Cover Protocol Review ($COVER): Project Shutdown

Cover Project Shutdown: Cover & Ruler

It is with conflicted emotions that I announce the end of RULER & COVER Protocol.

The decision to do this did not come easy and is a final decision the remaining team made after reviewing the path forward, after the core developers suddenly left the projects.

After discussing with the remaining team and finalizing plans moving forward it made sense that the remaining treasury funds be evenly dispersed to token holders.

This is effectively a creditor payout, we will not be continuing with the RULER & COVER token or contracts and the UI will remain shutdown.

I want to personally say that I was extremely disappointed to learn that the development team was leaving so suddenly, especially given the time we had spent together building out the protocols and following the vision they had.

This being said, we want to wish the development team all the best in their endeavors outside the crypto space and to the community we want to say that while this is all we can do from a treasury standpoint with what is available, we won’t forget you either.

Compensation will be as of block number 13162680, this will be used as the snapshot to distribute funds to holders from the treasury. Founders including myself will not take part in this.

The future looks bright for the team that is left and I will be able to enlighten you all to our next steps soon.

DeFi Ted and the remaining team.

Note: Please withdraw any funds from both protocols asap, as we can no longer maintain the UI and redemption via etherscan is complicated.

Cover Protocol ($COVER) is one of those projects that can really have a solid impact on the future of decentralised finance (DeFi). Why? Because users want to sleep well knowing that in case of exploits, they won’t lose their money. Trusting the protocols and the team behind them is not enough anymore.

With the dawn of decentralized finance, more smart contract risks have arisen. Most contracts aren’t audited, and if they are, malicious actors are always on the lookout for a vulnerability in the code. As we have seen in 2020 nothing is really secure, whether it is a protocol built by one of the best developers in crypto space ($EMN) or the code has been audited. Anything can be exploited, and we need to remember it.

Therefore, investors are cautious of interacting with DeFi protocols for fear of losing funds.

What is Cover Protocol?

Cover Protocol is a blockchain-based peer-to-peer coverage market for decentralized finance. The platform allows DeFi users to hedge against risks due to smart contracts’ fallacies (especially useful when farming or staking). Thanks to fungible cover tokens and letting the market itself set coverage prices, the protocol shifts from the need of relying on a bonding curve to determine the cost of being insured.

Insurance guards against hacks and bug exploits that lead to loss of deposited assets. Notably, Cover doesn’t blindly allow DeFi protocols on their platform. It performs a thorough background check considering its security measures, total value locked and other features, all necessary to determine user risk levels.

Background

The project is led by a team with vast experience in blockchain programming and traditional finance. Among the team members we also find Andre Cronje as their advisor.

Cronje is the founder of Yearn Finance, one of the most successful DeFi protocols. Other notable names associated with the project are PeckShield, Hacken, Farming Lord, and The Arcadia Group, all as CVC (more on them below).

How does Cover help Defi users?

Coverage protocols are the solution. These are platforms incentivizing DeFi users and developers to provide decentralized insurance. An excellent example of such a platform is Cover Protocol.

Cover lets people buy “insurance”for products like Yearn Finance ($YFI) and other systems in the DeFi ecosystem. By ensuring systems and users, the protocol provides a critical missing link between DeFi and conventional finance.

Here we examine how Cover handles insurance in a decentralized industry. In addition, we shall take a look at who’s eligible to use the platform.

How are Fungible Cover Tokens used?

Fungible Cover tokens are minted on the platform, when users interacts with the smart contract. Cover determines the protocols to be covered, type of collateral needed, amount of collateral, and insurance length.

Once a deposit is made into the contract, two types of tokens can be created; CLAIM and NOCLAIM. For the moment, Cover only supports DAI as collateral and keeps a 1:1 ratio between collateral provided and the tokens.

The two minted tokens work in opposite ways in the system. The CLAIM token enables its holder to receive a payout once a contention is approved. On the other hand, NOCLAIM enables holders to redeem the collateral when a filed petition fails to go through or the token expires after nothing notable has happened to that particular project within the expiration date.

Each CLAIM-NOCLAIM tokens refer to only one project and provide unique info. Example of denomination (with $CURVE):

COVER_{Protocol}_{Expiration Date}_{Collateral Currency}_{Nonce}_{Direction}

Example tokens for a coverage on Curve (has no accepted claim) that expires 12/31/2020:

Symbol for CLAIM token

COVER_CURVE_2020_12_31_DAI_0_CLAIM

Symbol for NOCLAIM token

COVER_CURVE_2020_12_31_DAI_0_NOCLAIM

Usually, one DAI equals to one CLAIM + one NOCLAIM token. As such, it gives its holder exposure to both outcomes during a petition. Depending on theresult of a filed allegation, the values change. If a claim is approved, CLAIM value goes to 1 and NOCLAIM to 0. The opposite is true viceversa. Holders can deposit the two token types on the Balancer pools.

Cover Protocol creates two Balancer pools; one with 80% CLAIM coins and 20% collateral token (DAI) and the second with 98% NOCLAIM and 2% DAI. In this way, IL (Impermanent Loss) is minimized. The pools are created once a new cover is launched on the protocol.

Types of Participants in The Cover Ecosystem

To give life to the platform, Cover encourages the participation of market makers, insurance providers, and insurance seekers.

• Market makers – They provide liquidity and hold both types of minted tokens. Market makers receive rewards from fees charged in the respective liquidity pools. Fees charged usually range between 2-3%. Notably, they can liquidate either token at will.
• Coverage providers – Unlike market makers, they are insurance providers and only hold NOCLAIM coins. Note that they receive both token types like everyone else when they deposit collateral in the system. However, they can sell CLAIM tokens for a premium and retain NOCLAIM coins.

