Introduction

Decentralizing the insurance market has the potential to transform the claiming process into one that is unbiased, trustless, transparent, and automated through the use of smart contracts, while also providing coverage providers with a return on capital and insurers with assurances about the safety of their assets.

This report deconstructs the existing claim assessment processes used in the DeFi Insurance space: Smart Contract-based, Advisory Board-based, Community Voting-based, Third-Party Arbitration-based.

If you missed the first two articles of this series, which provide a market overview of DeFi Insurance and an explanation of pricing and risk mechanisms, you can find them.

Traditional Claiming Processes

The claiming process in traditional insurance typically consists of several steps. Users must submit relevant documentation, such as proof of loss or damage, to initiate a claim. Following the submission of the claim, the insurance provider evaluates its validity, though this evaluation is frequently conducted without complete transparency. The insurance provider may also request additional information for further verification, which may cause the process to be delayed. Once the claim is approved, the insurance company pays the policyholder the agreed-upon compensation. It is important to note that due to the various stages and requirements involved, this process can be time-consuming and may involve delays.

Decentralised Claiming Process Types

In comparison to traditional insurance, DeFi insurance introduces several advancements in claim assessment. The key distinctions are automation and efficiency enabled by smart contracts, transparency and immutability enabled by blockchain technology, a trustless and decentralized process that eliminates the need for a centralized authority, and the introduction of programmable and parametric insurance. These advancements provide advantages such as faster claim evaluations, lower administrative overhead, increased transparency and fairness, broader access to insurance services, and the ability to trigger claims based on predefined events or data. In this section, we will look at and compare different types of decentralized claiming processes, examining their benefits, limitations, and implications for users and underwriters.

Smart Contract-Based

Smart contracts, which use predefined rules and real-time data from oracles, provide automated, seamless, and unbiased claims processes, particularly for parametric insurance. This automation has numerous advantages, including faster claims processing, increased efficiency, and a lower risk of human bias or error.

The following steps outline an ideal smart contract-based claiming process:

  1. Predefined Event Trigger: The claiming process is initiated with a predefined triggering event, such as a hack or protocol failure.
    1. In the case of UST depeg, for example, when the UST price on Chainlink fell below $0.95, the reimbursement occurred automatically in Risk Harbor, allowing holders to exchange their wrapped aUST for USDC.
  2. Submission of Claim: Users interact with the smart contract interface to submit their claim, providing the required proof and evidence.
  3. Claims Assessment: The evolution of on-chain state variables is monitored to determine the validity of a claim.
  4. Claim Payout: If the claim is determined to be valid, the smart contract initiates the payout process, transferring the agreed-upon compensation to the user's wallet address automatically.

Automating this process through smart contracts comes with several challenges. One limitation is that smart contracts can only respond to events within their own code and cannot directly observe external events. This makes it challenging for smart contracts to independently initiate claim processes based on external conditions or events, such as Oracle data tracking. To overcome this limitation, an off-chain event listener can be implemented that continuously checks for real-time information and, upon detecting the event trigger, sends a transaction to the claim assessment smart contract, that automates the payment distribution process to affected users if the claim is valid.

Another challenge lies in relying on oracles to retrieve market prices (e.g. pegged assets) for evaluating claims. In this case, the accuracy and reliability of the oracle become crucial, and any vulnerabilities or manipulations in the oracle's data feed can result in incorrect claim assessments or exploitation of the system. Additionally, the subjective nature of incidents and the criteria used for assessment pose difficulties in interpreting and validating claims. For instance, consider a scenario where a hacker steals tokens from a protocol but returns them after negotiating a bounty fee. In an automated claim process, the initial theft would prompt the payout, but retrieving the payments once the hacker returns the funds would be challenging.

Risk Harbor & Cozy Finance

The claiming processes at Cozy Finance and Risk Harbor combine automated and human actions.

Both Cozy Finance and Risk Harbor require users to initiate the claim process, which is then automated through the use of smart contracts. Both protocols, however, include delay periods to reduce the risk of flashloan attacks.

In the case of Risk Harbor, the assessment process entails waiting at least one block before verifying the validity of a claim. Cozy Finance, on the other hand, introduces the concept of a "protection activation delay," which means that a certain amount of time must pass before the newly purchased protection becomes "active" and begins providing coverage.

