Disclosure: Delphi Ventures and members of our team hold positions in ALPHA and NXM. This statement is intended to disclose any perceived conflict of interest and should not be misconstrued as a recommendation to purchase ALPHA or NXM. This is not investment advice.
On February 13th, Alpha Homora V2 was exploited for ~$38m, despite the fact that the contracts involved had previously passed separate audits from both Quantstamp and PeckShield. Why was the possibility of this exploit missed during their review? To be fair, the exploit was incredibly complex and it’s certainly possibly this attack vector was overlooked entirely by the auditing firms due to that. On the flip side, it’s also possible that an individual knew in advance that this could happen but decided that the pay day from a successful attack outweighed the return from being an honest actor. If you think you can execute an attack and walk away with $38m, why settle for a white hat bounty worth $50k for pointing out the problem? Herein lies the broader issue. As DeFi TVLs rise, the reward dichotomy between being an honest actor rather than a malicious one is becoming increasingly imbalanced. We should expect that whatever can be exploited, will be. While the dynamic of this trial by fire will improve smart contract resiliency over time, there will be a cost to pay. A burden that will fall on people who should not be exploited. We, as a space, can do better than this. It’s a problem worth solving.
Charlie Munger once said “show me the incentive and I will show you the outcome”. As we just articulated, the root of the problem is that the incentive for being bad can outweigh the incentive for being good. This prompted our next question – “how can we reverse that?”. Naturally, Nexus Mutual came to mind as a potential solution for the problem. After all, the platform is already the market leader in offering cover against smart contract risk. I spoke with Hugh, Nexus’ founder, about a potential solution. He said they’ve debated ideas on this topic multiple times in the past but it’s hard to get auditors to sign up for something like this. That makes sense. Why would an audit firm pay a cost to enter an incentivized system where they could then be slashed for making a mistake? Why not just continue with business as usual, get paid for audits and never have any capital-at-risk yourself? If approached from a different angle, however, perhaps we can use the NXM token as the carrot on a stick to nudge them towards better outcomes.
For this to work, a token needs to be involved to alter the incentive dynamics. That way auditors/white hat hackers aren’t just doing it for a small near-term payment but rather long-term value accrual they don’t want to have slashed. With this in mind, we propose the following solution and present it to the Nexus community for further debate. Please keep in mind this is still rather abstract at this stage and we look forward to a community debate to solidify the specifics.
Nexus can start by offering NXM grants to individuals who are experts in white hat hacking and smart contract development / auditing. It’s important that this is done on an individual level to ensure incentives stayed aligned. Now, these grants would need to be sizable, even at current valuations, perhaps worth even a few million dollars each in NXM. The condition of the grant being that these tokens vest over a multi-year period and, in order to claim them eventually, the individuals need to conduct regular audits on the contracts covered by Nexus. This accomplishes a few things. To start, because there’s no cost to buy into the system, the brightest minds in the space should be attracted and want to get involved. They start with nothing to lose and much to gain. Furthermore, there now exists a valuable reason for auditors to be honest actors over the long-term, in a way that a small one time bounty could never compete with. The risk/reward is no longer dependent on a single potential exploit, but rather is smoothed out over many. In addition, the value of this incentive should continue to grow over time. As the value the auditors add to the platform rises, so too will the value of the NXM they’ve been granted, further aligning stakeholder incentives. There is also no upfront cost to the Mutual since the NXM tokens given in the grants won’t unlock for years and the full amounts will only be given if the specialists do a consistently good job over that time.
Let’s say that hypothetically there are 10 individuals chosen for this program. If a new contract lists on Nexus and all 10 of the specialists give it the green light, their analysis could be factored into the risk pricing, making it cheaper to purchase that cover. Inversely, let’s say 10 of the specialists review a new contract but only 5 of them think its safe. Cover could still be offered on the contract but now risk pricing would be much higher. In addition, if a bug or exploit is later found in that contract, the 5 specialists who gave it a passing grade would then have their vesting NXM slashed, acting as the “first tranche” in the waterfall to take losses. While the current claims math is a bit more nuanced than this implies, the mechanics could operate similarly to how NXM stakers are already rewarded/slashed for a given contract, relative to other holders not underwriting cover on that specific contract.
This could improve upon the current risk pricing by adding a qualitative component to a process that’s solely driven by market forces of supply and demand at the moment. Even though audits are already available, they can’t formally be factored into cover pricing right now because there’s no incentive alignment between auditing firms and the Mutual (With that being said, I’m sure savy NXM stakers review audits before deciding which contracts to open up capacity for). Our solution fixes this and gives Nexus it’s own in-house, incentivized audit capabilities, making it a one stop shop for smart contract audits, technical risk pricing and buying protection. This would be a first in the space and greatly increase the value proposition of Nexus and the defensibility of its moat. A Nexus risk score, combining the qualitative judgement of multiple incentivized audits and the quantitative factors of supply and demand, would be unrivaled. How could the validity of a single audit from a firm with no skin in the game ever compete with that in the eyes of the market?
While we think a solution like this makes sense, and that Nexus is in a unique position to capitalize on it, it’s still early in the idea phase. What are the edge cases? How does this audit process scale? What’s the right size for a grant? How many applicants should be accepted? How does the Mutual even evaluate applicants? These and many other questions still need to be worked out. We should also note that this solution would not have prevented the Alpha Homora V2 hack based on how the events unfolded. As we mentioned earlier, cover for those contracts wasn’t even live on Nexus yet when the exploit happened. However, if these capabilities did exist on Nexus, perhaps prominent projects would adjust how they launch new contracts in the first place, to better insulate themselves from events such as these. Perhaps it won’t be enough to postpone a launch until an unincentivized audit has been conducted. Perhaps they’ll want to wait until Nexus is ready to support it.