Fees charged on the NOCLAIM pool act as their incentives. Cover encourages teams seeking insurance for their platform to be insurers to boost trust and confidence in their offering. In the event of a claim payout, they would lose all their funds, since NOCLAIM tokens would become worthless.

• Insurance seekers – They hold CLAIM coins and insure their deposited funds. Apart from being covered, they’re rewarded for providing liquidity in the CLAIM pool.

How Does Cover Protocol Handle Claims?

Allegations are a normal occurrence in insurance-focused products. The network provides a petition filing window of 72 hours after an incident. Although Cover is a decentralized platform, it handles contentions in four simple steps.

First, a case is brought against an insured product after paying a fee, which Cover calls the Claim File Fee. However, to keep spam attacks and malicious actors at safe distance, the network increases the cost each time a new allegation is filed against an insured product.

The second phase involves a vote from $COVER holders (more on the token later). If the community votes unanimously in favour of the submission, it goes through to the third step.

At the third “level”, the Claim Validity Committee (CVC) or Auditors review the petition to determine whether it meets all the requirements. The CVC also deliberates on the payout percentage , which can be up to 100%.

Note that five auditors review a single contention and half of them must vote in favour of it to be accepted. The last step is for $COVER holders to redeem their payout for the accepted allegation.

Note that if a case is rejected during the community voting phase, it can be re-filed as a Forced Claim, which is much more expensive. A bulldozed submission goes through the first, third, and fourth steps.

Cover Token and Governance

The native currency on Cover Protocol is $COVER. $COVER acts as a governance token and gives access to the Balancer pools. Additionally, as we saw, it allows holders to participate in the claims management subsection.

System users can use COVER tokens to provide liquidity on SushiSwap via interacting with the ETH-COVER liquidity pool. Depositing the platform’s native currency in this pool opens the door to receiving a percentage of fees from traders plus additional $COVER through staking the LPs on Cover Protocol.

What makes Cover different from other Insurance Projects?

Cover Protocol is not the only project users can refer to when looking at ways to protect their investments. The leader in this space is probably still Nexus Mutual.

As the name implies, it acts more like a classic insurance company. A user looking for a coverage should go on their website and find the right one to buy. He can choose how much to cover and for how long. A key difference is that, to be able to complete the process, a KYC is required. Moreover, this is the only way to buy $NXM, as you can’t find them anywhere else. For general investors who believe in the project but don’t need coverage, there is a wrapped version of the token which is normally tradable, $WNXM.

CLAIM/NO CLAIM tokens, unlike $NXM, are just normal tokens and are not connected to any identity (no KYC needed). At will, they can be traded or given to anyone you want. Their utility won’t change.

DEVELOPING STORY: $COVER exploit/hack?

On 28th December 2020 an attacker exploited a bug in the protocol’s smart contracts. The exploit appears to be an abuse of the minting exploit where the attacker managed to mint 40 quintillion COVER tokens and sold around USD$5 million worth of COVER tokens. Several hours later, one of the attackers returned the stolen funds (i.e. 4,350 ETH) with the message “Next time, take care of your own shit.” and burned the remaining tokens.

The Team are still investigating the exploit and mentioned they are looking into providing a new $COVER token and how to return the stolen and returned ETH to affected LP tokens.

Most importantly, the Team are urging people not to buy $COVER tokens. Exchanges such as Binance have stopped trading on $COVER, particularly as a large trading group of 16,000 members had dumped the price to short the token.

https://twitter.com/CoverProtocol/status/1343581331448586245

In a community-driven effort to mitigate the damage, Leo Cheng of CREAM has sent out a “call to action” on behalf of COVER and available developers from the yEarn Ecosystem have come together to lend help and support to the Cover Protocol team.

https://twitter.com/CoverProtocol/status/1343592274505162752

Post-Mortem and snapshot

In the following hours, the Cover team has released a post-mortem article to explain what happened in details and confirming that the exploit affected the minting contract and the token only. The lines of code “incriminated” have been always present in the code and went unnoticed during the audit.

The team acknowledged their fault too in missing the “amplifier”, that allowed for extra rewards to be minted, and announced a snapshot to distribute a new token and the returned funds. The snapshot will will be taken at block 11541218, one block before the first major exploited mint.

Compensation Plan and new Token

Affected users of the attack can check their compensation eligibility on this page. Basically, all $COVER holders and liquidity providers of the /ETH pair could be compensated, even those who were keeping their tokens on a CEX. Unfortunately, unclaimed rewards are impossible to withdraw as as the minting rights from the Blacksmith have been removed.

The team, consequently to brainstorm with advisors including Andre Cronje, has decided to discard the idea of new shield mining. The total supply, with the launch of the new token, will be the same amount that is eligible for migration.

The Cover v2 Core contracts are undergoing an internal review at the moment and the exploit hasn’t affected the core contracts, so the project will continue with its development.

On January the 5th the new $COVER token was made available for claim. All the details can be found on the medium page of Cover Protocol.

Cover Protocol Review Conclusion

With DeFi smart contracts repeatedly experiencing hacks and exploits from malicious actors, Cover Protocol provides a critical service by allowing DeFi users to insure their deposits and not be worried anymore. Furthermore, encouraging a product team to provide coverage offers insights into whether it believes in its own protocol security. Consequently, it boosts DeFi adoption.

Incentivized liquidity provision allows coverage providers, seekers, and market makers to receive trading fees charged on respective pools and rewards while helping other users at the same time.

More educational guides for DeFi & Staking