On-ChainInsurance
All Services

Smart Contract Liability

Smart contract liability addresses the defining risk of DeFi and on-chain protocols: a bug, exploit, or economic attack on your smart contracts that drains or loses user funds. It's the coverage standard policies never contemplate.

Smart Contract Liability for DeFi & Protocols

The defining exposure of a web3 company is the smart contract itself. A single vulnerability — a reentrancy bug, an integer overflow, a flawed access control, or an economic / oracle manipulation attack — can drain a protocol of millions in minutes. Smart contract liability is the specialty coverage built around this risk, responding to losses arising from exploits, code defects, and attacks on the contracts your team writes and deploys.

This is risk no standard insurance form was designed for. Coverage is placed in specialty markets and is heavily dependent on underwriting: carriers will typically require recent independent smart-contract audits, a documented security process, bug-bounty programs, and clear governance before offering terms. The quality of your audits and security posture directly drives both whether you can get coverage and what it costs.

What It Addresses

Smart contract liability can respond to third-party claims from users who lost funds, defense costs, and — depending on the form — first-party protocol losses. It is frequently paired with tech E&O (for the development work behind the contract) and crime/custody (for asset theft), since a major exploit can trigger more than one coverage. We structure the program so an exploit doesn't fall into a gap between policies.

What's Covered

Smart-contract exploit losses
Code bugs & vulnerabilities
Economic & oracle-manipulation attacks
Third-party user fund-loss claims
Audit-driven underwriting
Defense & investigation costs

Frequently Asked Questions

Do I need a smart-contract audit to get coverage?

Almost always. Underwriters in this space require recent independent smart-contract audits, and often a bug-bounty program and documented security process, before offering terms. Strong audits don't just enable coverage — they materially lower your premium.

Is a protocol exploit covered under my regular tech E&O?

Rarely. Standard tech E&O excludes digital-asset and crypto losses, and a smart-contract exploit is a specialized exposure that needs purpose-built coverage. We place smart-contract liability alongside your tech E&O so the protocol risk is actually addressed.