When compared to other decentralized-based processes, these automated processes provide several advantages, including impartiality, scalability, and speed. They enable faster and more efficient claim evaluations, reducing the need for extensive human intervention. However, it is important to note that automated claims assessment is currently only feasible for specific parametric use cases where the claim assessment criteria can be easily predefined and automated.

Community Voting-Based

Community-based claim assessment is based on a decentralized decision-making process that leverages the collective knowledge and expertise of ecosystem participants. This inclusive approach encourages democratic claim evaluation, promoting transparency and accountability.

The participation of a diverse group of people creates a consensus-driven mechanism for determining claim outcomes. This collaborative and open decision-making process greatly reduces the possibility of biased or unfair outcomes. However, active community participation is critical for the success of this approach, even if it may result in longer processing times. An effective incentivization mechanism must be in place to encourage individuals to contribute their time and expertise to the assessment process.

While community voting is based on user research and evidence for the loss, it can be difficult for regular users to make informed voting decisions in complex DeFi incidents that necessitate specialized knowledge and on-chain data analysis, which could lead to inaccurate assessments and unjust outcomes.

Furthermore, when using a DAO-based claim assessment model, a critical challenge arises in balancing the DAO's obligation to preserve the capital of its mutuals with its conflicting duty to allocate funds to pay valid claim requests. However, it is in the DAO's best interests to pay out valid claims; otherwise, users will not purchase additional coverage from the protocol in the future. To ensure fair and just outcomes for all parties involved, this delicate balance must be navigated.

Nexus Mutual, Neptune Mutual, NSure, Ease & Bridge Mutual

Nexus Mutual claim assessment process includes a three-day voting period and a 24-hour silent period to prevent rushed attacks. To participate as claim assessors in the protocol, members are required to stake NXM tokens for a period of fourteen days before voting on any claim. This stake serves as a mechanism to encourage a fair voting procedure in the assessment of claims, and by imposing this time restriction, members cannot vote on their own claims immediately after submitting them, thereby reducing potential biases.

If a claim is approved with more than 50% of the votes, cover providers’ stakes are reduced proportionally, and successful claimants can redeem their payout. However, it is important to note that the Advisory Board monitors fraudulent voting and imposes penalties, which introduces a level of centralization that contradicts the decentralized nature that many DeFi platforms strive for.

Nsure introduced the idea of randomly selecting five assessors from a pool of token holders who had staked a sufficient number of tokens to prevent abuse and manipulation. To avoid conflicts of interest, the policy premium remains undisclosed during the entire assessment process. The tokens staked by assessors are locked during the claim evaluation process, and if an assessor disagrees with the majority decision on the claim, their staked tokens are destroyed. This creates a financial risk for assessors who hold opposing viewpoints, potentially discouraging participation and diverse perspectives.

Bridge Mutual uses community voting for non-stablecoin claims, which requires at least 10% participation to be valid, which can result in delays or difficulty reaching a valid decision if the threshold is not met. Claims require a high approval threshold of at least 66%, which may result in more claims being rejected, potentially leaving some valid claims unresolved. Failure to confirm votes results in a penalty of 100% on staked positions. If users are unable to confirm their votes due to technical issues or other factors beyond their control, this penalty may discourage participation or have unintended consequences.

The Reputation Score of each user starts at 1.0 and can range from 0.1 to 3.0. Underwriters who vote with the majority are rewarded, while those who vote against the majority suffer damage. Furthermore, those who vote with an extreme majority face a 10% penalty, which may result in a skewed assessment outcome because individuals may prioritize avoiding penalties over making independent, objective decisions.

Neptune Mutual allows users to report potential hacks or exploits in covered projects by staking NPM tokens and the incident's validity is determined by voting. The mechanism implemented shares similarities with liquidation mechanisms observed in other DeFi protocols. In this case, the first individual to report an incident receives a reward of 5% of the stablecoin fees from the cover pool protocol.By offering incentives for timely reporting and incident confirmation, the protocol aims to foster a proactive stance towards maintaining protocol security. However, it is important to consider the potential trade-offs associated with this approach. While it encourages prompt action, there is a possibility that users may prioritize speed over thorough investigation and verification. This could potentially result in the misallocation of resources and unnecessary investigations.

