@ensuro/core
v2.8.3
Published
Ensuro - Decentralized insurance protocol
Downloads
212
Readme
Ensuro - Decentralized capital for insurance
Ensuro is a decentralized protocol that manages the capital to support insurance products.
It allows liquidity providers (LPs) to deposit capital (using stable coins) that will fulfill solvency capital requirements of underwritten policies. This capital will be deposited in different pools (eTokens) that are linked to different risks. The capital will be locked for the duration of policies and will report profits to the LPs in the form of continous interest.
On the policy side, the policies are injected into the protocol by Risk Modules. Each risk module represent an Ensuro partner and a specific insurance product and is implemented with a smart contract (inherited from RiskModule
). Each risk module has two responsabilities: pricing and policy resolution. Also, the RiskModule smart contract stores several parameters of the risk module such as Ensuro and Risk Module fees, capital allocation limits, etc.
Each policy sold and active it's a risk or potential loss, a random variable that goes from 0 (no losses) to the maximum payout defined in the policy. The solvency capital to cover these risks comes from two sources:
- pure premiums: the part of the premium that's equal to the estimated mean of the risk random variable (expected losses), paid by the policy holder.
- scr: the rest of the solvency capital (unexpected losses), required to be able to cover the risks with a given confidence level, is locked from the eTokens.
Contracts
Governance
The protocol uses three levels of access control, plus a guardian role. These roles can be assigned at protocol level or specifically for a component. The roles are managed by the AccessManager smart contract.
More info about governance in our docs
Upgradability
Ensuro contracts are upgradeable, meaning the code can be changed after deployment. We implement this following the UUPS pattern (https://eips.ethereum.org/EIPS/eip-1822) where the contract used is a proxy that can be redirected to a different implementation.
The main reason to do this is to be able to fix errors and to do minor changes in the protocol.
We will never deploy upgrades to live contracts without prior notice to the users, mainly if it implies a change in the behavior. The permission for executing upgrades will be delegated to two different roles:
- LEVEL1_ROLE: this will be delegated to a Timelock contract that will give enough time to the users to be notified of the imminent upgrade.
- GUARDIAN_ROLE: this will used only for emergency situations to prevent hacks or fix vulnerabilities. It will be delegated to multisigs where one of the signers is a trusted third party.
Have in mind the new versions of the contracts might or might not be covered by the same audit processes as the initial ones. See our audit applicability matrix to check which audit applies to the currently deployed contracts.
Development
For coding the smart contracts the approach we took was prototyping initially in Python (see folder prototype
), and later we coded in Solidity. The tests run the same test case both on the Python prototype code and the Solidity code. To adapt the Solidity code that is called using ethproto, we have some glue code implemented in tests/wrappers.py
.
Without docker
You can also run the development environment without using docker, just Python (>=3.9) and Node v20 are required as pre-requisits.
Initial setup:
# Setup a virtualenv
python3 -m venv venv
source venv/bin/activate
# Install python dependencies
pip install -r requirements.txt
pip install -r requirements-dev.txt
# Install javascript dependencies
nvm use # To change to node v20
npm install
Then, you can run the tests with:
# Start a local node
npx hardhat node
# Run python tests
pytest
# Run js tests
npx hardhat test --network localhost
Using docker
The development environment is prepared for running inside a docker container defined in the Dockerfile. Also you can launch the docker environment using invoke tasks, but before you need to run pip install inv-py-docker-k8s-tasks
to install a package with common tasks for coding inside docker. Then with inv start-dev
you should be able to launch the docker environment. Then you can run specific tasks:
inv test
: runs the test suiteinv shell
: opens a shell inside the docker container
Also the docker container is prepared to run hardhat. This will be used probably for deployment scripts and perhaps some aditional tests.
Code Audits
- Audit by Quantstamp - 2022-09-26 through 2022-10-20: AuditReport
- Audit by SlowMist - 2021-09-29: AuditReport
- Process Quality Review by DefiSafety - 2024-03-18: Process Quality Review
Contributing
Thank you for your interest in Ensuro! Head over to our Contributing Guidelines for instructions on how to sign our Contributors Agreement and get started with Ensuro!
Please note we have a Code of Conduct, please follow it in all your interactions with the project.
Authors
- Guillermo M. Narvaja
License
The repository and all contributions are licensed under APACHE 2.0. Please review our LICENSE file.