[Phylax Systems] Testing the Credible Layer as a Hack Prevention Technique for Compound

tl;dr

We are building a hack prevention protocol called the Credible Layer.

It enables dApps to define custom security rules (assertions) that are too complex or large to be encoded directly into a smart contract. These assertions define states that the dApp should never fall into, or in other words, “hacked” states.

The other half of the system (prevention as opposed to hack definition) is supported at the base layer itself within the sequencer of each integrated chain. They run a block builder that checks the pre-state against incoming transactions and discards any transaction that would result in a “hacked” state. This effectively means that dApps can stop worrying about how a hack happens and just define what a hack looks like to stop it proactively.

The Challenge with Traditional Security Models

Insurance providers in DeFi price premiums based on perceived risk, which is often subjective and lacks real-time, verifiable data. Traditional security measures rely heavily on audits, which, while valuable, represent a snapshot in time and cannot account for dynamic threats that emerge post-deployment.

Insurance and real security for crypto protocols that prevent hacks are key to our industry’s success. And they go hand in hand.

Introducing the Credible Layer to Compound

The Credible Layer is an on-chain protocol designed to enforce verifiable security measures at the base layer of blockchain networks. It allows dApps to define “assertions” — specific security rules that describe states considered unacceptable (i.e., potential hacks). These assertions are:

  • Defined by the protocol: Only Compound’s governance or designated security team can set and modify these assertions.
  • Enforced by the network: Integrated with the sequencer, any transaction that would violate an assertion is automatically invalidated before execution. We are currently in talks with Mantle and Base, where Compound is deployed and has significant TVL. We also have plans to expand past OP stack L2 and rollups to mainnet where the super majority of Compound’s TVL is.

  • Publicly Verifiable: Through our Transparency Explorer, anyone can verify the active security rules and any past exploit attempts, creating an unprecedented level of security transparency.

Impact on Insurance Premiums and General Market Efficiency

Insurance premiums are fundamentally a function of risk. The more uncertain the risk, the higher the cost. By integrating the Credible Layer, Compound can:

  1. Reduce Perceived Risk: Demonstrating proactive, real-time security enforcement reduces the likelihood of successful exploits.
  2. Enhance Risk Transparency: Insurers can directly verify the active security measures and historical security performance, reducing uncertainty.
  3. Provide Quantifiable Data: Historical data on assertion activations and prevented exploits offers concrete metrics for insurers to adjust their risk models.

In the same way that centralizing shipping news and risk news reduced premiums and increased capital efficiency for 17/18th century shipping, DeFi insurance will be enabled in large part by transparency and centralization of risk data. That’s what we are enabling with the Credible Layer.

Aligning with Compound’s Governance and Security Goals

  • No Code Changes Required: Integrating the Credible Layer does not require modifications to existing smart contracts.
  • Governance-Controlled: Assertions are managed through Compound’s governance, ensuring full community oversight.
  • Flexible and Scalable: Assertions can be updated as the protocol evolves, maintaining relevance with emerging threats. Assertions

Next Steps

We propose a pilot integration of the Credible Layer with Compound on Base or Mantle, depending on where we integrate, focusing on key security assertions that align with identified risk areas. This would include:

  1. Defining initial assertions collaboratively with Compound’s security team.
  2. Deploying the Credible Layer in a testnet environment for validation.
  3. Engaging with insurance providers to assess the impact on premium calculations.

Conclusion

Reducing insurance premiums in DeFi isn’t just about negotiating better rates—it’s about proving that the protocol represents a lower risk. The Credible Layer offers a path to do just that: through transparency, verifiability, and proactive security enforcement. We’re excited about the potential to collaborate with Compound in setting a new standard for DeFi security and risk management.

We look forward to the community’s feedback and to discussing this proposal in more detail.

1 Like