Intuitively, it seems that the hash of a BLS signature could be used as a VRF as well. In a nutshell, BLS-Signature is the VRF output and the verification first checks the signature is valid, and then compute the hash over it to provide the VRF output. (Or similarly, one can provide H(BLS-Signature) as the VRF output and BLS-Signature as the VRF proof.)
Yes, in the random oracle model, the hash of a BLS signature makes a VRF essentially as secure as the BLS signature scheme (provided the verifier accepts only the unique canonical encoding of each signature).
This works because BLS signatures are unique. Fix a pairing $e\colon G_1 \times G_2 \to G_T$ on groups $G_1$ and $G_2$ of prime order. For any fixed $A \in G_2$, the homomorphism $\phi_A\colon \sigma \to e(\sigma, A)$ is an injection (or the system is trivially insecure) because $G_1$ has prime order. Let $B \in G_2$ be the standard base point. A putative signature $\sigma \in G_1$ under public key $P \in G_2$ on a message $m$ satisfies the signature equation $$e(H(m),P) = e(\sigma,B) = \phi_B(\sigma).$$ Since $\phi_B$ is an injection, there is at most one possible signature $\sigma$ for any public key $P$ and any message $m$.
