The discussion about a cover for user deposits started initially in December 2020 here and after that, it has been brought up by the Idle community several times. The Pilot League Committee, therefore, decided to gather in the governance forum ideas from previous discussions within the community and help to create a framework for all insurance partners that want to propose their services and join Idle´s B2B affiliate programme.
This post is a starting point, Idle cares a lot about security and insurance and is open to feedback and proposals from all.
Previous insurance initiatives put in place by Idle did not lift off due to lack of liquidity. Idle learned that before adopting any insurance policy in the future, it’s definitely worth first analyzing the possible outcomes.
Generally, it is useful to research how much affordable coverage affects TVL and what could happen in case of loss of funds.
There are many insurance options to protect the customer base, but the options favoured by the Pilot League committee for Idle are:
- Purchase liquidity coverage through 3rd party protocols.
- Add a backstop mechanism (similar to Aave), and provide $IDLE staking and coverage protection at the same time
- Create a CDP with $IDLE in case of a shortfall event (deficit for the liquidity providers), and repay the debt with protocol fees along time.
- Let users buy protection at their own discretion from 3rd party protocols, and eventually discuss a shield mining program to ease the premium.
- Another option is to add tranches strategies to protect investments, this option however would not fall under the category of full spectrum protection but will open the door to proposals from other protocols beside insurance.
The Pilot League would like to hear more about the alternatives listed here and learn more from the community and insurance providers. Benchmarks, statistical insights and examples will go a long way providing clarity to the discussion moving forward.
For a more comprehensive framework overview, these are the risks that the Idle protocol should cover to have full-spectrum protection (many reported also in Immunefi bug bounty program):
High-priority coverage features:
- Idle Smart Contracts and logic errors.
- Oracle failure/manipulation regarding lending protocols used by Idle
- Governance attacks
Description: protect the customer base on potential losses coming from bugs on Governance contracts, that lead to vote manipulation.
- Underlying protocol exploits
Description: Idle deploys funds in the mentioned protocols. Current coverage solutions protect only direct attacks. Having the coverage extension to face third-party hacks that consequently lead to fund losses on Idle side would be a strong added value. We expect that this feature provides third-party smart contract and logic errors coverage.
- Underlying asset failure
Description: Stablecoins might lose the peg and deposits could be affected. DeFi LPs are aware of the risk but uncertainty might block TradFi institutional funds. The risk is lower with battle-tested assets (DAI, USDC, USDT) and higher with next-gen stablecoin (FRAX, RAI). The policy might activate reimbursements when an asset goes under a certain peg rate for a minimum timeframe. Due to the high costs associated with innovative stablecoins, the first batch might cover only assets with a long track record.
Other nice-to-have features can be added by the protocols that propose to insure Idle.
The Pilot League Committee is looking forward to listening to the feedback from the community and possible partners .