Proof of Insurance

The core of PoI is a verifiable credential or attestation issued by an insurer or coverage protocol. This is a signed piece of data stored on-chain (e.g., in a registry or as an NFT) that contains:

• Policyholder address
• Coverage amount and asset
• Policy expiration timestamp
• Claims conditions Smart contracts can query this attestation to verify coverage status in real-time.

PoI transforms static insurance into a dynamic, composable input for DeFi. Smart contracts can be coded to require proof before executing sensitive operations, such as:

• Collateralized Lending: Allowing higher loan-to-value ratios for insured collateral.
• Cross-Chain Bridging: Releasing funds only if the bridged assets are covered against bridge hacks.
• Oracles & Keepers: Providing slashing protection for node operators who prove they have coverage.

When a covered event (like a smart contract exploit) is objectively verified (e.g., via an oracle or governance vote), the PoI attestation enables trustless, automatic payouts. The claims process is codified, removing manual assessment delays. Payouts can be triggered directly to:

• The policyholder's wallet.
• A liquidity pool to cover bad debt.
• A protocol treasury for mutualized coverage.

PoI attestations are fungible financial primitives. They can be traded, used as collateral, or bundled to create new financial instruments, leading to:

• Secondary Markets: Trading insurance risk (e.g., selling a policy NFT).
• Reinsurance Pools: Aggregating coverage from multiple providers.
• Risk Tranches: Creating layered products with different risk/return profiles, similar to traditional collateralized debt obligations (CDOs) but for insurance risk.

All PoI data is publicly verifiable on-chain, creating an immutable audit trail. This allows anyone to audit:

• Total active coverage across a protocol.
• Historical claims and payout performance of insurers.
• Capital adequacy of coverage pools. This transparency reduces information asymmetry and builds trust, as the solvency and history of an insurance provider are fully visible.

Provides on-demand coverage against smart contract vulnerabilities and protocol exploits. Users or protocols can purchase coverage for specific contracts, with claims automatically paid out upon a verified hack. This creates a decentralized alternative to traditional security audits and bug bounties, directly aligning economic incentives for risk management.

• Example: A DeFi user deposits funds into a new lending protocol and buys a PoI policy for that specific pool.
• Mechanism: Claims are adjudicated via decentralized dispute resolution or oracle-based verification.

Enables the use of insured assets as collateral in lending protocols, potentially allowing for higher loan-to-value (LTV) ratios. By mitigating the risk of a collateral asset's smart contract failing, PoI reduces the systemic risk for lenders.

• Process: A user locks an NFT in a vault, attaches a verifiable PoI policy, and can then borrow against a higher valuation.
• Impact: Increases capital efficiency and unlocks liquidity for otherwise risky or novel asset classes.

Offers a transparent, auditable record of insurance coverage to meet know-your-customer (KYC) and risk management requirements for institutional participants. An immutable, on-chain proof can be presented to regulators or counterparties to demonstrate that assets are protected against specific operational risks.

• Use Case: A crypto custodian provides PoI attestations to its clients proving assets are insured against theft or loss.
• Standardization: Emerging standards like ERC-7215 aim to create a common interface for on-chain insurance policies.

Creates a decentralized marketplace for risk capital, where individuals or DAOs can act as underwriters (liquidity providers) to back insurance policies in exchange for premiums. This forms a peer-to-peer insurance model where risk is priced and traded transparently on-chain.

• Mechanism: Underwriters deposit funds into a shared pool. Premiums are distributed to the pool, and claims are paid out from it.
• Dynamic Pricing: Premiums are often adjusted algorithmically based on total value locked (TVL), historical exploit data, and market demand.

Facilitates the on-chain representation of insured physical assets, such as real estate or commodities. The PoI attestation is minted as a verifiable credential alongside the asset token, providing buyers with immediate proof of coverage and transferring with the token upon sale.

• Example: A tokenized warehouse receipt for gold includes an embedded PoI NFT against theft or damage.
• Benefit: Reduces due diligence overhead and builds trust in the RWA's underlying collateral value.

Provides coverage for Proof-of-Stake (PoS) network validators against the risk of slashing penalties due to downtime or malicious behavior. Validators or their delegators can purchase policies to hedge against the loss of their staked assets.

• Risk Mitigation: Makes staking more accessible and less risky for large stakeholders.
• Protocol Security: Can improve network security by reducing the catastrophic financial impact of honest mistakes, encouraging broader participation.