Finally, the Neptune Mutual Association monitors the process for accuracy and responds to attacks or exploits. This centralized authority and control may conflict with the desired values of transparency and autonomy.

The claim assessment process in Ease begins within 48 hours of an event. The protocol suspends their multisig and waits one week to see if the funds are returned. Following the waiting period, a community voting process is used to determine whether the event had an effect on the protocol. An intriguing aspect is that the protocol eliminates the need for individual loss and compensation evaluations because the system automatically reflects the loss in the vault's balance. When a vault suffers losses, it affects all users proportionally based on their holdings of ezTokens, which represent their share of the vault's underlying assets. This ensures that each user receives adequate compensation, even if it is not a complete reimbursement.

Advisory Board-Based

In some cases, DeFi insurance protocols include an Advisory Board to ensure an accurate and reliable evaluation of claims. This board is comprised of industry experts, professionals, or trusted individuals who have an in-depth understanding of DeFi protocols, risk assessment, and insurance principles and can provide an additional layer of review and analysis for complex or disputed claims. Rather than relying solely on automated processes or community voting, the board evaluates and validates claims based on its expertise and predefined assessment criteria.

The use of an advisory board has several benefits, including lowering the risk of false claims or fraudulent activities by relying on industry professionals' expertise, as well as increasing user trust and confidence in knowing their claims are being evaluated by a qualified and impartial panel. However, there are some challenges and limitations as well, such as delays caused by human decision-making, and the concentration of power within a small number of individuals, which may lead to centralization and potential manipulation. To avoid conflicts of interest or biases, it is critical to carefully establish the advisory board's composition and independence.

Sherlock, Tidal Finance & InsurAce

While the advisory board is involved in many of these protocols, it is frequently only one step in the overall claim evaluation process.

Tidal Finance, for example, relies on an Advisory Board in its early stages, but their long-term goal is to transition to a community voting system.

In Sherlock, when a protocol covered by Sherlock believes it has been exploited, they submit proof information, such as the block range of the exploit and the amount to be reimbursed, and the claim assessment process begins. It makes use of committee votes and the UMA Data Verification Mechanism (DVM) to ensure fairness and allow the protocol to challenge the committee's decision.

Finally, InsurAce follows a similar strategy, with an Advisory Board launching an investigation based on proof of loss and publicly available information. They then distribute a Claim Report to the community, and a community voting process takes place, which requires more than 75% of claim assessors to be valid. The advisory board reviews rejected claims and has the final say in making a decision. Users can also appeal denied claims, but the Board is in charge of that process.

Third-Party Arbitration-Based

Third-party arbitration-based claim assessment is an alternative approach that involves external arbitrators who impartially evaluate and decide on the validity of claims rather than relying solely on internal mechanisms or community voting.

When a claim is submitted, it is usually subjected to an initial review by claims assessors. If there is a disagreement or the claimant disagrees with the decision, the case can be escalated to an independent arbitration process. The arbitrators carefully consider the evidence and arguments presented by both parties before reaching a decision that is binding.

Third-party arbitration adds an extra layer of independence and impartiality because the arbitrators are not directly associated with the protocol or the claimant, reducing potential conflicts of interest and fostering trust, fairness, and transparency. Furthermore, it provides a strong dispute resolution mechanism, ensuring that claimants have recourse in the event of disagreements or contentious situations.

Unslashed & Sherlock

Unslashed was one of the first decentralized insurance protocols to recognize the conflicting issue of a community-based approach and use Kleros to arbitrate claims in a fair, transparent, and efficient manner. In the event of a claimable incident, a user may file a claim for reimbursement under the policy's terms, which is followed by a two-step claiming process:

  • Following the claim request, there is a period of time during which any user may contest the claim if they believe it violates the claim policy, similar to optimistic rollups that rely on fraud proofs. If no one objects to the claim, it is approved and paid.
  • If there is a dispute, a decentralized court case is launched in Klerosand independent jurors determine whether the claim is valid or not.

