Meet HAPI: Onchain Cybersecurity Protocol for DeFi projects

Part 1. Teaser

Launching any DeFi product is similar to launching a rocket: after the rocket takes off, you have a minimal toolset to influence its flight. You can send commands or even update the software. However, any unforeseen event could lead to a disaster, and you have no way of influencing it any further. You become a passive observer.

DeFi is similar to this in many ways. You create code, conduct a security audit, launch your smart contract into space (blockchain) and start praying that everything goes according to plan.

HAPI, a new product that enters Hacken Foundation, a leading security consulting company specialised in blockchain security, is a special module for these ‘rockets,’ allowing you to fix vulnerabilities on the fly. It provides an opportunity to deploy a rescue team and patch the hole in the rocket.

How do cybersecurity risks occur at DeFi?

  1. Blockchain:

A Blockchain is a database stored on multiple computers at once. And all of these computers are verifying that no one deceives one another and all of the records within this database are correct. A smart contract is a program that can be run within this database.

Example #1: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if he has 10 ETH in his wallet. Every time Alex runs this contract, 10 HAI tokens will be sent to his wallet (as long as there are enough tokens on the smart contract). In this case, the program will verify whether there are 10 ETH on Alex’s wallet every time.

Example #2: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if the price of gold on stock exchange is higher than $2000.

However, where can the smart contract get the price of gold from?

This is one of the big challenges in building smart contracts — we can use only the on-chain data in smart contracts’ implementation (only those that are already in our distributed database).

So, how can we record this data into the blockchain?

2. Oracles:

This is how Oracles have appeared — servers recording our necessary data onto the blockchain. Smart contract defines what kind of data it needs in blockchain. Oracles monitor these requests by taking the information from the outside world (usually via API) and recording it onto the blockchain.

However, this is where security issues might arise. Smart contracts are not aware of where the information is coming from and how reliable it is.

3. API or Application Programming Interface:

An API is an interface we can use to interact with programs, apps or devices. You can login into the bank’s client app and it will show you your balance by connecting to the Bank’s server via an API. You can also launch Coingecko’s mobile app and use the API to show you cryptocurrencies. In this case, the request is sent in a very precise form (if you want to receive the required information — learn to ask the right questions).

This is what we get — the user launches a smart contract, it contacts the Oracle’s smart contract and requests data. Oracles (servers) contact the required place (bank, exchange) via API, receive the necessary information and record it into the blockchain.

Introducing HAPI: An onchain cybersecurity protocol to create trustless Oracles

How does HAPI work?

Who is a Data Provider?

HAPI example usecase: blocking the movement of stolen coins between DeFi and exchanges

The exchange sends the address and coin details immediately to HAPI.

Every exchange connected to HAPI receives this information almost instantly and can block these transactions and funds until the situation is resolved. DEXs use smart contracts, allowing them to reject requests from suspicious addresses using HAPI. The momentum of the attack is slowed, and a portion of the funds is blocked.

Key points

  • All DeFi projects will substantially increase their security, if add HAPI module
  • HAPI is to become a security standard for DEXs, lending protocols, derivatives protocols and other DeFi classes
  • The data provider is voted via a DAO
  • The cost of reputational loss to a Data Provider is significantly higher than the potential damage caused by false data
  • The data would be onchain. Publically available
  • Request to change or add additional data will have a fee
  • HAPI is created by Dona Mara
  • Hacken Foundation will act HAPI BD
  • Prepare your HAI


This is the way.

The community of crypto and cybersecurity enthusiasts united to keep not only themselves but also their friends and family safe in today’s digital world.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store