System Assurances,
F**K YOU.
Deterministic Wallet Coverage for the Onchain Economy

SAFU is a smart contract protocol that pays out when your wallet gets drained. No committee, no vote, same inputs produce the same output every time.

0.01–0.75 ETH
STAKE RANGE
UP TO 15:1
COVERAGE RATIO
7d
CLAIM COOLDOWN
45d
PAYOUT STREAM
75/75
FORGE TESTS PASS
12/12
HALMOS PROPERTIES

Abstract

Every year, billions in crypto are drained from wallets through phishing attacks, stolen keys, and other hacks. The protocols designed to cover these losses require a committee to vote on your claim. Your payout depends on whether strangers with governance tokens believe you.

SAFU removes the vote. The same event always produces the same payout calculation. When a drain is verified, a 7-day cooldown starts, then a 45-day payout stream begins. No committee, no quorum, no waiting room.

Stakers deposit any amount between 0.01 and 0.75 ETH to secure wallet coverage with no lock period. Coverage scales proportionally — up to 15x the staked amount. Stakers earn SAFU points while staked, convertible to SAFU tokens at network launch in Q1 2027.

This document describes how the protocol works, how the economics hold, and where it is heading.

The Problem

Wallet-level drain is the most consistent attack surface in crypto. Phishing attacks, stolen keys, and malicious approvals collectively account for billions in annual losses. Existing smart contract coverage products protect against code failures, not these. Wallet drains fall through every existing coverage category.

[ phishing ]
User signs a transaction that sweeps their wallet to a drain address. Often triggered by a fake website or malicious link.
[ approval exploit ]
A previously granted token approval is used to drain the wallet. No new signature required from the victim.
[ key compromise ]
The wallet's private key is exposed and everything in it gets moved out automatically. Nothing on-chain can stop it once the key is out.

Existing protocols don't cover this

Nexus Mutual, InsurAce, and Sherlock cover smart contract bugs, which are protocol-level failures where code behaves unexpectedly. A wallet drain is a different event entirely, and none of these protocols pay out on it.

For the protocols that do attempt wallet-level coverage, every claim goes to a vote. Your payout depends on DAO participation rates you didn't choose. The result is slow, unpredictable, and discretionary.

The agent gap

AI agents managing capital on hot wallets cannot exercise human judgment. Coverage for these wallets is not optional. It is a runtime dependency, the same way gas is. No existing product serves this segment. SAFU builds the API that does.

What SAFU Is

SAFU is a protocol that pays out when your wallet gets drained. The payout is calculated by code, and the same drain event always produces the same result, so there is nothing to argue about and no one to petition.

The protocol runs a fraud scanner against every submitted transaction hash. The scanner scores the transaction for drain patterns: sweep completeness, receiver classification, automation signals. That score, combined with the staker's tier and policy terms, produces one output: an entitlement amount, or a rejection reason.

The same drain event always produces the same payout calculation, every time. The calculation is the decision, and neither a vote nor a governance proposal can change it.

What this means for AI agents

An agent submits a transaction hash to the SAFU Verify API and receives a signed payout decision programmatically. No human in the loop on either side. Coverage becomes a runtime call, not a claims process.

Conventional coverageSAFU
File a claimPayout activates automatically
Human adjusterOracle + math
Governance voteNo vote
Waiting room45-day stream, starts in 7 days
DiscretionaryDeterministic

How It Works

A wallet stakes any amount between 0.01 and 0.75 ETH to enroll. Enrollment is permissionless — no oracle approval required. The wallet's tier is assessed at claim time, not at staking. Tier determines the coverage multiplier applied to the staked amount.

TierCoverage multiplierMax payout (0.75 ETH stake)Wallet profile
A15x11.25 ETHClean history, low risk signals
B10x7.5 ETHMixed history, moderate signals
C5x3.75 ETHHigher risk signals detected

The staker sets a beneficiary address at enrollment. All payouts go to the beneficiary, never to the staked wallet. This protects the payout address from the same attack that triggered the claim.

Claim flow

01
Submit drain transaction
The staker submits the transaction hash of the drain event to the SAFU Verify API.
02
Fraud scanner scores it
The off-chain scanner checks sweep completeness, receiver classification, and automation signals. Score determines the entitlement amount.
03
Verification pipeline runs
Sequential checks: wallet enrolled and active, drain within coverage window, loss above minimum threshold, entitlement within tier cap. Pipeline short-circuits on first failure.
04
7-day cooldown
Approved claims wait 7 days before payout begins. Stake is permanently forfeited at submission.
05
45-day payout stream
Linear payout to beneficiary over 45 days. A dynamic outflow cap (5%/3%/1% per day by tier) prevents any single event from draining the pool.

