Olivia
Online
Rei
@Rei_Melb
In-person maximalist.
Making mass onchain delusion insurable @NexusMutual
Joined October 2015
407 Following
239 Followers
171 Posts
Points 1-6 are a good starting point, but digging into some of those in more depth or looking at others is important when doing DD. Here are some other areas to dive into:
- Economic design. Outside of the code, is the economic design of the protocol sound? Can a death spiral occur during market stress; do low or zero fee features expose a protocol to economic attacks? The non smart-contract-based attack surfaces are important to review during the DD process.
- Protocol maturity, performance during market stress. How long has a protocol been live; what is the max TVL a protocol has held and for how long; how has a protocol performed during market stress or during periods of protocol-specific stress (e.g., mass redemptions, unwinding positions during market crashes, etc.)
- Team quality, track record. Is the team known? (If not, do the anons running a protocol have a track record of working in DeFi?) Have team members worked on protocols that have suffered loss events in the past? If yes, do certain team members have a history working at multiple protocols that have suffered loss events? Do they have experience working in the sector they're building in? This should be looked at in addition to the legal aspects (e.g., jurisdiction, if they've set up a bankruptcy-remote structure for offchain holdings, etc.)
- Loss history. Has a protocol been hacked before or suffered any type of loss event (e.g., exploit, opsec failure, fat-finger error, oracle misconfiguration, etc.). If yes, how did they respond/recover? Were they able to recover funds or make users partially or completely whole?
- Security practices beyond audits/bug bounties. Looking for audits, bug bounties, and comprehensive testing practices is an important part of evaluating a codebase, but does a team using monitoring services like Hypernative, Blockaid, Hexagate, etc.? If you find there are privileged actions within a protocol's design, how are those actions executed? Is there an upgradeable proxy in use? If so, is it owned by an EOA, multisig, MPC wallet? What's the exeuction threshold on the multisig that owns a proxy contract? Digging into OpSec best practices is just as important as looking for audits. This level of DD is harder to perform because OpSec info isn't public, but there should be information made available about the use of multisigs, MPCs, etc. @_SEAL_Org has great guidance on this in their frameworks, like the Multisig Security Framework: https://t.co/aYR3Yog4po
- Transparency, disclosure practices. Is the codebase public or private? Does a team offer transparency or do they just say they're transparent in their documentation? You can evaluate a protocol and its team based on their actions/track record on disclosures about security incidents (if they were impacted by another event or if a loss occurs, does the team publish a detailed post-mortem). If funds are deployed into underlying strategies, is it easy to verify where those funds are deployed or is there a third-party service like Accountable where you can verify onchain/offchain holdings?
- First-loss coverage. Does a protocol have a self-insurance module (e.g., Aave Umbrella) and has it ever been used? Does a protocol team purchase insurance and, if so, what type of coverage/what are the payout triggers? Is there any first-loss coverage available? Does the protocol implement senior/junior tranching? If yes, what is the premium being paid to junior tranche capital providers? Can you buy coverage/insurance for protocol, economic risks or depeg coverage? If yes, what is the rate coverage providers are charging?
These are just some of the checks we run when doing assessments at @NexusMutual. We've built our own tooling to run these checks in addition to reaching out to teams directly.
We also run regular assessments since risk is constantly changing, especially in lending markets and perps protocols.
And I cannot recommend the @_SEAL_Org Frameworks enough. Use these frameworks to assess how well a protocol team adheres to industry best practices: https://t.co/fNSX3xcJX5
We're hiring 💡
Our new CTO will take charge of one of the biggest jobs in Bittensor: building the best aspiring teams into tomorrow's top subnets.
From leading our Machine Learning track to screening subnet submissions and mentoring founders, this role has it all.
Link ⬇️
I don’t think democracy can survive if public opinion is constantly manipulated by algorithms designed to maximize engagement rather than truth.
Machine Learning on Bittensor. Incubated by Bitstarter.
