Detailed Instructions

Begin by connecting a non-custodial wallet like MetaMask to the insurance protocol's dApp interface. Ensure your wallet is on the correct network (e.g., Ethereum Mainnet, Arbitrum). Navigate to the marketplace to browse available insurance covers. You must assess the risk parameters for each protocol you wish to insure. This involves reviewing:

• Coverage Terms: The specific smart contract vulnerabilities covered (e.g., hack, exploit, oracle failure).
• Protocol Risk Score: Many platforms like Nexus Mutual provide a risk assessment score based on audits and historical data.
• Cover Amount & Premium: Determine the amount of coverage needed and the associated premium cost, which is typically a percentage of the cover amount paid annually.
• Cover Period: The duration for which the policy is valid, often ranging from 30 to 365 days.

Tip: Always verify the smart contract address of the protocol you're insuring. For example, to insure the Aave V3 Ethereum market, you would reference its main lending pool address: 0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2.

Detailed Instructions

Once you've selected a protocol and terms, you will purchase cover by specifying the exact parameters. This action involves locking your premium payment in the protocol's capital pool and minting a cover NFT that represents your policy. The process typically requires these sub-steps:

• Input Parameters: Enter the cover amount (e.g., 10 ETH), the cover period (e.g., 90 days), and select the currency for payment (e.g., DAI, ETH).
• Premium Calculation: The protocol will calculate the premium based on the amount, duration, and the protocol's current risk assessment. A command to simulate this might look like: ```code // Example pseudo-function call premium = calculatePremium(coverAmount: 10e18, coverPeriod: 90, riskFactor: 0.015);

codeCopy
- **Transaction Signing**: Approve the token spend for the premium and then sign the transaction to purchase the cover. This will mint an NFT to your wallet address.
- **Policy Verification**: Confirm the NFT details on a block explorer, checking the token ID and the encoded metadata for your coverage terms.

> **Tip:** The premium is usually non-refundable, and the cover becomes active after a short waiting period (e.g., 14 days) to prevent fraudulent claims.

Detailed Instructions

If the protocol you insured suffers a verified incident (e.g., a smart contract hack resulting in user fund loss), you must initiate a claim. This is a critical process that requires providing evidence. Start by navigating to the claims section of the dApp and connecting the wallet holding your cover NFT.

• Incident Verification: Confirm the protocol has officially acknowledged the incident or that an incident resolution proposal has been created and passed by the protocol's governance. For example, on Nexus Mutual, an incident must reach a Resolved status with yes votes.
• Claim Filing: Submit a claim, linking it to the specific incident ID and your cover NFT token ID. You will need to stake a small claim assessment fee (e.g., 0.1 NXM) which is refunded if the claim is accepted.
• Evidence Submission: Provide clear, on-chain evidence of your loss. This could include transaction hashes showing your locked funds in the exploited contract before the incident.
• Await Assessment: Your claim enters a assessment period where token holders (stakers) will vote to assess its validity.

Tip: Keep detailed records of your positions in the insured protocol. The claim must be filed within a specific window (e.g., 35 days) after the incident is resolved.

Detailed Instructions

Following a successful claim assessment, you will receive a payout from the protocol's capital pool. If your claim is approved by the majority of voters, the payout process is automatic. Connect your wallet and you will be able to withdraw the insured amount, minus any deductible, in the specified currency.

• Payout Execution: The protocol's smart contract transfers funds to your address. You can verify this by checking the transaction on Etherscan.
• Post-Claim NFT: Your cover NFT may be burned or marked as Claimed in its metadata.
• Policy Expiry: If no claim is made, your policy expires at the end of the cover period. The NFT may become inert or be burned by the system.
• Capital Pool Dynamics: Understand that your premium contributes to the shared capital pool. As a coverage buyer, you are essentially purchasing a right to claim from this pool, which is backed by staking members who provide liquidity and assess claims for rewards.

Tip: You can often sell your active cover NFT on secondary markets like OpenSea if you wish to exit your position before expiry, transferring the policy rights to another user.

Detailed Instructions

Begin by scrutinizing the smart contract architecture. This involves examining the codebase for centralization risks, upgrade mechanisms, and dependency on oracles. A protocol's security is only as strong as its most vulnerable contract.

