owned this note
owned this note
Published
Linked with GitHub
# How to sleep blissfully (or how to protect yourself against the risk of a tBTC contract bug)
> Security of user funds is the number 1 priority. In addition to multiple rounds of audits and testing, [@keep_project](https://twitter.com/keep_project) is incentivizing smart contract coverage via [@NexusMutual](https://twitter.com/NexusMutual) to give users even higher confidence in their deposits.
-[@TBTC_project](https://twitter.com/tBTC_project/status/1308463620003565569)
tBTC has pretty much taken all the precautions it possibly can before re-launching on mainnet. Since rc.0, the team has spent 3 months testing, tweaking, and performing additional audits.
In addition to this, they've wisely opted to err on the side of caution by introducing a [supply cap schedule](https://tbtc.network/news/2020-09-22-tbtc-is-live/) for the first 9 weeks.
However, in smart contract land, audits and tests can only go so far -- the real test is having a significant amount of value locked over a long period of time. In light of this, smart contract coverage in the early stages of a project is never a bad idea.
Enter [Nexus mutual](https://nexusmutual.io/assets/docs/nmx_white_paperv2_3.pdf).
Nexus Mutual describes themselves as a people-powered alternative to insurance. In a nutshell, Nexus takes the tried-and-tested concept of an insurance mutual and uses token incentives to run the mutual in a non-custodial way. A DAO is used for coordination (which means all members are shareholders in a sense), and everyone pools their resources together in order to reduce the risk to any individual.
Why does this matter for tBTC? In order to make sure even the most paranoid tBTC holders can sleep well at night, tBTC depositors can now use the [Nexus Mutual dApp](https://app.nexusmutual.io/#/Membership) to buy cover for their deposits.
This cover provides protection against the technical risk of the [tBTC smart contracts](https://etherscan.io/address/0xe20A5C79b39bC8C363f0f49ADcFa82C2a01ab64a#code) failing. To be clear, it's an insurance policy against a bug or failure of the Solidity code. **It does not provide cover for anything else outside of the tBTC smart contracts** (for example, it does not protect tBTC holders against things like loss of private keys, or economic/incentive failures that affect the BTC-tBTC bridge).
## Become a member of Nexus Mutual
While anyone can get a quote, you do have to be a Nexus Mutual member to take out cover. So applying for membership is the first step.
> **Note:** keep in mind that the Mutual approves only one ETH address as your Nexus Mutual member address (this is, by default, the address of the wallet you use to interact with the dapp). However, **you may update your ETH address after the fact, as long as you don't have any outstanding covers in place.**
#### 1. Open the dApp
Go straight to the membership page: https://app.nexusmutual.io/#/Membership
#### 2. Connect your wallet
Click on `Connect Wallet` (you'll be prompted by your wallet to authorise the Nexus Mutual dApp).
#### 3. Read the agreement
#### 4. Pay the membership fee
If you're happy with the terms of the agreement, click `confirm` to pay the small membership fee of 0.002 ETH (you'll be prompted to sign the relevant transaction using your wallet).
Note that, as stated in the agreement, the small membership fee is essentially a legal requirement to ensure members are not personally liable for the mutual as a whole.
#### 5. Verify your identity
The final step involves verifying your identity (a KYC process that they have to carry out in order to comply with UK law).
Choose whether you'd like to register as an individual or a company, and upload a copy of your ID (a valid driving license or passport will do).
#### 6. Wait for your identity to be verified
Verification usually takes a few minutes to complete but can take up to 24 hours if the team needs to manually review your case.
You can keep track of your membership status on the membership page.
## Purchase cover
Once your identity has been verified you're ready to purchase cover. To start the process, select `Cover` from the left-hand menu.
#### 1. Buy Cover
Then click on the big green `Buy Cover` button.
#### 2. Find the contract
The next step is to find the contract you'd like to take out cover on. In our case that's `tbtc`, so let's type `tbtc` into the `Find Contract` search bar.
#### 3. Select the contract
You should see the `tBTC contracts` option appear below. At time of writing, we can see that the cost of insuring tBTC is 5.2% a year. And the total maximum that can be insured is 28,574 ETH or ≈ 10M DAI.
If you're happy with those numbers, click on `Select` to proceed.
#### 4. Get a quote
Before you receive a quote, you need to select which currency to purchase your cover in -- you can choose between ETH and DAI -- as well as the length of time you'd like to be covered for.
For example, if you hold 1 tBTC, then you'd want to purchase either ≈10,500 DAI or ≈30 ETH in order to be completely covered. Say you chose to go with 30 ETH, if something were to go wrong with the tBTC contracts, then your claim would be paid out in ETH.
Enter the number of days you want to be covered for.
Choose the amount you want to be covered for. Toggle between ETH and DAI. In the image below, we've gone with 20 ETH.
When you're happy with the amount and period, click on `Get quote`.
#### 5. Confirm
Your quote doesn't require a transaction at this stage, and will be valid for 60 minutes.
Tick the `I agree` checkbox, and click either of the boxes to the left of `NXM` in order to approve NXM token transfers (you'll be asked to confirm this with your wallet).
Finally, click on `Buy Cover` and use your wallet to sign the transaction.
.
.
Congratulations! You've successfully taken out cover on your tBTC. Time to sleep blissfully :)
## Final thoughts
It's important to be aware of the fact that Nexus Mutual covers are not legally-binding, but discretionary in nature. This means that, when a claim is made, a subset of the Mutual’s members (known as claims assessors) have the final say on whether or not it is valid.
Any member can [become a claims assessor](https://app.nexusmutual.io/#/ClaimAssessment) by staking NXM. Having NXM at stake means the Mutual has a strong incentive to pay out valid claims -- if they don’t, people will stop buying covers, and the value of NXM will collapse (the end result being that claims assessors essentially lose their stake if they engage in dishonest behaviour). In addition to this strong disincentive, there also exists an [advisory board](https://nexusmutual.gitbook.io/docs/use-cases#advisory-board) that has the power to burn a member's stake if they suspect he or she is engaging in dishonest behaviour.
> **Note:** Technically, claims assessors have up to 72 hours to vote on whether to accept or reject a claim. If enough voting power (represented by staked NXM) and a sufficiently large quorum (number of voters) is reached, the outcome stands. Otherwise it is escalated to a full member vote. [See here](https://nexusmutual.gitbook.io/docs/use-cases#making-a-claim) for all the gory details.
It's worth nothing that, at time of writing, Nexus has [$240m](https://nexustracker.io/) in smart contract cover, and has paid out over [$2M](https://nexustracker.io/) in claims.
