HAPI: Onchain Cybersecurity Protocol for DeFi projects

Dona Mara
Dona Mara
Feb 11 · 5 min read
Image for post
Image for post

| To find out more about HAPI, join our Telegram chat |

Part 1. Teaser

Launching any DeFi product is similar to launching a rocket: after the rocket takes off, you have a minimal toolset to influence its flight. You can send commands or even update the software. However, any unforeseen event could lead to a disaster, and you have no way of influencing it any further. You become a passive observer.

DeFi is similar to this in many ways. You create code, conduct a security audit, launch your smart contract into space (blockchain) and start praying that everything goes according to plan.

How do cybersecurity risks occur at DeFi?

Before we introduce HAPI, let’s have a look on how most DeFi projects work and what kind of security issues might arise.

  1. Blockchain:

A Blockchain is a database stored on multiple computers at once. And all of these computers are verifying that no one deceives one another and all of the records within this database are correct. A smart contract is a program that can be run within this database.

Example #1: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if he has 10 ETH in his wallet. Every time Alex runs this contract, 10 HAI tokens will be sent to his wallet (as long as there are enough tokens on the smart contract). In this case, the program will verify whether there are 10 ETH on Alex’s wallet every time.

Example #2: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if the price of gold on stock exchange is higher than $2000.

However, where can the smart contract get the price of gold from?

This is one of the big challenges in building smart contracts — we can use only the on-chain data in smart contracts’ implementation (only those that are already in our distributed database).

So, how can we record this data into the blockchain?

2. Oracles:

This is how Oracles have appeared — servers recording our necessary data onto the blockchain. Smart contract defines what kind of data it needs in blockchain. Oracles monitor these requests by taking the information from the outside world (usually via API) and recording it onto the blockchain.

However, this is where security issues might arise. Smart contracts are not aware of where the information is coming from and how reliable it is.

3. API or Application Programming Interface:

An API is an interface we can use to interact with programs, apps or devices. You can login into the bank’s client app and it will show you your balance by connecting to the Bank’s server via an API. You can also launch Coingecko’s mobile app and use the API to show you cryptocurrencies. In this case, the request is sent in a very precise form (if you want to receive the required information — learn to ask the right questions).

This is what we get — the user launches a smart contract, it contacts the Oracle’s smart contract and requests data. Oracles (servers) contact the required place (bank, exchange) via API, receive the necessary information and record it into the blockchain.

Introducing HAPI: An onchain cybersecurity protocol to create trustless Oracles

HAPI is a set of cross chain smart contracts that are embedded into DeFI products that allow them to reach a new security level. Also, HAPI’s Oraclizing and DAO system delivers SaaS in the DeFi environment that prevents hack attempts.

How does HAPI work?

Image for post
Image for post
Image for post
Image for post

Who is a Data Provider?

The main Data Provider is selected by the voting process in HAPI. It analyzes and marks all of the suspicious addresses. This data provider becomes the main provider of information to the blockchain. Upon request from exchanges (via API), service records all of the suspicious addresses into the blockchain and their ban period varies from 12 hours to a permanent ban.

HAPI example usecase: blocking the movement of stolen coins between DeFi and exchanges

Let’s say a hacker breaks into an exchange’s hot wallet and begins to transfer funds out of the exchange.

The exchange sends the address and coin details immediately to HAPI.

Every exchange connected to HAPI receives this information almost instantly and can block these transactions and funds until the situation is resolved. DEXs use smart contracts, allowing them to reject requests from suspicious addresses using HAPI. The momentum of the attack is slowed, and a portion of the funds is blocked.

Key points

  • Will be built for most popular blockchains (Ethereum, Vechain, Polkadot etc.)


After analyzing a lot of different smart contracts and hacker attacks and by using the best financial world practices, we prepared a list of those methods and data, which are required by the DeFi at its current stage. We are building a protocol that will improve the security of decentralized apps (and centralized ones as well) using only the required data, analyzed in advance

| To find out more about HAPI, join our Telegram chat |


Data + Machine Learning + Oracle + DAO = First Security Oracle

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store