Sherlock employs a two-step method based on Committee votes and UMA Data Verification Mechanism (DVM):

  • Evaluation by the Sherlock Protocol Claims Committee (SPCC): The Committee is made up of Sherlock team members and security advisors who evaluate the potential exploit's nature and map it to the coverage terms agreed upon to determine whether or not it will be approved. Because there is no economic incentive to incentivize payouts, decisions based solely on parties associated with Sherlock are prone to bias, so Sherlock added a second step to the process.
  • UMA's DVM: This step allows the protocol to challenge the SPCC's decision and refers the claim to the UMA Optimistic Oracle for an unbiased evaluation. The DVM mechanism is a game-theoretic decision-making process among UMA token holders, who will use information provided by the protocol, the claims committee, and unaffiliated security experts to determine whether or not the claim should be paid.

Humans still make the decision in these third-party solutions, but outsourcing this step to an unbiased community reduces bias.

Comparing Decentralized Claiming Process Types

The table below provides a comparison of different insurance protocols based on their claiming process.

  • Bright Union was excluded because it functions as an aggregator and is not responsible for claim assessment and payouts.

Final Thoughts

The realm of DeFi insurance is undergoing significant improvements, yet it remains an area of experimentation where further advancements and refined solutions are still needed. Many DeFi insurance protocols employ a biased claim evaluation process. Stakers vote on whether or not to pay a claim, which may result in a conflict of interest within the system.

If a significant event occurs that could result in large payouts, underwriters may be motivated to vote against policyholders. This is due to the potential financial consequences of paying out claims, which could jeopardize their own profits. Despite the fact that the protocol as a whole may have an incentive to honor valid claims in order to maintain trust and attract new policyholders, the conflict of interest situation persists. This inherent conflict raises concerns about the claim assessment process's fairness and impartiality, and Unslashed was the first protocol to decentralize its process to a third-party arbitration solution.

Many protocols also rely on an Advisory Board composed of industry experts who have an in-depth understanding of DeFi protocols, risk assessment, and insurance principles as a middle step in their claim assessment process because they can provide an additional layer of review and analysis for complex or disputed claims, but it also introduces a level of centralization that contradicts the decentralized nature that many DeFi platforms strive for.

Risk Harbor has put in place an automated claim evaluation procedure that tracks the evolution of state variables to determine whether or not a claim should be paid out. Due to smart contract limitations, consumers must still file a claim with this method, and the automation can only be used for specific parametric use cases with predefined parameters. In contrast to governance-based assessments, the process is impartial, scalable, and much faster. However, it is still difficult to manage situations in which the stolen funds have been recovered.

Ease new reciprocally-covered assets model has removed the need to manually submit claims, however the system automatically reflects the loss in the vault's balance, ensuring that each user receives adequate compensation, even if it is not a complete reimbursement.

As the DeFi market expands, the manual evaluation of individual claims may become more difficult, potentially causing scalability issues. Policyholders are concerned about the evaluation process and the likelihood of claim approval in discretionary coverage scenarios. To address these concerns and ensure efficiency, smart contracts are ideal for automating exploit detection and handling claim payouts. Furthermore, using smart contracts for claim payouts not only simplifies the process but also adds transparency and eliminates the need for subjective decision-making.


Methodology:

To conduct our analysis, we first utilised the Defillama Insurance Category List, which provided us with a comprehensive overview of insurance protocols operating on the Ethereum ecosystem. We then reviewed each protocol on the list, excluding those that did not meet our criteria for analysis. The exclusion criteria included the halting of operations, changing focus, or unavailability of publicly accessible information.

  • Cover Protocol suffered a hack in 2020 and was shut down in 2021.
  • Armor.Fi decided to introduce the RCA Coverage model and rebranded to Ease.org in May 2022.
  • iTrust Finance had no publicly available documentation.
  • The UnoRe documentation did not fit with what the protocol is currently offering.
  • The InsureDAO team is currently working on revamping the protocol, and there is no public information on the new version.
  • The Solace team is currently working on revamping the protocol, and there is no public information on claim assessment.
  • ArCx, Ante Finance, and Helmet are not insurance protocols. ArCx is an analytics platform; Ante Finance is building a trust rating; and Helmet is an options protocol that can be used to hedge exposure, but it is not an insurance protocol by design.