Below you'll find information on what's covered by Bridge Mutual's Smart Contract Coverage, as well as instructions on how to evaluate evidence and asses claims
Smart Contract Coverage is the protections users currently get when purchasing a policy at https://bridgemutual.io/
A separate, downloadable version of "Smart Contract Coverage" terms and conditions can be found here.
The Bridge Mutual DAO (BMI token holders) votes on whether claims are valid; as such, all payouts are discretionary as per the will of the DAO members.
Coverable Event - an event that meets all of the criteria defined in the section “What Is Covered?” below.
Cover Period - The duration of a policy, starting at the moment it is purchased.
Covered Amount - means the amount of cover specified by the Policy Holder at the time of coverage purchase.
Permanent Loss - Any loss of assets that is, or will likely be, permanent, usually via the transfer of assets from the protocol to an address that is not controlled by the Policy Holder. The mere promise of repayment from an exploited protocol does not necessarily mean the loss is not permanent, as most protocols will announce some form of a plan for repayment in the hopes of saving its reputation.
Policy Holder - The owner of the address that purchased an active policy.
Protocol - A system comprised entirely or partially of code that performs a function or series of functions.
DAO - A decentralized autonomous organization. In Bridge Mutual’s DAO, token holders can stake their BMI in the protocol to receive vBMI, which is used as a measurement of your voting power within the DAO.
What Is Covered?
Bridge Mutual DAO members are incentivized and agree to approve a claim if:
I. During the Cover Period, the Policy Holder suffers a Permanent Loss of assets caused by an unauthorized, malicious, or criminal act that:
A. exploited vulnerabilities in the Protocol’s code; or
B. drained virtually all of the value from the Protocol’s native assets (commonly referred to as a “rug pull”); or
C. caused the Protocol’s website or application layer to direct the Policy Holder’s funds to a foreign address (including by way of oracle manipulation, DAO governance attack, or a “rug pull”); and
II. The value of the Permanent Loss, at the time of the Coverable Event, can be readily ascertained on secondary markets; and
III. The loss is incurred by the same wallet address that purchased the policy, or there is clear evidence that strongly suggests that the Policy Holder was the same individual or entity that incurred the Permanent Loss. The intent of this clause is to ensure that Policy Holders are not selling or splitting the payouts of their policies to third parties.
What Is Not Covered?
Bridge Mutual DAO members are instructed to deny claims if:
I. The Permanent Loss suffered by the Policy Holder is caused indirectly by a different protocol that falls outside the scope of the policy.
A. For example: Policy Holder stakes assets in ABC protocol, and ABC protocol stakes those assets in XYZ protocol. Policy Holder purchases a policy that covers losses on ABC Protocol. Later, XYZ protocol gets exploited, and all of Policy Holder’s funds are permanently lost. The DAO should deny this claim.
II. The Permanent Loss suffered by the Policy Holder was the fault, in whole or in part, of the Policy Holder; including phishing, personal security breaches, malware, key loggers, being tricked by a scam site imitating the Protocol, or any other activity where the covered Protocol is not clearly at fault.
III. There is clear evidence to suggest that a Coverable Event was executed intentionally by the Policy Holder for the sole purpose of being paid on a claim.
IV. There is clear evidence to suggest that the Policy Holder is being paid out by another insurance protocol or by another claim on Bridge Mutual, and the amount being paid out is, in aggregate, an amount in excess of the amount lost by the Policy Holder.
V. The Coverable Event took place outside of the Cover Period.
VI. The claim is otherwise valid, but the Policy Holder knew or had a clear reason to know (such as a tweet from the Protocol’s team or an article published on a popular news site), that the protocol had existing vulnerabilities at the time the Policy was purchased, and it was these same vulnerabilities that caused the Coverable Event.
VII. The Protocol works as intended and is not exploited, but a Permanent Loss is suffered by the Policy Holder due to interference by, or misinformation from, a third-party source, such as an oracle, a DAO, a miner, another network, etc.
VIII. Net losses are caused due to a drop in value of assets, regardless of whether the drop in value is directly or indirectly caused by a Coverable Event.
What is acceptable evidence?
I. Information and posts directly from the Protocol’s team members via official social media accounts or channels of communication (such as Twitter, Discord, Telegram, LinkedIn, and others.)
II. News stories and articles from credible news sources.
III. Transaction IDs, wallet addresses, and other on-chain data.
IV. Screenshots of information or data that pertain to the claim.
V. Cryptographically signed evidence that ties the loss to the claimant.
VI. Other potentially relevant evidence.
How do you prove a loss as a Policy Holder?
Policy Holders that wish to make a claim should submit any or all of the following in an attempt to prove they have suffered a permanent loss:
I. Transaction IDs proving that the Policy Holder’s wallet deposited assets into the protocol, and transaction IDs that pertain to the Coverable Event.
II. Any post or article from the Protocol’s team, a reputable news source, or an auditing firm confirming that there was an exploit, and providing additional information.
III. A description of the Coverable Event in the Policy Holder’s own words.
IV. Supporting materials that may help to determine the value of the lost assets at the time of the Coverable Event.
V. If the address affected was not the same address that purchased coverage, any evidence that proves the Policy Holder is the bonafide owner of the address that suffered a Permanent Loss.
How much is paid out?
I. A successful claim can only receive up to the policy’s maximum coverable amount.
II. Successful claims may receive less than the maximum coverable amount in the event that the DAO determines that the loss suffered by the Policy Holder was less than the maximum coverable amount.
III. The DAO is incentivized to pay the claimant the exact amount that was actually lost in the coverable event.
When does a policy expire?
At the end of the policy’s duration, or after the Policy Holder has received the maximum coverable amount of their policy through approved claims.