(Un)insuring DeFi Holdings with Ease

By Helen Huang
Aug 10, 2022 ⋅

SHARE

Key Insights
• According to Bitcoinist, only 2% of decentralized financeholdings were
insured in 2021.
• DeFi insurance protocolare challenged with scalability and cost-
efficiency issues, leading to their general underutilization in the space.
• Ease has developed a scalable, cost-efficient, and secure asset
protection product called “Uninsurance,” which allows users to share risk and share
the costs of malicious attacks.
• Ease’s farming program is a growth and diversification initiative. It
will allocate a pro rata value of EASE to users in each vaultand encourage users to
deposit assets into vaults with less funds.

Decentralized finance (DeFi) protocols have faced many infamous hacks over the last
few years. There have already been at least 25 exploits in 2022, resulting in over
$1 billion in total losses. That’s on top of at least 72 exploits the last two
years. As more DeFi protocols are launched in the market, the number of hacks in
the space and the amount of money lost will continue to rise. Elliptic reported
that the estimated loss from hacks and other malicious activity on DeFi protocols
was $10 billion in 2021. Yet, despite the clear benefits of insuring against such
losses, Bitcoinist found that only 2% of DeFi holdings were insured in 2021.
DeFi insurance coverage is so low due to cost inefficiencies and scalability
challenges, among a few other factors. As a demographic, DeFi users are less likely
to pay upfront insurance premiums in an industry where losses are often widely
accepted.
Assuming the demand for DeFi insurance increases, scaling issues on the supply side
of these services would likely still remain. Most DeFi insurance projects require
underwriters to assess protocol risk before offering asset coverage. If demand for
DeFi insurance increased from 2% to 50%, the protocol underwriting workforce would
need to grow exponentially. Knee-jerk solutions to resolve scalability challenges,
such as outsourcing underwriting, could present credibility and adverse incentive
issues in an unregulated market. Because the DeFi industry is still nascent and
lacks sufficient data, third-party risk ratings are often inefficient, limited, and
inconcise. All things considered, asset protection services that address demand,
supply, cost, and scalability issues are likely to capture and create more market
share in the DeFi insurance sector.
Uninsurance, developed by Ease (previously known as Armor.fi), is one such asset
protection service that aims to address demand, supply, cost, and scalability
issues. The protocol leverages a
peer-to-peer

architecture, where risk is shared in a method called “Uninsurance.” This

methodology forgoes underwriting and requires zero upfront premiums. Ease’s main
Uninsurance product functions by promoting cost efficiency, alleviates scalability
challenges, and strengthens security. This report will also account for Ease’s
competition, risks, and roadmap.
Uninsurance is Cost Effective
Reciprocally-Covered Assets (RCAs)
To receive asset protection coverage, a DeFi user would simply deposit into Ease’s
Uninsurance vaults
Yield Farming

-bearing tokens and other tokens vulnerable to price falls from hacks, for example,
Yearn’s yield-bearing tokens or Uniswap’s
liquidity pool token

tokens. Based on how much was deposited into the

vault

, the user receives a Reciprocally-Covered Asset (RCA) that represents their pro
rata share of the asset’s vault. The RCA serves as the policyholder’s proof of
coverage. More specifically, the RCA shows how much coverage the user is entitled
to for that specific asset.
RCAs are essentially the underlying asset and insurance policy combined, but unlike
other protocols, policyholders do not need to pay premiums to hold the insurance
policy. RCAs are transferable
ERC-20

tokens that can be redeemed for the underlying asset, similar to aTokens on Aave.
Because RCAs are transferable, policyholders can sell their tokens, including
coverage, which isn’t possible with other insurance protocols. In the event of an
exploit, the price of the asset prior to the exploit would be “locked in.”
By depositing their assets into Uninsurance vaults, DeFi users collectively supply
funds to the asset protection plan’s endowment. The asset protection system works
by allowing users to cover each other with their collective asset deposits.
Suppose some users have deposited LP tokens into an Uninsurance vault and the
underlying protocol is exploited. A small percentage of assets are
liquidation

from the other Uninsurance asset vaults to cover the losses of the exploited
protocol’s asset vault, splitting the cost among vaults. Unless losses are higher
than what the
decentralized autonomous organization

agrees to cover, there are only very small costs for covering the exploited asset’s
policyholders. The RCA holders of the hacked vault would need to pay the same
percentage as they would for any hack itself, but the losses would be minimal and
the RCA holders would be granted the majority of their full coverage. The amount of
coverage they receive is their full coverage minus the amount lost in the hack as a
percentage of Ease’s total
total value locked

. So, for example, if $1 was lost in the hack and Ease’s total TVL was $10, then
RCA holders would be granted 100% -10% = 90% of their full coverage.
If the protocol is hacked for over 33% of its ecosystem, then the exploited
policyholders would need to pay 33% of their payout (which is based on their RCA)
back to the protocol. However, this 33% “maximum fee” applies only in extreme
circumstances, and $EASE holders can reduce the 33% fee by staking in the protocol
and contributing to the platform’s security.

