_____ _____ _   _ _____ _   _    _____ _   _ _____ _____ _     ____  
|_   _|     | | / | ___| \ | |  /  ___| | | |_   _| ___| |   |  _ \ 
  | | | | | |   | | |__ |  \| |  \___  | |_| | | | | |__ | |   | | | |
  | | | | | | . ` |  __||     |   ___)  |  _  | | | |  __|| |   | | | |
  | | | |_| | |\  | |___| |\  |  /____  | | | |_| |_| |___| |___| |_| |
  |_| \_____/_| \_\_____|_| \_|  \_____\_| |_|\___/\_____|_____|_____/
                    

Token Eligibility & Risk Criteria

Not all tokens qualify for Token Shield coverage. We use automated, on-chain criteria to identify genuinely high-risk assets that fit our protocol's risk profile.

Qualification Requirements

A token must meet all of the following criteria to be eligible: [feedback on criteria]

1. Minimum Token Age: At least 7 days old from initial mint/launch (for regular users)
   • Exception: Teams can apply for Team Shield coverage even before token launch (pre-approval process)
2. Minimum Market Cap: $500k USD minimum (subject to adjustment based on SOL price)
3. Volatility Threshold: 30-day standard deviation of returns >50% (measured via Pyth price oracles)
4. Liquidity Cap: Total liquidity (across all DEXs) <$2M USD
5. Launch Recency: Token age <90 days from initial mint/launch
6. Solana Native: SPL token on Solana mainnet with verified mint authority
7. DEX Presence: Active trading on at least one Solana DEX (Raydium, Orca, Jupiter aggregated pools)
8. Not Blacklisted: Token not on DAO-maintained blacklist (e.g., known scams, sanctioned addresses)

Risk Scoring

Eligible tokens receive a risk score (1-10) based on:

• Historical volatility (higher vol = higher score)
• Liquidity depth (thinner liquidity = higher score)
• Developer wallet holdings (>30% supply held by <5 wallets = higher score)
• Contract verification status (unverified = higher score)
• Social metrics (Twitter mentions, holder count - affects score)

This risk score directly impacts premium pricing. Higher risk = higher premiums, but also higher likelihood of payout events. [feedback on risk scoring]

Claim Triggers & Payout Process

Token Shield payouts are activated by objective, oracle-verified on-chain events. No manual claims required - when a trigger hits, the smart contract automatically processes eligible coverage policies.

Trigger Events

Any of the following events will trigger automatic claim processing:

1. Price Dump Trigger [feedback]

• Condition: Token price drops >40% within any rolling 24-hour window during coverage period
• Verification: Pyth oracle price feeds (requires 3 consecutive oracle updates confirming threshold)
• Example: $NEET trades at $0.50, drops to $0.28 over 18 hours → Trigger activated

2. Liquidity Drain Trigger [feedback]

• Condition: Total DEX liquidity drops >50% within any 24-hour window
• Verification: Jupiter aggregated liquidity data + individual DEX pool reserves
• Example: $NEET liquidity drops from $1.5M to $700k → Trigger activated

3. Developer Wallet Dump Trigger [feedback]

• Condition: Wallet(s) holding >5% of supply dumps >10% of total supply within 24 hours
• Verification: On-chain transaction monitoring of top holder wallets
• Example: Dev wallet sells 12% of total $NEET supply in one transaction → Trigger activated

Payout Calculation & Execution

Once a trigger event is confirmed, payouts are calculated and distributed automatically:

Payout Formula

Payout = min(ActualLoss × CoverageLevel, MaxPayout)

Where:
- ActualLoss: USD value lost from entry to trigger
- CoverageLevel: 0.3, 0.5, or 0.7
- MaxPayout: PositionSize × CoverageLevel (payout cap)

Deductibles & Caps [feedback on policy]

• Minimum Loss: 10% deductible (no payout if loss <10% of position)
• Maximum Payout: Capped at CoverageLevel × PositionSize (can't profit from coverage)
• Pool Limit: Total payouts capped at 80% of pool reserves (prevents insolvency)

Position: $10,000 in $NEET, 50% coverage
Trigger: Price drops 45% in 20 hours
ActualLoss: $10,000 × 0.45 = $4,500
Payout: $4,500 × 0.5 = $2,250 SOL to wallet ✅

Position: $10,000 in $NEET, 50% coverage
Trigger: Liquidity drained, price drops 80%
ActualLoss: $10,000 × 0.80 = $8,000
Calculated: $8,000 × 0.5 = $4,000
MaxPayout: $10,000 × 0.5 = $5,000
Payout: $4,000 SOL to wallet ✅ (under cap)

Position: $10,000 in $NEET, 50% coverage
Event: Price drops 8% in volatile session
ActualLoss: $800 (below 10% deductible)
Payout: $0 ❌ (under minimum threshold)

Pool Sustainability & Yield Strategies

Long-term protocol viability depends on maintaining a healthy insurance pool that can pay claims without relying on perpetual premium inflows.

