Yesterday, Hegic announced the v1 launch of its options protocol, allowing anyone to buy and sell American call/put options on Ethereum.

Less then 48 hours later, the team announced a major flaw in a function name which may result in users having their funds locked forever.

In this article, we’ll get you caught up on both sides. For one, we believe Hedgic and Ethereum-based options are fantastic additions to the DeFi ecosystem. However, this vulnerability goes to show that audits are as important as ever before, and they should not be rushed or taken lightly. With that, let’s start with the good news.

What is Hegic?

For those unfamiliar, options contracts give you the right to buy or sell a particular asset at a later date at an agreed-upon price (known as the strike price). In essence, options contracts are a leveraged bet on whether or not the price of an asset will go up or down within a certain period of time. For Hegic, the protocol is launching with ETH support, allowing anyone to access a leveraged bet on the price of Ether in either direction.

For users wanting to bet the price will go up, you can purchase Hegic’s call options. For users wanting to bet the price will go down, you can purchase put options. Like any trade, there’s always someone on the other side. Hegic allows anyone to sell options contracts and earn premiums in an automated fashion. With that, you can deposit ETH into Hegic’s non-custodial ETH pool to “mint” call options on Ether. On the other hand, users can deposit DAI into Hegic’s non-custodial liquidity pool to earn yields on by selling ETH put options. If the contract is not exercised and it expires, sellers (also known as liquidity providers) earn the premium for selling the contract and committing to honor the strike price if redeemed.

What’s interesting about Hegic that differentiates it from other similar options protocol (like Opyn) is the pooled risk when selling the contracts. Traditionally, when traders sell an options contract, they’re only exposed to the risk for that specific contract. However, with Hegic, that risk is diversified across all liquidity providers for a given pool. Therefore, sellers share the risk and reward for all contracts issued out of the respective pool.

Here’s how this plays out as outlined in the Hegic Whitepaper:

What Went Wrong?

Shortly after launch, it was discovered that one Hegic’s function’s optionIDs was misspelled – where it should have read optionsIDs. What this meant is that those who provided liquidity to the protocol may be unable to retrieve when the function was called – resulting in those funds being lost forever.

As a result, Hegic is urging users to stop opening new contracts in light of issuing new and improved code in the coming days. However, the larger story here is that of the audit itself. While the audit was performed by the highly reputable Trail of Bits, it recently came to light that the audit was conducted less than a week prior to launch within a 16-hour time frame – all of which included a number of issues which raise flags. An excellent thread on the implications of this particular audit, and on the implications of audits being performed in such a manner is attached below.

The TLDR version is that it was quite clear there were still a number of outstanding issues when Hegic went live. While we all know the risky nature of using new DeFi products, many have suggested that Hegic should more clearly display the alpha nature of the code, further informing users to proceed with caution.

Key Takeaways

Thankfully for Hegic users, no funds were lost. The contracts will be upgraded and we’re sure the platform will garner traction in the future. What’s important to note here is that audits are increasingly becoming more and more necessary – specifically emphasizing the fact that a number of audits should be performed, and that they are not to be taken lightly or rushed.

Ending on a more positive note, the ability for any individual to buy and hold ETH-based options contracts (and other major crypto assets) will facilitate more efficient markets for DeFi at large. Moreover, like Opyn, Hegic allows DeFi users to earn high-yielding premiums by becoming liquidity providers to the protocol and depositing ETH or DAI into its non-custodial liquidity pools. It’s important to note that if an option buyer decides to exercise the option, sellers incur a loss. However, unlike most traditional options sellers, that loss will be distributed among the entirety of the liquidity pool and not just the individual who sold the contract.

This is highly important for user experience as options contracts are already a complex asset class for many to wrap their heads around. By diversifying risk, becoming an options seller becomes increasingly more attractive for the individual.

All in all, it’s great to see more derivatives platforms in DeFi and it’s clear that the expanding opportunities for earning passive income are becoming more and more pronounced.

If you’re interested in taking a dive into how Hegic works, feel free to read up on their whitepaper or this tweet thread that gives you a concise overview.

For daily updates on this new options protocol, make sure to follow the team on Twitter.

For all things DeFi, sign up for our newsletter!

Sign up for This Week in DeFi