a coverholder’s position.
Update Cover Wording to oblige Cover Holders to surrender the tokens to the Mutual in consideration of payment of their claim
I agree that covered protocols are more likely to co-operate if it helps their customers achieve better cover pricing with Nexus and that the process should be very low friction for them.
Agree tokenisation is the best option here, and as you mention some protocols will be tokenised already, some won’t be.
I’m a little sceptical that protocols will agree to create the token on a loss event. It’s often impossible to formally agree anything with a DAO unless it’s implemented fully on-chain. In addition, even an agreement may not hold much weight when the protocol has just been hacked and they have much higher priorities or perhaps the devs have just left.
But I do like the direction here, and perhaps we can create the cover wording so that it only pays out if both 1) there is a token and 2) the cover holders surrender it to the mutual.