Announced live on @TWiStartups featuring @alex, @Lons, @macrozack, and @mccrinbc, our new track is:
☑️ Backed by @const_reborn
☑️ Built for the best ML start-ups
☑️ Subnet registration, development, and infra included 👀
Who to follow
Kartik Nayak
@kartik1507
Associate Professor, Duke University | Espresso Systems | https://t.co/19Cm6tO2jU |
Blockchains and Applied Cryptography
Cheryl Douglass
@cherdougie
tippy tappy @navaai // prev @consensys @infura_io @metamask @seedclub @pleasrdao @columbia ⛸️
Charlie Ellington
@charliedesign89
I make interfaces work beautifully for humans: https://t.co/9etGVYEfNK and https://t.co/EqIRAHwwTF
Nexus Mutual's detailed incident report about the KelpDAO/LayerZero incident is now live ✍️
Our risk experts dig into:
- How the attack unfolded
- How the damage spread
- The systemic vulnerability it highlighted
- The industry response
- Is this covered?
- How we're addressing the opsec gap
See the full report here: https://t.co/jrQ6t4BpVU
https://t.co/EA2g5qvzuT
no babe, we aren't broke, our life savings are in a quantum superposition on aave
@ivangbi_ SEAL Frameworks cover a lot of this: https://t.co/ek8kUhekq0
Things age verification achieves:
• Violating adults' privacy online
• Creating leak and hack-worthy databases with tons of personal sensitive information
• Censoring the internet as a whole
Things age verification does not achieve:
• Protecting children online
🔥 Recap on Covered Vaults → the first vault-native risk transfer primitive.
Built in collaboration with @NexusMutual and 15 exceptional partners, including @MorphoLabs, @kiln_finance, and @symbioticfi.
Here is everything you need to know 👇
KYC is so redundant in a world of enormous data leaks and AI
we need to abolish KYC and replace it with either cryptographic proofs or game theory
DeFi is ahead of the curve on this one
dont let the institutions say otherwise
Thank you @Vault__Summit for putting together this awesome panel!
While most only think about risk in DeFi after a big hack, it should be a core part of any investor's calculus
If you're wondering how experts approach onchain risk, definitely check out this replay 🤝
$50M in cover capacity per vault. No prepayment, no fixed terms, premiums streamed from yield
@OpenCover just launched Covered Vaults & we're proud to be the underwriting partner 🤝
Any vault operator or curator looking for embedded risk transfer, reach out to OpenCover today!
$50M in cover capacity per vault. No prepayment, no fixed terms, premiums streamed from yield
@OpenCover just launched Covered Vaults & we're proud to be the underwriting partner 🤝
Any vault operator or curator looking for embedded risk transfer, reach out to OpenCover today!
@stacy_muur Re: the latest one, key compromise is basically uninsurable without a physical presence.
More widely, some sophisticated actors have normalised it in their set-ups, degen gamblers less so.
Especially hard when yields are low, like now
Source: building @NexusMutual for 8 years
@hasufl The whole thing was done with a sense of irony and "judge for yourself" disclaimers. People had fun with their readings ofc
Say what you want about the Ethereum mandate, but it's fun to read in southern preacher voice
@laurashin @kaiynne @tayvano_ @LucaNetz @omeragoldberg Check out Nexus Mutual's report on the Resolv incident : 👇 https://t.co/wBM5XEbzct
We've published a preliminary incident report on what happened at Resolv Protocol on Sunday. We dig into what happened, how the damage spread through DeFi, and what Nexus Mutual covers.
Details are still developing and we'll update as the picture becomes clearer. Link in comments.
AI writing has so many tells. Once you see it, it's fairly easy to identify (and exhausting to see everywhere).
If you don't know how to spot it, please read: https://t.co/FU3hIq9Opn
Last Seen Users on Sotwe
MALAYA 500
Seen from Indonesia
Chú Chuột
Seen from Vietnam
Slave Man Cunt
Seen from Indonesia
Daniel Ndikumana
Seen from United States
LELUHUR JAV
Seen from Indonesia
Dinaa
Seen from Indonesia
花花酱
Seen from Indonesia
PLAT KB
Seen from Indonesia
Erotic Mom
Seen from Indonesia
Keem
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers