project screenshot 1
project screenshot 2
project screenshot 3
project screenshot 4
project screenshot 5


UMA-safe is a set of smart contract that allows permissionless creation of insurance pools for ERC4626 vaults/tokens.


Created At

Scaling Ethereum 2023

Winner of


🥈 UMA & Across — Best Use


🏊‍♀️ UMA & Across — Pool Prize

Project Description


UMA-safe is a set of smart contract that allows permissionless creation of insurance pools for ERC4626 vaults/tokens. It allows anyone to create a pool by giving the following parameters:

  1. protectedToken - The ERC4626 vault token address.
  2. underwritingToken - The token in which the insurance is being underwritten.
  3. payoutRatio - The underwritingTokenPayoutAmount : protectedTokenAmount ratio. This is the ratio that the user is paid out if the vault gets hacked.
  4. expiration - The timestamp until which the insurance is provided. After expiry the underwriters claim both the premium and their original deposits back in case of no hacks.
  5. premium - The premium charged per protectedToken.

Anyone can register the hack by calling registerHack providing the minimum bonding amount for USDC token. The liveness period for the same is 7 days. Anyone can dispute the hack in case of falsified claims that can and will then be settled by the UMA protocol.

After it is settled, the callback will notify the contract of whether the vault was really hacked or not. If it was hacked, all the insured users can claim by calling claimInsured. They will be paid out according to their Insurer Receipt Token balance and the payout ratio.

The insurers can claim any unutilized deployed capital as well then by calling claimInsurer.

How it's Made

This project uses ERC20, ERC4626, solmate, solady, and UMA's optimistic oracle contracts to provide a permissionless way to create insurance pools and write insurance. And users are able to claim trustlessly their insured amounts whenever any hacks occur.

InsuranceFactory is a factory contract that allows anyone to create insurance pool providing various parameters like payout ratio, premium and expiry.

InsurancePool contract allows insurers to provide insurance by using the provideInsurance function and buyInsurance function for insureds. If a hack occurs, anyone can register it by calling registerHack which gets verified by the UMA oracle. After 7 day period, the UMA oracle publishes the results depending on which the pool contract will start issuing the claims or continue operating normally as before in case of falsified claims.

background image mobile

Join the mailing list

Get the latest news and updates