📖Payout Guideline for Smart Contract Pool Insurance

This document illustrates which events are covered and not covered by InsureDAO. It should also be used as a reference document by InsureDAO Reporting Members when considering any claim.

The document is deliberately maintained at a high level in order to allow for a pragmatic consideration of each individual incident by the InsureDAO Reporting Member.

These terms and conditions are not hard-coded into the InsureDAO Smart Contract(s). They are held off-chain and interpreted by humans (InsureDAO Reporting Members) to decide whether to payout and how much to payout for each individual incident.

Reporting Process

There is a reporting process by InsureDAO Reporting Member for each incident up to 14 days, consisting of Reporting request & Accept, Investigation, Snapshot, and Aragon execution.

1. Turn in Reporting Request (RR) on the Forum - Within 2days of incident (48hours)

2. Accept the RR - Within 3days of RR

3. Investigate and Report - Within 4days of approval - Acceptor investigate and turn in a report - Other members react on the report. Turn in against report if necessary. - make decision of payout - query all effected addresses and amounts - publish list of addresses and amounts

4. Snapshot (off-chain vote) - Within 3days of publish the payout list

5. Aragon Govern (on-chain exec) - Within 2days - Collateral = 1000$ from InsureDAO gnosis for a while

Coverage

For each insurance, coverage is applied only to the contracts that the Reporting member is able to investigate. “Being able to investigate” means codes are open-sourced or provided to Reporting members and written in Solidity or Vyper for an EVM-compatible chain.

• InsureDAO may pay a claim under insurance if there is a material loss of funds from the smart contract, or smart contract system, due to;

• Unexpected usages of contracts (bugs, hackings), Unexpected behavior of contracts due to oracle failures

• Unexpected behavior of contracts due to governance attack

An incident must happen with funds moved to another address that the original owner or owners do not control.

Cover Amount

If InsureDAO makes a payment, it will be based on the actual amount of loss. All insurances are provided on a discretionary basis, with the InsureDAO Reporting Member detecting victim's address and each actual amount of loss, and having the final say on which claims are valid and how much to payout. The amount payable shall be the lesser of the covered amount and the actual loss as a result of the incident.

If the actual amount of loss for an individual claimer is undetectable, the partial payout would be applied. For example: If Protocol A gets exploited for $1 million while the total value locked is $5 million, a payout percentage of 20% would be reasonable. In that case, only 20% of the covered amount can be claimed.

For the evaluation of the amount of loss, the amount of tokens lost from the protocol is calculated at the lowest USD price for the three days before and after the incident.

In case an incident occurred in a lending protocol, the amount of loss should be the amount of funds that are stored in and lost from the protocol. For example, if one lent and lost $2 million worth of tokens while borrowing $1 million worth of tokens, one could get compensation of $1 million.

Exclusions

InsureDAO will not pay a claim for:

• Loss of funds due to phishing, private key security breaches, malware, exchange hacks, or negligence on behalf of the user.

• Loss of funds due to frontend hackings, or bugs. Insurance if the smart contract or smart contract system was deployed primarily for the purpose of claiming on this insurance and not for real usage.

• Loss of rewards or incentives yet to be distributed to a user(s) wallet address.

• Hackings, or bugs that have no direct effect on funds from the smart contract, or smart contract system.

• Loss of funds due to hackings or bugs outside EVM-compatible chain.

• Insurance if purchaser address and victim address are different (e.g. User deposited funds into Compound via Instadapp's contract address, and purchased insurance for Compound with other EOA).

• Loss of funds due to “expected” usage of contracts.

• Compensation liability is beyond the underlying liquidity of the pool.

• Loss or unexpected behaviors caused by the underlying blockchain’s failure.

Insurance Termination

Insurance ends when:

• there has been a successful claim on the cover; or

• the cover period specified at purchase has ended.

Amendments & Additions

This document takes effect from 22th February, 2022. ​​This payout guideline may be updated by a governance vote, and the most recent guideline will be in effect after the vote is passed. Please always check the updated guideline.

Definitions

Cover amount means the amount of Cover specified by the Covered Member at purchase of Smart Contract Cover.

Cover period means the period of time, in days, that a Covered Member is protected under this Cover, chosen by the Covered Member when purchasing Cover and stated in the Member Smart Contract Data.