Pool Mechanics

• Premium Inflow: All user premiums flow into main insurance pool (minus 5% protocol fee)
• Yield Generation: Idle pool funds are deployed to yield-generating strategies
• Payout Reserve: 20% of pool kept in liquid SOL/USDC for instant payouts
• Over-Collateralization: Target ratio of 150% (pool value / active coverage value)

Yield Revenue Model

A critical component of protocol sustainability: insurance premiums sit idle between collection and potential claims. By deploying 60-80% of pool reserves into ultra-low-risk yield strategies, we generate 35-50% additional revenue on top of premium income, significantly improving long-term viability.

Three-Phase Deployment Strategy

Phase 1: Launch (Pool $50-200k TVL)

Conservative approach: 60% deployed to yield, 40% kept liquid for instant payouts.

• Marinade Finance (mSOL): 30% allocation, 6.2% APY - Liquid staking with $2.8B TVL, 9+ audits, instant liquidity on DEXs
• Jito Staking (JitoSOL): 15% allocation, 5.9% APY - MEV-boosted staking, $1.9B TVL, proven track record
• Marginfi USDC Lending: 15% allocation, 6.4% APY - Over-collateralized lending, $420M TVL, audited by OtterSec + Sec3
• Blended APY: 3.7% on entire pool, 6.2% on deployed capital

Phase 2: Growth (Pool $200k-$1M TVL)

Balanced approach: 70% deployed, 30% liquid as pool matures and claim patterns become predictable.

• Diversification expansion: Add Sanctum LST (10%, 6.8% APY), Solend USDC (5%, 4.8% APY)
• Pilot Tier 2 strategies: Kamino Finance USDC-USDT vaults (5%, 11.2% APY) - Low impermanent loss stable pair
• Blended APY: 4.56% on entire pool, 6.5% on deployed capital

Phase 3: Mature (Pool $1M+ TVL)

Aggressive optimization: 80% deployed, 20% liquid reserves (ample for instant payouts at scale).

• Full diversification: 7 uncorrelated strategies across liquid staking, lending, and stable yield farming
• Enhanced yield: Add Drift Protocol USDC Earn (5%, 9.3% APY), increase Kamino allocation to 10%
• Blended APY: 5.58% on entire pool, 7.0% on deployed capital
• Annual yield at $2M TVL: $111.6k additional protocol revenue

Risk Management Framework

Protocol Selection Criteria (All Must Pass)

1. Track Record: Live >12 months OR established team with prior successful protocol
2. Security: 2+ independent audits from reputable firms (OtterSec, Sec3, Halborn, etc.)
3. Liquidity: TVL >$100M, liquid redemption within 24 hours (no long lockups)
4. Solvency: Over-collateralized if lending protocol (not fractional reserves)
5. Resilience: No critical exploits or governance attacks in last 12 months

Rebalancing & Monitoring

• Daily: Check APY rates, protocol TVL changes, verify liquid reserves >20%
• Weekly: Review claim rate vs projections, scan for new opportunities
• Monthly: Full portfolio rebalance, DAO votes on strategy changes, publish transparency report
• Emergency: Auto-liquidate from lowest-yield strategy if reserves drop below 15%, halt all rebalancing during Solana network issues

Expected Revenue Impact

Transparency & Governance

• Public Dashboard: Real-time Dune Analytics dashboard showing deployed amounts per strategy, historical APY, liquid reserves percentage
• DAO Control: Any new protocol addition requires 7-day governance vote with 60% approval threshold
• Open-Source Keeper: Automated rebalancing bot with transparent operations (funded by protocol for gas)
• Monthly Reports: Published blog posts explaining strategy performance, rebalance decisions, risk assessments

Solvency Monitoring

The protocol continuously monitors:

• Coverage Ratio: Pool Value / Active Coverage Value (target >150%)
• Utilization Rate: Active Coverage / Pool Capacity (max 70%)
• Claim Rate: Paid Claims / Collected Premiums (historical tracking)

If coverage ratio drops below <125%, the protocol automatically:

1. Halts new enrollments until ratio recovers
2. Increases premium rates by 20-50% (temporary)
3. Triggers DAO emergency governance vote for intervention

Oracle Integration & Data Sources

Accurate, manipulation-resistant data is critical for fair trigger detection and payout calculation.