Source: Ease Protocol Whitepaper

Note: The graph above shows that the amount paid to the vault is still less than
the total amount lost in the hack. That’s because the other vaults don’t fully “pay
off” the vault’s loss, but instead the loss from the hack is “shared” across all of
the vaults in this graphic. The user is not always fully covered — they are covered
based on the pro rata share of the asset vault they are entitled to per their RCA.
Liquidation Process
Ease is notified of hacks and exploits
on-chain/off-chain

through
governance framework
proposals via Ease’s DAO. On-chain hack reporting may fail to detect all attacks,
which could make off-chain reporting safer. This introduces an attack vector on
Ease’s DAO, but Ease takes precautions to prevent hacks from its DAO voting process
(explained later under “Security”).
Before Ease’s DAO certifies that the hack does entitle a liquidation event, it
determines the maximum amount lost in the attack and gives a one-week grace period
to see if the protocol recovers the lost funds. If the hack does entitle a
liquidation event, Ease’s DAO will enter a settlement period where a maximum of 33%
of vaults are frozen and users cannot deposit into or withdraw assets from the
vault. The limit of frozen vaults ensures that only 33% could be lost in the rare
event that the multisig, DAO, and price oracles are all compromised simultaneously.
In most cases, the vault will only freeze the percentage TVL of Ease that was
hacked from the protocol. For example, if Protocol A was hacked for 1% of Ease’s
total TVL, then only about 1% of each vault is frozen (contingent on vault risk
ratings and maximum losses).
All RCA holders from the hacked protocol’s asset vault receive asset protection
equivalent to their pro rata share of the vault. An “RCA Guardian,” which is a
multisig entity, sets a liquidation ceiling that caps the amount any single vault
can be liquidated and feeds this value via an oracle to a smart contract. Because
the liquidation ceiling is likely higher than the actual liquidation per vault, the
RCA Guardian simultaneously proposes the actual liquidation value for this specific
hack off-chain to Ease’s DAO. If the DAO approves of the proposed liquidation value
for the hack, this value is also onboarded to the chain and the smart contract
executes the vault liquidations.
The Ease price oracle will oftentimes lag, allowing arbitrage bots to purchase the
liquidated assets with ETH on Ease’s platform or through its integrations with
other protocols. If necessary, the Ease team may turn on discounts to further
incentivize bots to purchase liquidated assets. Finally, the hacked asset’s
policyholders receive a payout based on their RCA or pro rata share of the vault.
Protocol Profit Considerations
To support cost efficiency, Ease is adopting a novel business model. Most insurance
protocols profit from taking a percentage of premiums paid on coverage policies.
Some insurance protocols profit from leveraging, or reinvesting, premiums. Because
the RCA model does not charge premiums, Ease has to evaluate a couple of different
business models. The protocol has implemented a fee switch on RCAs, but the fee is
currently set to zero. If the fee is turned on, then users would pay a small annual
percentage fee, like 0.1%, on their RCAs. The fee can only be proposed, approved,
and adapted by the DAO. Like many emerging startups, Ease is focused on attracting
growth and will draft a profitable business model in the future.
Scalable Coverage
Uninsurance is scalable because its model distributes risk among all its vaults,
reducing the need for intensive risk assessment or underwriting. Instead, risk
mitigation on Ease relies on asset vault diversification.
Risk-Adjusting Uninsurance Model
Because not all assets hold the same risk, Ease will eventually adopt a risk
scaling metric. This metric will determine how much to pull from specific
Uninsurance asset vaults in the event of hacks. Before Ease Uninsurance is
sufficiently diversified, a hack will trigger liquidations from other vaults in
equal amounts regardless of the risk associated with the assets in the vaults.
After meeting a certain threshold of growth, the platform will rank assets in a
sliding scale from the least riskiest to riskiest, measured by publicly-available
rating sources like DeFiSafety.
Outsourcing risk assessment is inherently risky due to possible incentive
misalignments even if the risk assessor is generally credible. However, Ease plans
to aggregate publicly available risk rating sources that generally have an
intrinsic, reputation-based incentive to accurately assess protocol risk.
Aggregating these risk ratings sources avoids overreliance on any one source. In
addition, Ease will add diligent commentary to each of the sources. These risk
rankings are meant to mitigate adverse selection risks and are still comparatively
less time-consuming and more scalable than underwriting.
When a hack occurs, assets from the riskiest vaults are pulled first. Assets from
low-risk asset vaults are only liquidated to provide coverage for large hacks. As a
result, users are incentivized to deposit more assets in safer vaults to avoid
being liquidated even in small amounts.
Each vault is assigned a “maximum loss percentage,” which is calculated from its
risk profile. It determines the percentage of the liquidation payout that will be
pulled from that vault. The liquidated amount for a specific vault is calculated by
taking the difference between the total assets lost to the hack and the amount
riskier vaults have already paid, and then paying the maximum loss percentage for
that vault.
Security
Staking EASE
The EASE token is a one-to-one swap for ARMOR, but it has yet to officially debut.
Its token utility will be critical to the protocol’s governance. When a user
deposits 1 EASE for
staking

