Detailed Instructions

Begin by mapping your protocol's attack surface. Smart contract risk is the primary vector, but also consider oracle failure, governance attacks, and economic design flaws. For a lending protocol, calculate the total value locked (TVL) in borrowable assets. For a DEX, sum the liquidity in all pools. Use on-chain data from Dune Analytics or DeFi Llama to get accurate, real-time figures. For example, a protocol with $500M TVL has a fundamentally different risk profile than one with $5M.

• Sub-step 1: Audit your codebase and list all external dependencies and privileged functions.
• Sub-step 2: Use a risk framework (e.g., classify risks as Critical, High, Medium) based on likelihood and potential financial impact.
• Sub-step 3: Assign a monetary value to each risk category. A critical smart contract bug could put 100% of TVL at risk, while an oracle malfunction might only affect 20%.

Tip: Historical data from Rekt.news or Immunefi can provide benchmarks for loss magnitudes in similar protocols.

Detailed Instructions

Examine the claims history of potential coverage providers like Nexus Mutual, Unslashed, or Sherlock. Focus on their payout ratio (claims paid vs. claims filed) and the average time to settlement. A provider with a 95% payout ratio is more reliable than one with 70%. Check their public claims board or reports for details on denied claims; understanding the exclusions is crucial. For Protocol-Owned Coverage (POC), analyze the capital pool's size and growth rate. A pool that shrinks during bear markets may indicate insufficient staking rewards or high attrition.

• Sub-step 1: Visit the provider's documentation or DAO forums to find claims reports.
• Sub-step 2: Note the size and cause of the largest paid claim (e.g., "$40M paid for an oracle manipulation").
• Sub-step 3: Compare the provider's capital efficiency—how much coverage can be purchased per dollar of capital in the pool.

javascriptCopy
// Example query to check Nexus Mutual capital pool (conceptual)
const totalCapital = await nexusContract.getPooledEth();
const activeCover = await nexusContract.getActiveCoverAmount();
const capitalEfficiency = activeCover / totalCapital;

Tip: Look for providers that have successfully paid claims for the specific risk types your protocol is most exposed to.

Detailed Instructions

Build a simple financial model. For User-Purchased Insurance, the cost is borne by your users as a premium, typically 2-5% APY on covered value. This can affect UX and competitiveness. For Protocol-Owned Coverage, the cost is a capital allocation from the treasury or a continuous stream of protocol fees directed to a cover pool. Model a 3-year scenario. Assume a POC requires a $10M upfront capital lock-up earning staking rewards of 5% APY, while the alternative cost is users paying 3% APY on a $300M TVL ($9M annually).

• Sub-step 1: Define your protocol's projected TVL growth and fee revenue.
• Sub-step 2: Calculate the Net Present Value (NPV) of POC's upfront capital + opportunity cost vs. the ongoing expense of subsidizing user premiums.
• Sub-step 3: Factor in the moral hazard reduction of POC, which aligns protocol incentives directly with risk management.

Tip: A POC model becomes more attractive for protocols with strong, predictable fee revenue that can sustainably fund the pool.

Detailed Instructions

Capital efficiency determines how much protection each dollar of staked capital can underwrite. In some systems, $1 staked can back $10 in coverage (10x leverage). Check the provider's collateralization ratios and staking parameters. For POC, verify the liquidity of the staked assets—are they in a liquid token or locked vesting tokens? Use on-chain calls to query the cover pool's capacity. For example, a pool with 100,000 staked ETH might only have 50,000 ETH worth of underwriting capacity available at any time due to existing commitments.

• Sub-step 1: Query the provider's smart contract for availableCapacity() or maxCoverAmount().
• Sub-step 2: Determine the withdrawal period for staked capital; a 90-day lock-up adds illiquidity risk.
• Sub-step 3: Stress-test the model: if TVL doubles suddenly, will coverage capacity scale accordingly, or will premiums spike?

solidityCopy
// Example: Checking capacity on a generic cover contract
interface ICoverPool {
    function getAvailableCover() external view returns (uint256);
    function getCollateralizationRatio() external view returns (uint256);
}
// Available coverage = stakedCapital * (1 / collateralizationRatio)
uint256 available = coverPool.getAvailableCover();

Tip: Prioritize providers with dynamic pricing models that incentivize more capital to enter the pool when demand is high.

Detailed Instructions

The payout trigger is the most critical operational detail. For smart contract hacks, many providers rely on a claims assessment by token holders or a dedicated council, which introduces delay and subjectivity. Some newer models use parametric triggers based on oracle-reported TVL drops or multisig confirmations from white-hat groups. For POC, the governance of the pool is paramount. If the protocol's DAO controls the pool, ensure there is a clear, time-bound process separate from general governance to avoid political delays during a crisis.

• Sub-step 1: Document the exact data sources and thresholds that constitute a valid claim (e.g., "a 30% drop in protocol TVL as reported by Chainlink oracles").
• Sub-step 2: Map the claims process step-by-step, including challenge periods and appeal mechanisms.
• Sub-step 3: For POC, draft and ratify a standalone emergency response charter that delegates authority to a technical committee.

Tip: The more automated and objective the trigger, the faster the payout, but ensure it's resistant to manipulation.