As recent events showed nobody is safe from bugs/hacks, but mitigation game seems to be real. We should aim to get insurance for such cases. But it’s important to not go overboards and cut into yields.
Currently there is no cover available on Nexus Mutual. In case of a failure of an underlying protocol of a vault (e.g. Compound) the insurance for yearn would probably not cover the losses anyways. The Yearn ecosystem is running their own insurance protocol called Cover. Cover currently lacks the liquidity to insure yearn vaults.
Thoughts for Discussion
My own ideas:
There are some issues to be addressed first before we could talk about insurance for vaults:
- There is no on-chain insurances that have enough liquidity for vaults (that I know of)
- Buying cover for all vaults cuts too deep into the yield.
Possible solutions for 1.:
- Off-chain insurance
- Bootstrap liquidity somehow
Possbile solutions for 2.:
- Only insure a fraction of the holdings of each vault and build mitigation mechanism and hope for the best
- Buy insurance for the complete ecosystem in the size of the largest vault and trust, that not multiple contracts can be exploited in the same transaction. Hope that others will be secured by mitigation measures in case of an exploit.
Probably better than my own ideas :
Maybe it is time to talk about a dedicated risk team (e.g. MakerDao also has one), that thinks about risks and mitigation measures with a fixed budget (e.g. from the newly BRRR YFI or funded by the dev funds)
Looking to hear your thought about this topic!