HAPI Protocol
Introducing HAPI
HAPI: Onchain Cybersecurity Protocol for DeFi projects
HAPI is a set of cross chain smart contracts that are embedded into DeFI products that allow them to reach a new security level. Also, HAPI’s Oraclizing and DAO system delivers SaaS in the DeFi environment that prevents hack attempts.


Launching any DeFi product is similar to launching a rocket: after the rocket takes off, you have a minimal toolset to influence its flight. You can send commands or even update the software. However, any unforeseen event could lead to a disaster, and you have no way of influencing it any further. You become a passive observer.
DeFi is similar to this in many ways. You create code, conduct a security audit, launch your smart contract into space (blockchain) and start praying that everything goes according to plan.

How do cybersecurity risks occur at DeFi?

Before we introduce HAPI, let’s have a look on how most DeFi projects work and what kind of security issues might arise.


A Blockchain is a database stored on multiple computers at once. And all of these computers are verifying that no one deceives one another and all of the records within this database are correct. A smart contract is a program that can be run within this database.
Example #1: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if he has 10 ETH in his wallet. Every time Alex runs this contract, 10 HAI tokens will be sent to his wallet (as long as there are enough tokens on the smart contract). In this case, the program will verify whether there are 10 ETH on Alex’s wallet every time.
Example #2: 0x1111 is Alex’s wallet. We can write a smart contract crediting 10 HAI tokens to Alex if the price of gold on stock exchange is higher than $2000.
However, where can the smart contract get the price of gold from?
This is one of the big challenges in building smart contracts — we can use only the on-chain data in smart contracts’ implementation (only those that are already in our distributed database).
So, how can we record this data into the blockchain?


This is how Oracles have appeared — servers recording our necessary data onto the blockchain. Smart contract defines what kind of data it needs in blockchain. Oracles monitor these requests by taking the information from the outside world (usually via API) and recording it onto the blockchain.
However, this is where security issues might arise. Smart contracts are not aware of where the information is coming from and how reliable it is.

API or Application Programming Interface

An API is an interface we can use to interact with programs, apps or devices. You can login into the bank’s client app and it will show you your balance by connecting to the Bank’s server via an API. You can also launch Coingecko’s mobile app and use the API to show you cryptocurrencies. In this case, the request is sent in a very precise form (if you want to receive the required information — learn to ask the right questions).
This is what we get — the user launches a smart contract, it contacts the Oracle’s smart contract and requests data. Oracles (servers) contact the required place (bank, exchange) via API, receive the necessary information and record it into the blockchain.

Security audits: a shed of light

What we’re trying to solve with our HAPI onchain cybersecurity protocol is the reputational gap. Given the amount of losses from aggressive hacker attacks, DeFi projects are rapidly losing traders’ trust. It’s a fact none will question.
We at HAPI say that this can be solved with introducing a strong security audit approach. Although a security audit is not a 100% guarantee against hackers, it significantly mitigates the risks.
The idea is to create a decentralized security audit database, with the info on whether the specific smart contract is audited or not. For example, DEX aggregators can then divide the integrated exchanges into audited and unaudited categories.
This will help to protect DEX aggregators, DeFi platforms, and all their users from the projects that have not completed security audits to mitigate financial and reputational risks.
Last modified 1mo ago