, they receive 1 gvEASE back. The amount of gvEASE an EASE staker receives grows
linearly with the time they staked EASE. In other words, the longer EASE is staked,
the more gvEASE the $EASE staker receives and the more voting power the staker
holds. After staking EASE for 6 months, the staker will receive 1.5 gvEASE for
every EASE. One year would result in 2 gvEASE for every EASE.

Those who stake a significant amount of EASE and thus hold a large portion of
gvEASE have consequential voting powers in the DAO, granting them significant
decision-making power over the legitimacy of hack events, liquidation values,
payouts, and more. Because voting in Ease’s DAO gvEASE cannot be purchased on the
market, potential hackers would need to stake in Ease for an extended period of
time before gaining notable voting power in the DAO. While the gvEASE mechanism
does not guarantee that Ease cannot be hacked, it does discourage hackers from
exploiting Ease DAO.
gvEASE
Ease designed its “growing vote tokens (gvTokens)” to positively align with
incentives that work for the protocol’s security. gvEASE is a non-transferable
governance token with two major benefits: governance/voting power and the ability
to lower the 33% maximum fee. The general maximum fee for vaults is 33%, but a user
holding enough gvEASE could decrease the stakers’ maximum fee to 20%. The other 13%
of the fee would be distributed to other vaults. Theoretically, users can stake
enough EASE and earn enough gvEASE to lower their maximum fees to 0. Users or
protocols can pay EASE to bribe users with extra gvEASE to stake on a specific
vault in order to reduce maximum fees. However, gvEASE from bribes hold zero
governance voting power. The purpose of gvEASE is to incentivize staking $EASE on
the protocol and provide users a method to receive dividends.
Competition
Ease’s RCA model is novel and doesn’t face any direct competitors. That said, the
protocol could compete with other DeFi insurance protocols for market share if its
potential customers choose not to use more than one form of insurance to protect
their assets. There are other attractive asset protection services in the market
that also seek to resolve scalability, capital efficiency, and demand for coverage
issues.
Nexus Mutual combines traditional finance-inspired contracts with a peer-to-peer
risk sharing model. According to DeFi Llama, Nexus is currently the second largest
insurance DeFi protocol with a TVL of $245.05 million (the first is Armor, which
takes an overwhelming majority of its contracts from Nexus). The major differences
between Nexus Mutual and Ease is the impact of risk assessment, inclusion of
insurance mechanisms, and the stage of supporting infrastructure development.
Nexus’ profit model reinvests premiums and uses staking for risk assessment, making
it susceptible to heavy losses when risk is incorrectly gauged in the market.
Meanwhile, Ease aggregates risk ratings from various sources while conducting in-
house due diligence. As one of the oldest and largest insurance protocols by TVL,
Nexus Mutual has been highly tested in the market, but Ease also adopts a shared
risk approach that could mitigate risks better and eventually be a more attractive
offering as a result. Furthermore, depending on future traction and how well Ease
takes advantage of economies of scale, the Uninsurance product could become more
profitable than Nexus Mutual.
InsurAce also differentiates its design from the majority of insurance protocols by
offering coverage for users’ entire portfolios. This approach allows InsurAce to
scale underwriting by assessing multiple protocols at once. Ease’s risk assessment
strategy directly takes risk ratings from third parties, which invites possible
risks itself, but can still be more scalable than underwriting. Both Ease and
InsurAce don’t require KYC and plan to build a robust
cross-chain

ecosystem (InsurAce is currently built on 20 public blockchains).