• Sub-step 1: Locate Audit Reports: Search for the protocol's official documentation or security page. Look for audits from reputable firms like Trail of Bits, OpenZeppelin, or Quantstamp. For example, Nexus Mutual's contracts are frequently audited.
• Sub-step 2: Verify Audit Scope and Age: Check if the audit covers the exact, currently deployed contract addresses. An audit older than 6 months may be outdated if significant updates have occurred.
• Sub-step 3: Review Critical Findings: Pay close attention to any unresolved high or medium severity issues. Cross-reference these with the protocol's public bug bounty program on platforms like Immunefi.

Tip: Use a block explorer like Etherscan to verify that the deployed contract address (e.g., 0xCafe...) matches the audited code. Use the "Contract" tab and compare the source code hash.

Detailed Instructions

Evaluate the capital adequacy and liquidity depth of the protocol's insurance pools. The ability to pay out claims is the core promise of any insurance protocol, and it hinges on the pool's financial health.

• Sub-step 1: Analyze Total Value Locked (TVL): Use DeFi Llama or the protocol's own dashboard to track the TVL in the relevant coverage pools (e.g., the USDC pool on InsurAce). A sharply declining TVL can signal declining confidence or liquidity issues.
• Sub-step 2: Examine Capitalization Ratios: Calculate or find the capital-to-risk ratio. For instance, if a pool has $10M in assets covering $50M in potential liabilities, the ratio is 1:5, indicating higher risk. Protocols like Etherisc may publish these metrics.
• Sub-step 3: Assess Asset Composition: Determine what assets back the pool. A pool backed solely by the protocol's native, volatile token (e.g., INSUR) is riskier than one backed by stablecoins or diversified blue-chip assets.

Tip: Use on-chain queries to verify pool balances. For an Ethereum-based pool, you could use a simple Etherscan token tracker for the pool contract or a Dune Analytics dashboard.

Detailed Instructions

Investigate the governance model and treasury control. A highly centralized protocol poses a single point of failure risk, where a small group could alter parameters or drain funds.

• Sub-step 1: Review Governance Token Distribution: Check the token allocation on the protocol's blog or Etherscan. Look for excessive concentration (e.g., >20% held by the team/VCs) which could lead to voting manipulation.
• Sub-step 2: Analyze Governance Proposals: Visit the protocol's governance forum (e.g., Commonwealth) and snapshot page. Assess the frequency of proposals, voter turnout, and whether critical parameters like claim assessment wait times or fees are subject to community vote.
• Sub-step 3: Identify Admin Keys and Timelocks: Scrutinize the smart contracts for privileged functions (e.g., upgradeTo, pause). Ensure they are guarded by a multi-signature wallet or a timelock controller with a significant delay (e.g., 48-72 hours). You can check this via Etherscan's "Read Contract" tab for the protocol's Timelock address.

Tip: Use a command like cast call <TIMELOCK_ADDRESS> "getMinDelay()" --rpc-url <RPC_URL> using Foundry's cast to verify the minimum delay period programmatically.

Detailed Instructions

The ultimate test of an insurance protocol is its claims adjudication process. A cumbersome or opaque process renders the coverage worthless. Analyze historical data for payout success rates and dispute resolution.

• Sub-step 1: Study the Claims Framework: Read the protocol's documentation on how to file a claim, the required evidence, and who the claim assessors are (e.g., token-holder voters, designated committees). Protocols like Unslashed have detailed claim manuals.
• Sub-step 2: Review Historical Payouts: Search the protocol's forum or blockchain for past claim events. For a specific claim contract, you can filter transaction logs for ClaimSubmitted or ClaimPayout events.

codeCopy
// Example query concept for an event filter
const filter = contract.filters.ClaimPayout(null, null, true); // Filter for successful payouts
const events = await contract.queryFilter(filter, fromBlock, toBlock);

• Sub-step 3: Calculate Key Metrics: Determine the claims approval rate and average payout time. A very low approval rate might indicate overly strict criteria, while a very high rate could suggest insufficient scrutiny.

Tip: Engage with the protocol's community on Discord or Twitter. Ask existing users about their experience with the claims process to gather qualitative data.