Shield Mechanics
This page describes the operational mechanics of a Shield coverage market: how windows are defined, how the two pools work, the backing lifecycle, and how outcomes are resolved.
Coverage windows
Shield narratives are created for a specific security event with a defined time window:
| Window | Use |
|---|---|
| 30 days | Short-term risk assessment |
| 60 days | Medium-term conviction |
| 90 days | Full coverage period (standard for Partnership Shield) |
Pool structure
Each Shield narrative has exactly two pools:
- SAFE pool — backers who believe the protocol will not be exploited during the window.
- EXPLOIT pool — backers who believe a qualifying security failure will occur.
Both pools deploy capital into approved DeFi yield protocols (Kamino, Marinade, Save) from the moment of commitment. The pools are held in separate on-chain vault PDAs — see Shield Technical Specification.
Backing flow
- The backer selects a protocol narrative and chooses SAFE or EXPLOIT.
- Capital is committed and immediately routed to yield protocols.
- Yield accrues continuously throughout the coverage window.
- At resolution, oracle consensus determines TRUE (no exploit) or FALSE (exploit confirmed).
- Correct backers receive principal + accumulated yield + conviction multiplier.
- Incorrect backers forfeit principal; the yield already earned is retained.
Discovery Multiplier
Backers who commit during the discovery window (the first 20% of a coverage window) earn a 2.0× Discovery Multiplier. This rewards early conviction and compensates for the higher uncertainty at the start of a window.
The multiplier applies to the conviction score component of a backer's reward. It does not double the principal — direct SOL payout is always proportional to the raw amount committed. The multiplier is stored on-chain in the backing record (see Economics).
Resolution
Resolution on mainnet requires 3-of-4 oracle sources to agree:
| Source | Type |
|---|---|
| Pyth Network | On-chain price / event feed |
| Switchboard | Decentralized oracle network |
| RedStone | Pull-based oracle |
| AI Oracle | Web intelligence (Grok + Tavily) + on-chain analysis |
A 48-hour dispute window follows resolution before payouts are finalized. During this window any party may submit counter-evidence. On devnet the oracle threshold and timelock are relaxed for testing (see Technical Specification).
Self-backing (Partnership only)
Partnership Shield protocols may back their own SAFE pool. This:
- Signals confidence in their own security posture.
- Provides a partial self-hedge — on a confirmed exploit, 50% of the SAFE pool is returned to the protocol team.
- Is fully transparent on-chain — self-backing positions are visible like any other.
There is no minimum or maximum on self-backing amount. Community Shield does not support self-backing.
Yield spread cap
MAGMA applies a maximum 0.5% yield spread above the raw DeFi protocol rate. This covers operational costs while ensuring backers receive competitive yield. Yield accrues continuously from the commitment date and is never clawed back on a losing position.