Insurance is a contract between insurers and insureds, which determines the claim that insurers need to pay when an applicable incident occurs.

Loss of funds means the total funds lost caused by the hack not the loss of the individual Covered Member.

Material means that the amount lost is meaningful relative to the amount of funds deposited in the protocol. Loss amount vs total deposited. Handle on a case by case basis.

Smart Contract System means a single smart contract or group of directly related smart contracts running on the public Ethereum network excluding any outside inputs to that system such as oracles, miners, the underlying Ethereum network and individuals or groups of individuals interacting with the system.

DISCLAIMERS

INSURURE Tokens (the “Tokens”) are cryptographic utility tokens for use to access the functionalities of the InsureDAO decentralized insurance protocol (the “InsureDAO Platform”) and related use cases which include voting on proposal and community governance such as claim assessment and as mode of payment of incentives for capital provision to the insurance pool and participation in other community activities.

Before deciding to use the InsureDAO Platform, you should seek independent expert advice. You are responsible for evaluations and decision-making made during the InsureDAO Platform using process.

To the maximum extent permitted by all applicable laws, regulations, and rules, we expressly disclaim its liability and shall in no case be liable to you or any person for: a) the use of Tokens for any purpose in connection with money laundering, terrorism financing or any other acts in breach or contravention of any applicable law, regulation or rule; b) failure, malfunction, or breakdown of, or disruption to, the operation of the Company, the Tokens, or any technology on which we, the InsureDAO Platform, the Tokens, the Website, the InsureDAO-compatible Wallet due to occurrences of hacks, mining attacks (including but not limited to double-spend attacks, majority mining power attacks and “selfish-mining” attacks), cyber-attacks, distributed denials of service, errors, vulnerabilities, defects, flaws in programming or source code or otherwise, regardless of when such failure, malfunction, breakdown, or disruption occurs; c) any virus, error, bug, flaw, defect, or other issue adversely affecting the operation, functionality, usage, storage, transmission mechanisms, transferability, or tradeability (after Tokens have been made available for trading on a cryptocurrency or other form of exchange (if applicable)) of any material characteristics of Tokens; d) loss of possession of the credentials for accessing, loss, or destruction of the private keys of any wallet in any manner and to any extent; e) any prohibition, restriction, or regulation by any government or regulatory authority in any jurisdiction that restricts the operation, functionality, usage, storage, transmission mechanisms, transferability, or tradeability or other material characteristics of the Tokens or InsureDAO Platform;

InsureDAO Tokens and InsureDAO Platform are not intended for sale, distribution and/or use by Excluded Persons. Accordingly, Excluded Persons should not purchase, acquire and/or use InsureDAO Tokens and InsureDAO Platform. “Excluded Persons” refers to the following person(s): a) a person who is a citizen, domiciled in, resident of, or physically present / located in an Excluded Jurisdiction; b) a body corporate: (i) which is incorporated in, or operates out of, an Excluded Jurisdiction, or (ii) which is under the control of one or more individuals who is/are citizen(s) of, domiciled in, residents of, or physically present / located in, an Excluded Jurisdiction; c) an individual or body corporate included in United Nations Consolidated List (accessible at https://www.un.org/securitycouncil/content/un-sc-consolidated-list); and/or d) an individual or body corporate which is otherwise prohibited or ineligible in any way, whether in full or in part, under any laws applicable to such individual or body corporate from purchasing, acquiring and/or using IusureDAO Tokens and/or the InsureDAO Platform. “Excluded Jurisdiction” means any of the following jurisdictions : (i) the People’s Republic of China; (ii) the United States of America; (iii) Canada, (iv) Democratic People’s Republic of Korea, (v) Cuba, (vi) Syria, (vii) Iran, (viii) Sudan, (ix) Republic of Crimea, (x) a jurisdiction identified by the Financial Action Task Force (FATF) for strategic AML/CFT deficiencies and included in FATF’s listing of “Highrisk and Other Monitored Jurisdictions” accessible at http://www.fatfgafi.org/publications/high-risk-and-other-monitored-jurisdictions; and/or (xi) a jurisdiction in which the sale, distribution and/or use of InsureDAO Tokens and/or InsureDAO Platforme would (i) constitute an offering of securities or capital markets products; and/or (ii) would be subject of regulation and/or licensing.