The Phylax Credible Layer

The Credible Layer is a network extension that enables apps to define security rules and prevents transactions from violating them.

Quickstart Guide

Get started with the Credible Layer in minutes.

Assertions Book

See concrete assertion examples and previous hacks.

If you prefer visual learning over reading text, watch this introductory video for a comprehensive overview:

Key Benefits

  • Prevents Hacks, Doesn’t Just Detect Them: Stop attacks before they succeed, not after funds are lost
  • No False Positives: Only blocks transactions that explicitly violate defined rules
  • Developer-Friendly: Assertions are written in Solidity, which means no need for context switching or learning a new language
  • Non-Invasive: Add protection without modifying existing contracts
  • High Performance: Processes 1,500 transactions in under 50ms
  • Transparent Security: All assertions are visible on-chain

How It Works

The Credible Layer consists of four key components working together:

  1. Assertions: Security rules written in Solidity that define states that should never occur (e.g., “implementation address shouldn’t change”, “price reported by oracle shouldn’t deviate more than x% inside of a single transaction”).
  2. Protocols: Protocols that define assertions for their contracts and link them on-chain.
  3. Block Builders/Sequencers: The network infrastructure that validates every transaction against assertions before inclusion in a block, dropping any that would violate security rules.
  4. Transparency Dashboard: A platform where users can see which protocols are protected and how, creating a focal point for ecosystem security.

User Flow

The protocol has three target users. They can use the Credible Layer in the following ways:

  1. Protocol Teams:
    • Install the pcl CLI tool
    • Write assertions in Solidity to protect their protocol
    • Test assertions locally using pcl test
    • Register assertions to contracts through the Credible Layer dApp
    • Monitor security posture through the dashboard
  2. End Users:
    • View which protocols have Credible Layer protection through the dashboard
    • Verify the specific security rules protecting your funds
    • Confidently deploy their capital, knowing that malicious transactions that would result in exploits are prevented
  3. Network Operators:
    • Run OP-Talos alongside your sequencer
    • Configure integration with Rollup Boost
    • All transactions will automatically be validated against registered assertions

Transaction Flow

  1. User submits transaction to the network
  2. Transaction enters the mempool
  3. OP-Talos receives the transaction for potential inclusion in a block
  4. For each transaction, OP-Talos:
    • References the assertions stored in the Credible Layer Protocol that are related to the contracts the transaction interacts with
    • Fetches assertion bytecode from the Assertion DA
    • The PhEVM:
      • Simulate transaction execution
      • Create pre-transaction and post-transaction state snapshots
      • Execute all relevant assertions against these transactions
    • The PhEVM returns assertion results:
      • If any assertion reverts (invalid state), the transaction is flagged as invalid
      • If all assertions pass, the transaction is considered valid
  5. OP-Talos makes inclusion decisions:
    • Invalid transactions are not included in the block
    • Valid transactions are included in the block
  6. OP-Talos submits the validated block to the sequencer via Rollup Boost
  7. Sequencer accepts and processes the validated block

Transaction Flow Diagram

Ultimately, if a transaction would result in a hack, if the contract is protected by the Credible Layer, the transaction will be dropped. If the contract is not protected, the transaction will be included in the block.

Enforcement Diagram

Now you’re probably thinking that forced inclusion transactions are not caught by the Credible Layer… Well, think again! We have found a way to handle this and are actively working on implementing it.

System Components

Core Infrastructure

  • OP-Talos
    • Custom block builder implementation for OP Stack-based rollups
    • Integrates with the sequencer via Rollup Boost without requiring sequencer code modifications
    • Orchestrates the validation process by:
      • Identifying which assertions apply to incoming transactions
      • Invoking PhEVM to execute the assertions against transaction states
      • Making inclusion/exclusion decisions based on assertion results
    • Builds blocks that exclude any transactions violating assertions
    • Handles forced inclusion transactions with special mitigation pathways
    • PhEVM (Phylax EVM) - the execution arm of OP-Talos
      • Executes assertion bytecode in an isolated off-chain environment
      • Supports special cheatcodes (precompiles) for efficient state access and comparison
      • Can simulate both pre-transaction and post-transaction states
      • Evaluates assertions in parallel to maximize throughput
  • Assertion Data Availability (Assertion DA)
    • Compiles and stores assertion source code and bytecode securely
    • Provides assertion code to block builders for enforcement
    • Enables transparency by making assertions publicly available
  • Credible Layer Protocol
    • Smart contract that manages the on-chain registry of assertions
    • Maps assertions to protected contracts
    • Handles assertion registration, updates, and deactivation
    • Supports proof verification for mitigation triggers
    • Maintains security parameters and protocol metadata

High Level Flow Diagram

Above is a high level overview of the system components and their interactions.

Regulatory Compliance and Neutrality

Neutrality is critical. It determines who controls the system. Who controls the system decides how the system is regulated.

As middleware, the Credible Layer extends network capabilities without introducing new trust assumptions. Protocols define security rules through existing governance channels, and networks enforce these rules through existing mechanisms.

Networks can remove the Credible Layer anytime and still execute their core functionality. dApps can remove (or add) assertions anytime, and the system passes the off-switch test.

By avoiding centralized control points, this architecture preserves decentralization for both dApps and networks.

Policymakers are becoming increasingly aware of decentralization and see its value. Systems that quietly rely on centralized emergency controls for security risk falling on the wrong side of laws meant to capture decentralized-in-name-only projects.

Non-neutral solutions ultimately create new centralized control points: AI providers can change detection algorithms, and SaaS companies can modify security policies.

This matters because security solutions should optimally not add additional trust assumptions/risks, and they should not centralize the systems they serve.

Developer Tools

  • Credible Layer dApp: User interface for protocols to register and manage assertions
    • Transparency Dashboard: The part of the dApp that shows every project’s assertions and other security measures to end users. These users can use these proofs to eliminate the blind trust that most use to make allocation decisions today.
  • pcl CLI: Command-line tool for writing, testing, and deploying assertions
  • credible-std: Standard library exposing cheatcodes and testing functionality for writing and testing assertions

Credible Layer dApp Screenshot of the Credible Layer dApp UI for a project

Use Cases

Assertions open up a wide range of use cases, some that aren’t even possible in pure Solidity. Here are a few examples:

  1. Parameter Protection: Prevent unauthorized changes to critical protocol parameters such as owner and implementation addresses.
  2. Market Integrity: Ensure market prices don’t move beyond specified thresholds inside of a single transaction.
  3. Lending Protocol Safety: Guarantee lending positions maintain the required collateralization ratios.
  4. Oracle Monitoring: Verify oracle prices stay within specified ranges to detect price manipulation.
  5. Total Balance Invariants: Ensure that the sum of all positions match the total balance of a protocol.

Explore more use cases in the Assertions Book.

Next Steps

Ready to get started with the Phylax Credible Layer? Explore these resources:

  • Installation Guide - Set up your development environment and install pcl
  • Quickstart Guide - Write and deploy your first assertion using the Credible Layer
  • Cheatcodes - Detailed reference for assertion functions and capabilities
  • FAQ - Answers to common questions about the Credible Layer