Tidal Finance: Crypto-Native Insurance For A Crypto-Native Economy
“Utilizing smart contracts to automate the underwriting process between insurer and insuree greatly increases efficiency for underwriters and insurers.” — Chad Liu, Tidal Finance CEO
Tidal Finance is a decentralized insurance marketplace offering risk protection for the decentralized finance (DeFi) ecosystem. The decentralized insurance industry is currently valued at $1.4 billion and is expected to reach a valuation of $135.6 billion by 2032. But even with giant strides made by existing on-chain insurance companies, various issues hinder the scalability of on-chain insurance products—and Tidal Finance is working to solve those problems.
Tidal currently serves crypto-native institutions, such as DeFi projects hedging against different forms of risk specific to the crypto economy. Examples include protocol insolvency caused by smart contract exploits and asset de-pegs triggered by market volatility. End-users can also benefit from Tidal’s on-chain insurance protection; for instance, insurance underwriters can create insurance policies to protect validators participating in Proof of Stake (PoS) consensus in the event of slashing.
DeFi users and projects aren’t the only ones to benefit from Tidal’s innovative on-chain insurance protection, however. The experience of using traditional insurance products—parametric insurance is a great example—can in fact be enhanced by harnessing the benefits of blockchain technology. In this case, managing insurance claims and payouts on-chain can greatly reduce overhead and ensure buyers of insurance coverage can access financial benefits conveniently, transparently, and securely.
“The flow of money in the [on-chain insurance] system is facilitated by smart contracts. And this can be powerful, especially for global, cross-border transactions: in traditional (web2) insurance, cross-border payments are almost impossible, or require going through many steps. But here, every transaction occurs on the blockchain [which anyone in the world with an Internet connection can access.” — Chad Liu, Tidal Finance CEO
How does Tidal’s on-chain insurance protocol work?
At a high level, there are four actors in the system: underwriters (aka “pool managers”), liquidity providers, policyholders, and committees. Underwriters play the role of insurer and create insurance policies that policyholders can buy by paying premiums (just like in traditional insurance). Funds for indemnifying eligible policyholders come from insurance pools created by underwriters—with those funds contributed by liquidity providers who earn rewards for supplying collateral.
The main duty of committees is to vote on payout proposals submitted by pool managers; although, a committee can have other responsibilities, such as recommending a change in pool managers or removing/adding committee members.To learn more about Tidal’s architecture and the various actors in the system, we advise reading the project’s documentation.
A key differentiator for Tidal compared to other on-chain insurance applications is the flexibility it offers insurance underwriters. As CEO Chad Liu describes it, each underwriter can deploy a custom liquidity pool to back insurance policies created on the platform. This is in contrast with other protocols that use a single, large pool to launch different policies and limit the degree to which underwriters can customize pool parameters.
Tidal x Consensys Diligence: Security is the best insurance
Building a sustainable insurance company today is difficult, and startups must invest in proper incentive design, risk management, and financial planning to remain profitable and keep users happy. Building a decentralized insurance company—where everything happens on the blockchain—is even more difficult. For example, project teams must reason about new areas of risk, such as the possibility of malicious actors stealing collateral backing various insurance policies on the platform.
Knowing it must protect itself against risk before offering adequate risk protection, Tidal has taken a robust approach to security— partnering with Consensys Diligence to audit the v2 iteration of the protocol’s smart contracts. To put this fact in perspective, Tidal approached Diligence for an audit having already completed a security audit previously; even so, Consensys Diligence auditors found many critical bugs in the project’s codebase in subsequent code reviews.
In a blog post on the importance of a multilayered approach to DeFi security, we advised crypto projects to consider a security audit as one part of a comprehensive security stack that also includes bug bounties and blockchain security tooling (among others). This stance remains valid, but we know—better than anyone else—that a rigorous audit is arguably the most important first line of defense against exploits resulting from defects in a project’s code.
In particular, auditors with comprehensive code knowledge, positive track record, and a deep understanding of the protocol under audit can prove invaluable in assisting web3 developers in shipping more secure code. These qualities are significantly crucial to foster a fruitful relationship between Tidal’s team and Consensys Diligence throughout the audit process:
Product knowledge
“The auditors from Consensys Diligence were very efficient. We didn’t even have to explain too much about the business logic; once the auditors read through [the documentation], they pretty much understood how the smart contracts work and what they do.” — Chad Liu, Tidal CEO
A key aspect of preparing for an audit is creating quality documentation that clearly explains the protocol’s use case and core business logic for auditors’ consumption. This makes it easier for auditors to reason about edge cases that deviate from a protocol dapp’s intended usage. Still, not every developer or CTO wants to spend all of their time explaining every minor and major detail of their codebase before and during the audit.
This is why having auditors with enough experience in assessing applications catering to a wide range of use cases—which increases the likelihood that they’ll immediately grasp key details about a particular application—can be helpful. Not only does this improve efficiency during the audit process (because less time is spent on discussions), developers can ship products with fewer delays.
Tidal’s audit benefited from a deeper understanding of the protocol, with auditors finding several critical vulnerabilities that could result in financial losses for insurance buyers. This includes a bug that—before remediation upon advice from Diligence—would allow a malicious actor to freeze refunds and cause financial losses for policyholders.
Brand reputation
“Another reason we chose Consensys Diligence for a security audit is because it has a very good brand and is one of the oldest players in the security space.”— Chad Liu, Tidal Finance CEO
Web3 security has become a diverse ecosystem with many audit companies offering different skill sets, catering to projects with varying budgets, and generally working to differentiate themselves in various ways. While this is an improvement—particularly as competition increases innovation and drives optimizations —it can be difficult for blockchain projects to separate signal from noise and find auditors capable of delivering high-quality security assessments.
But as the old quote goes: quality speaks for itself. Consensys Diligence boasts a long tradition of delivering top-tier services for web3 projects and has maintained a high level of quality for years. Diligence’s reputation for delivering proved attractive to Tidal Finance, with CEO Chad Liu adducing brand reputation as a motivating factor for choosing to partner with Diligence on security.
No one does security due diligence better
To learn more about the audit performed by Consensys Diligence for Tidal Finance, here is the public audit report (also available as a PDF).
For years, Consensys Diligence has been at the forefront of efforts to create a safer crypto economy through audits, open-source and proprietary security tooling, and cutting-edge security research. We recognize the importance of prioritizing user security and have helped high-profile web3 projects like Uniswap and Aave launch with appropriate security measures in place.
Need an audit before launching on mainnet? Fill out the interest form on our website and we’ll be in touch shortly. You can also visit our website to learn more about our services, read our blog for the latest in web3 security, or follow us on X for news and updates.