Saffron Finance is tranched insurance that incentivizes users to pay for asset
protection through yield farming earnings opportunities. The protocol takes
advantage of DeFi users’ demand for more yield earnings by allowing risk-taking
users to essentially subsidize risk-averse users’ asset protection coverage.
Therefore, like Ease, Saffron developed a cost-efficient model that eliminates the
need for upfront premiums. However, this model results in an imbalanced two-sided
market: easily attracting demand on the risk-taking, high-yield side but struggling
to attract demand on the risk-averse, insurance side.
The Total Value Covered (TVC), estimated from Bitcoinist’s claim that 2% of DeFi
holdings are insured, is around $2 billion. This low coverage can be attributed to
the sector’s inability to attract and retain consumer demand, but new business
models that do not require upfront premiums may increase demand. Ease's model may
be projected to increase the total addressable market (TAM), especially when DeFi
users may be more likely to purchase asset protection services during an
unfavorable market cycle. Whether Ease’s Uninsurance increases the “insurance”
market sector depends on the protocol’s ability to gain traction and educate its
target audience on the product.
Challenges
Attracting Enough Vault Diversity
Ease had hoped to kickstart the RCA ecosystem with Armor’s Shield Vaults but
sunsetted the vaults in June 2022, pivoting to a complete rebrand from Armor to
Ease. RCA’s strength and weakness is that coverage supply grows with the demand for
coverage, which means that the viability of the RCA insurance ecosystem depends on
economies of scale. To increase the security and strength of Ease’s Uninsurance
model, the number of asset vaults and users need to grow. In addition, the number
of unique users in different asset vaults also needs to increase because of the
solvency issues if a hack affected a few asset vaults where the majority of users
were concentrated. Ease Uninsurance has capped capacities for any asset vaults that
become overexposed. When asset vault capacities reach their cap, Ease reinsures the
protocols with Nexus.
Stacked Risk
The DeFi ecosystem consists of several protocols that have intertwined their risk.
This contagion risk or “stacked risk” occurs when DeFi assets hold risk from
multiple protocols. For example, one asset could be issued by one protocol but
heavily staked in another. Or, some tokens are designed to be burned/minted for
other tokens and are thus directly tied to the other asset’s risk. In these cases,
a hack on one asset would affect another asset in its risk stack.

Ease intends to cover every protocol in the stack, so theoretically, stacked risk
is always covered. However, any deposits into one vault with stacked risk would
increase risk exposure for protocols that are in the stack and vice versa. Stacked
risk is also a consideration for Ease Uninsurance asset vault caps, which are
intended to limit risk exposure. For example, the protocol is not currently
covering Curve because its exposure to Curve is already capped through its stacked
risk from covering Convex.
Black Swan Events
The number of hacks on assets in Ease vaults could potentially exceed the ability
for the protocol to sufficiently use the other non-hacked vaults to cover losses.
In these extreme cases, other insurance protocols and the greater DeFi ecosystem
would most likely also be greatly impacted.
However, Ease would have a better handle on the situation compared to other
insurance protocols that follow the traditional underwriting model. Ease’s
Uninsurance smart contracts do not leverage underwriting capital and its asset
protection is fully backed. Here, leverage refers to the underwriting-based
insurance protocols taking out a coverage that is significantly higher than its
underwriting capital (only having $1,000 to cover a $10,000 insurance policy). Ease
is exactly collateralized — so while the protocol would still lose the same amount
as other premium-based insurance protocols from the hack itself, it wouldn’t risk
an inability to pay out claims.
Roadmap
Initiatives to Attract Asset Diversity
To promote asset diversity in Ease vaults, Ease hopes to roll out new farming
incentives. The
Yield Farming

program will allocate the pro rata amount of EASE to users in a vault on a weekly
basis, which means that users who own a more significant percentage of a vault will
be allocated more EASE. The incentive should attract more users and encourage them
to deposit into vaults with less funds. The end result would be the diversification
of Ease’s vault holdings and a lower default risk.

Additionally, when EASE launches, the team will airdrop EASE to users that were
hacked in the last year, hoping to attract attack victims that are familiar with
the consequences of lacking hack protections.
Ease will also expand its ecosystem to more blockchains within 1–2 years. Ease
ecosystems on separate chains will likely include their own DAOs and communities.
Conclusion
Ease has developed a novel approach to insuring DeFi assets from hacks and other
malicious attacks. The protocol’s Uninsurance design takes advantage of smart
contracts’ ability to retroactively charge users, allowing it to charge
policyholders only after an attack occurs. The protocol relies on vault diversity
and high traction, which has yet to be realized, but the model’s promise to deliver
a scalable, cost-efficient, and secure protection program is likely to attract
future users.