Primary Oracle: Pyth Network

• Price Feeds: Real-time price data for covered tokens (sub-second updates)
• Confidence Intervals: Statistical confidence scores prevent manipulation
• Multi-Publisher: Aggregated from 70+ first-party data providers
• On-Chain Verification: All prices cryptographically signed and verifiable

Secondary Data Sources

• Jupiter: Aggregated DEX liquidity data, routing information
• Birdeye API: Token holder distribution, wallet tracking
• Direct DEX Queries: Pool reserves from Raydium, Orca (backup verification)
• Solana RPC: On-chain transaction history, mint authority verification

Manipulation Prevention

To prevent oracle attacks and false triggers:

1. Multi-Source Verification: Trigger requires consensus from 2+ data sources
2. Time-Weighted Pricing: Use TWAP (time-weighted average) over 15-minute windows, not spot prices
3. Outlier Rejection: Discard price points >3 standard deviations from median
4. Liquidity Filters: Only use prices from pools with >$50k liquidity
5. Delay Mechanism: 5-minute confirmation window before trigger activation (prevents flash-crash false positives)

Smart Contract Architecture

Token Shield is built on Solana using the Anchor framework. The protocol consists of several core programs:

Core Programs

1. Coverage Manager Program

• Handles enrollment, premium collection, policy token minting
• Stores coverage policies (position size, duration, coverage level)
• Validates token eligibility on-chain
• Emits events for off-chain indexing

2. Oracle Monitor Program

• Subscribes to Pyth price feeds and other data sources
• Monitors active coverage policies for trigger events
• Performs trigger validation (multi-source, time-weighted)
• Initiates claim processing when triggers confirmed

3. Payout Engine Program

• Calculates payout amounts based on actual losses
• Applies deductibles, caps, and pool limits
• Executes SOL/USDC transfers to covered wallets
• Burns coverage policy tokens after payout
• Updates pool accounting and reserves

4. Pool Manager Program

• Manages insurance pool funds and reserves
• Deploys funds to yield strategies
• Monitors solvency ratios
• Implements emergency pause mechanisms

5. Governance Program

• DAO voting and proposal execution
• Parameter updates (risk criteria, premiums, caps)
• Treasury management
• Emergency interventions

Security Features

• No Admin Keys: Core programs are immutable post-deployment (upgrades require DAO vote)
• Timelocks: Parameter changes have 48-hour delay before execution
• Multi-Sig Guardians: Emergency pause requires 3-of-5 community multisig
• Formal Verification: Critical functions mathematically verified for correctness
• Bug Bounty: $100k+ program for responsible disclosure

Privacy & Zero-Knowledge Proofs

While Solana is a public blockchain, Token Shield implements privacy-preserving mechanisms to protect user positions from front-running and manipulation.

Privacy Challenges

• Position Visibility: Large coverage enrollments could signal whale positions
• Trigger Frontrunning: Bots could monitor coverage and sell before dumps
• Competitive Intelligence: Other traders could copy strategies based on coverage data

ZK-Based Solutions

We use zero-knowledge proofs to enable private coverage verification:

Enrollment Privacy

• Coverage policy details (position size, coverage level) stored as encrypted commitments on-chain
• Only the user's wallet can decrypt their coverage details
• Smart contract verifies eligibility without knowing actual position size (ZK-SNARK)
• Public observers only see aggregate pool metrics, not individual policies

Payout Privacy

• When trigger occurs, user submits ZK proof of eligible coverage
• Proof verifies: "I have active coverage for token X" without revealing amount
• Payout sent directly to wallet; transaction appears like normal transfer
• Optional: Use privacy-preserving wallets (e.g., Elusiv integration) for receiving payouts

Risks & Limitations

Token Shield is experimental DeFi infrastructure. Users must understand the following risks before participating:

Protocol Risks

1. Smart Contract Bugs

• Risk: Undiscovered vulnerabilities could lead to fund loss or exploits
• Mitigation: Multiple independent audits, formal verification, conservative deployment (testnet → limited mainnet → full launch)
• Residual Risk: No code is 100% bug-free; always possible

2. Oracle Manipulation

• Risk: Attackers could manipulate price feeds to trigger false payouts or prevent legitimate ones
• Mitigation: Multi-oracle design, time-weighted pricing, outlier rejection, liquidity filters
• Residual Risk: Sophisticated, well-funded attackers may find edge cases

