Hacks on yield farming or other DeFi products have been rather common. But there are limited options in hedging against them. There are some insurance products but they come with all kinds of limitations.
You have the projects who want to make assurances of their own safety, and users who are risking their own capital on these protocols, and also smart contract auditors who are also making claims about the quality of their work and of the protocols they have checked. And then there are the hackers and whitehat hackers who look for ways to exploit the protocols and take user funds.
Say a protocol and their community raise an insurance fund of $1 million (despite having TVL of much more, like $100 million). This fund can be raised by selling options that pay out in case of a hack.
For example, $1 million might be locked up to mint 1 million long tokens redeemable for $1 if there was a hack and 1 million short tokens redeemable for $1 if there wasn’t a hack (minted amount would actually be less due to over-collaterization requirements).
The short tokens might be used to pay for the auditors (ht to Mhaira for this idea). Auditors would collect a nice payout if the protocol remained safe until expiry (a few months, with the assumption that hacks happen within a few months). Currently, auditors get paid up front and many projects get hacked despite getting audited.
The long tokens would be sold to users who would get a payout in case of a hack. A user might be able to buy enough tokens/insurance to fully cover their locked capital in case of a hack where they lost all their money, but there wouldn’t be enough tokens if everybody wanted to be fully insured, but not everybody would buy this insurance.
Would it make sense for the long tokens to pay out more the more money was lost, or keep it binary?
How much of a fund is enough?
Can we use the short side to incentivize white hackers to not steal money (bug bounty)?
How much does it make sense to pay for insurance to use defi?