The security of a PoI system is fundamentally dependent on the oracle that attests to the off-chain policy's existence. Key risks include:

• Data Manipulation: A compromised oracle could attest to fraudulent or expired policies.
• Centralization Risk: A single oracle creates a single point of failure. Decentralized oracle networks (DONs) are preferred.
• Source Authenticity: The oracle must cryptographically verify data directly from the insurer's systems, not a public-facing website.

A valid on-chain proof must reflect the real-time status of the off-chain policy. Critical checks include:

• Revocation Synchronization: The system must detect if an insurer cancels a policy off-chain and immediately invalidate the on-chain proof.
• Liveness Monitoring: Continuous oracle updates are required to ensure the proof doesn't become stale. A heartbeat or expiry timestamp is often used.
• Grace Periods: Protocols must define clear rules for handling policies that expire mid-claim process.

Proving a policy exists is separate from proving a claim is valid. Security considerations involve:

• Claims Adjudication On-Chain: The logic for determining payout eligibility must be unambiguous and resistant to manipulation.
• Dispute Periods: Time-bound windows must be established for insurers to contest claims, preventing fraudulent payouts.
• Multi-Sig or DAO Governance: For decentralized insurance protocols, claim approval may require a vote or multi-signature from claims assessors, introducing governance attack vectors.

The underlying smart contracts holding funds and managing proofs are primary attack surfaces.

• Code Vulnerabilities: Bugs in the proof verification or payout logic can lead to fund loss. Rigorous audits are essential.
• Economic Design: The protocol must be over-collateralized or have sufficient reserves (like a capital pool) to pay out all simultaneous valid claims (correlated risk).
• Upgradability: If contracts are upgradeable, control of the upgrade mechanism is a critical centralization risk.

On-chain proofs can leak sensitive information. Mitigation strategies include:

• Zero-Knowledge Proofs (ZKPs): Using a ZKP (e.g., zk-SNARK) to prove policy validity without revealing its details (insurer, policy number, coverage amount).
• Minimal On-Chain Footprint: Storing only a cryptographic commitment (hash) on-chain, with the full policy data held off-chain.
• Policyholder Anonymity: Designing systems so that a user's on-chain activity cannot be trivially linked to their real-world identity via their insurance proof.

The interaction between on-chain proofs and off-chain legal frameworks creates unique risks.

• Jurisdictional Mismatch: An on-chain proof may not be legally recognized in all jurisdictions where a claim occurs.
• Insurer Solvency: The proof verifies a policy, not the insurer's ability to pay. Protocols may need to assess and monitor insurer credit risk.
• Terms of Service Alignment: The on-chain proof's parameters must perfectly mirror the legal off-chain policy wording to avoid coverage gaps or disputes.

A type of insurance where payouts are triggered automatically by objective, verifiable data oracles when predefined conditions are met, rather than requiring manual claims assessment. This is the dominant model for on-chain PoI because it is trust-minimized and composable.

• Example: A yield farming protocol buys coverage that pays out if the price of ETH drops 20% in 24 hours. An oracle reports the price drop, and the smart contract executes the payout.

The entity (often a decentralized protocol or DAO) that assumes risk and provides capital backing for insurance policies. In PoI systems, these are typically liquidity pools where stakers deposit assets to earn premiums in exchange for bearing potential claim losses.

• Key Role: They are the counterparty to the policyholder, and their solvency is critical for the policy's validity.

A non-fungible token (NFT) that represents ownership of an active insurance policy on-chain. This is the core artifact of Proof of Insurance, serving as a verifiable, transferable, and composable proof of coverage.

• Contains: Policy details (coverage amount, expiration, premium).
• Use Case: Can be used as collateral in lending protocols or shown to auditors to prove risk mitigation.

A service that provides external, real-world data to a blockchain. For PoI, oracles are essential for parametric triggers and proof-of-loss verification.

• Function: They feed data (e.g., exchange rates, hack confirmations, weather data) into smart contracts to determine if a claimable event has occurred.
• Critical for Trust: The security and reliability of the oracle is paramount, as a compromised oracle can trigger false payouts.

A cryptographic method for an entity (like an exchange or coverage provider) to prove they hold sufficient assets to back their liabilities. It's a complementary concept to PoI, focusing on the solvency of the insurer rather than the existence of the policy.

• Mechanism: Uses Merkle proofs or similar techniques to allow users to verify their funds are included in a total attested balance.

A decentralized capital pool where users lock assets (e.g., stablecoins) to act as underwriters for insurance policies. Stakers earn premiums from policy purchases but risk losing a portion of their stake if claims are paid out.

• Purpose: This mechanism decentralizes risk and provides the liquidity necessary for the PoI market to function.