3. Pool Insolvency

• Risk: Correlated claim events (e.g., market-wide crash) could deplete pool faster than premiums replenish it
• Mitigation: Conservative coverage limits, over-collateralization targets, dynamic premium pricing, emergency pause
• Residual Risk: Black swan events could overwhelm reserves

4. Yield Strategy Failures

• Risk: DeFi protocols holding pool funds could be exploited or fail
• Mitigation: Diversification across strategies, only battle-tested protocols, allocation caps, continuous monitoring
• Residual Risk: Cascading DeFi failures could impact pool value

Economic Risks

5. Moral Hazard

• Risk: Insured traders may take excessive risks, knowing downside is capped
• Mitigation: Deductibles, partial coverage only (no 100% insurance), premium adjustments
• Impact: Could lead to adverse selection and pool losses

6. Adverse Selection

• Risk: Only traders expecting dumps will buy coverage, skewing risk pool
• Mitigation: Dynamic pricing based on token risk scores, coverage caps per token
• Impact: May require higher premiums over time

Regulatory Risks

7. Legal Uncertainty

• Risk: Insurance is heavily regulated; DeFi insurance may face regulatory challenges
• Context: Decentralized, non-custodial design reduces but doesn't eliminate regulatory concerns
• Mitigation: Legal review in key jurisdictions, DAO structure (no single entity), geofencing if needed
• Impact: Could limit accessibility in certain regions

Operational Risks

8. Governance Attacks

• Risk: Malicious actors accumulate governance tokens and pass harmful proposals
• Mitigation: Timelocks, multi-sig guardians, vote-escrow incentive alignment
• Impact: Could change parameters unfavorably or drain treasury

DAO Governance

Token Shield is governed by a decentralized autonomous organization (DAO) to ensure community control and prevent centralized points of failure.

Governance Token (Future)

A governance token (working name: $SHIELD) will be distributed to:

• Early coverage purchasers (retroactive airdrop)
• Liquidity providers to the insurance pool
• Community contributors (developers, auditors, educators)
• Treasury for future incentives and grants

Governance Powers

Token holders can vote on:

• Risk Parameters: Eligibility criteria, deductibles, coverage caps
• Premium Pricing: Base rates, risk score weighting, dynamic adjustments
• Oracle Selection: Adding/removing data sources, trust thresholds
• Yield Strategies: Approving new DeFi integrations, allocation limits
• Token Blacklist: Blacklisting/whitelisting specific tokens
• Treasury Management: Protocol fee allocation, grants, partnerships
• Emergency Actions: Pause/unpause protocol, emergency fund transfers

Voting Mechanics

• Proposal Threshold: 100k $SHIELD tokens to create proposal
• Voting Period: 7 days for discussion + 3 days for voting
• Quorum: 10% of circulating supply must vote
• Approval: 66% yes votes required for passage
• Timelock: 48-hour delay before execution (emergency pause bypasses)

Guardian Multisig

A 3-of-5 multisig composed of respected community members can:

• Execute emergency pause if critical vulnerability discovered
• Veto malicious governance proposals (e.g., drain treasury)
• Transfer to full DAO control once protocol matures

Development Roadmap

Token Shield is currently in conceptual/planning phase. Below is our anticipated development timeline:

Team & Community

Token Shield is a community-driven experiment. We're transparent about being in early conceptual stages.

Current Status

• Core Team: Small group of DeFi builders, smart contract developers, and Solana ecosystem contributors
• Advisors: Seeking experienced professionals in insurance, actuarial science, and crypto regulation
• Community: Growing cohort of degen traders, meme coin enthusiasts, and DeFi risk researchers

Get Involved

We're actively seeking contributors in:

• Smart Contract Development: Anchor/Rust experience, security-focused mindset
• Frontend Development: React/Next.js, Web3 integrations, UX for DeFi
• Quantitative Modeling: Premium pricing algorithms, risk scoring, actuarial analysis
• Security Research: Auditing, formal verification, exploit discovery
• Community Management: Discord moderation, content creation, education
• Business Development: Partnerships, liquidity providers, token projects

Stay Updated

• GitHub: github.com/i2gucci/tokenshield - Open source code, technical proposals
• Feedback: Submit feedback or suggestions via GitHub Issues
• Waitlist: Join our waitlist on the homepage for launch updates

Community channels (Discord, Twitter, Telegram) will be announced closer to mainnet launch to ensure active moderation and legitimate community building.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Ready to protect your bags?

$ cd ~ && ./join_waitlist.sh