Security

AuditResultDate
Tier-1 Security Benchmark (ToB + OZ standards) 0 critical, 0 high, 0 medium June 2026
Halmos Symbolic Execution (a16z) 12 / 12 properties, zero counterexamples June 2026
Comprehensive security review 0 critical, 0 high, 0 medium, 3 low (accepted) June 2026
Forge test suite 75 / 75 tests pass June 2026

Verified by symbolic execution

  • Claiming permanently forfeits your stake, enforced on-chain by the contract itself
  • Pool balance stays accurate when a claim is cancelled
  • Once a claim is filed, the original stake cannot be withdrawn
  • The two approval keys are always held by different addresses
  • Contract ownership cannot be transferred to the co-approval address
  • The contract never owes more than it holds in ETH
  • Payouts above coverage limits are always blocked
  • A cancelled claim can never release further payments
✓ all properties verified across every possible contract state

Oracle and wallet safety

The payout oracle signing key is held in AWS KMS (secp256k1, eu-north-1), isolated from the server runtime. All signed messages include the contract address and chain ID, which prevents replay attacks. A 2-of-2 override mechanism (owner + co-signer, separate keys) handles disputes without bypassing rate limits.

Staking sends ETH to the pool and grants no token approvals and no spending permissions. The contract cannot access any other asset in your wallet, before, during, or after staking.

Economic Model

The staking pool is ETH-only. Claims are paid from this pool. A dynamic outflow cap (5%/3%/1% per day by tier) and 45-day vesting period ensure no single event can drain it.

The initial deployment is a test pool designed to stress-test the system under real conditions. Coverage caps are small by design. Production economics require a larger pool and higher stake amounts, scoped for Q3 2026.

Revenue streams

[ forfeited stakes ]
When a claim is filed, the staked ETH stays in the pool after payout. Any amount above the staker's entitlement is protocol revenue.
● live now
[ lido staking yield ]
In the production vault, pooled ETH will be deposited into Lido as wstETH. ~3-4% APY accrues to the protocol. Not active in the current test pool.
● planned Q3 2026
[ custom pool deployments ]
Communities and protocols deploy their own SAFU pool with custom coverage rules and tier logic. SAFU earns a protocol fee on each pool.
● planned Q3 2026
[ verify api ]
Per-call fee for enterprise and agent integrations. Scoped after first customer cohort is onboarded.
● planned Q3 2026

Why stake?

Stakers provide the pool capital that makes coverage possible. In return: wallet-drain protection while staked, with the ability to withdraw anytime. SAFU points accrue at accelerating rates the longer you stay, and convert to SAFU tokens at network launch. Principal is returned when you withdraw if no claim is filed.

SAFU Points and Token

No token exists today. No token is being offered. This section describes the intended design, subject to legal review before implementation.

How points work

Every staker earns SAFU points proportional to their stake amount, at accelerating rates: (stake/0.75) × 100/day for the first 90 days, then 120, 150, and 200/day after a year. Points are non-transferable and accumulate across staking cycles.

When a claim is filed, 9,000 points are burned and any remainder is banked permanently. The payout flows normally. Stakers who withdraw without claiming retain all points and convert them to tokens at launch.

Tokens and payouts are mutually exclusive

A staker either files a claim and gets the payout (burning their points), or holds to full term and gets their tokens (principal returned). There is no path to collecting both. This removes the moral hazard present in most DeFi token designs.

What the token does

[ governance ]
Vote on protocol parameters: coverage caps, yield allocation, policy terms. Token holders are structurally honest stakers who never extracted from the pool.
[ pool backstop ]
Token holders can stake tokens to provide additional coverage capacity, earning a share of protocol revenue in return.
[ revenue share ]
A portion of Lido yield and forfeiture revenue distributes to token stakers.

Why the token is not a security

Coverage is the primary product. The token is a byproduct of honest participation in that product, not an investment in a profit-sharing enterprise. You stake to get wallet protection. At launch, accumulated points convert to tokens that give you a voice in how the protocol runs.

There is no ICO, no presale, no token being sold. Tokens only reach wallets that provided coverage capacity and did not extract from the pool. Tokenomics, supply, and allocation are Q4 2026 work, subject to full legal review.

Roadmap

Q2 2026
Low-value mainnet live
SAFUPoolV8 deployed on Ethereum mainnet with proportional staking (0.01–0.75 ETH), permissionless enrollment, KMS oracle signing, and points system. First staker cohort onboarded. Whitepaper published.
Q3 2026
Seed fundraise + high-value vault
Lido wstETH integration, higher coverage caps, agent wallet tier engine, new contract audit. SAFU Verify API launched. Custom pool deployments open for communities and protocols.
Q4 2026
Community + token design
Community building. SAFU Points season opens to public staking. Token design finalised and legal-reviewed. Exchange and market maker conversations begin.
Q1 2027
Token launch
SAFU Token launch. Points-to-token conversion window. DEX listing. Protocol governance goes live.