Get started

Open source · Pre-execution firewall

Stop exploits before they land on-chain.

Moat evaluates high-risk calls against your protocol state and your rules before execution. Integrate once on the functions that move value, ship with a clearer story for LPs and partners.

$1B+ lost to DeFi exploits in 2025 (DeFiLlama). That is the class of failures pre-execution emulation is built to catch.

Get started How it works

Problem

The defense often arrives too late

Most defenses are reactive. By the time mempool races or pause switches fire, users are often already losing funds. Shipping has outpaced audit cycles, and the obvious closed tools do not help every team.

What is broken

  • Teams ship weekly. Audits snapshot one moment in time.
  • Hypernative Firewall is closed source and enterprise-priced, so early-stage teams cannot adopt it.
  • OpenZeppelin Defender is sunsetting in July 2026, which leaves a real gap.
  • There is still no mainstream open, decentralized drop-in you can wire to your contracts today.

Solution

Moat is a circuit breaker your team controls

It sits in front of deposits, withdrawals, swaps, or any function you choose. Operators emulate the proposed state change, run your rules, and attest. Your contract only executes when policy passes, or after a timelock gives users a guaranteed path forward.

What you get

Ship the critical path first

Add one modifier on the calls that matter. Cover the surface that moves money before you boil the ocean.

Rules only you can write

Limits, ratios, yield bands, frequency caps—the invariants come from the team that knows the economics, not a black-box score.

LPs see a real control

Point to gated functions, written policy, and user recourse. Moat is the floor. Layer Forta, Hypernative, or custom stacks as you grow.

Under the hood

On-chain gate

Moat keeps a minimal on-chain footprint: one lightweight gate in front of critical functions, with full policy checks handled off-chain. 

modifier onlySafe() {
  require(moat.isSecure(), "MOAT_REV");
  _;
}

Timelock exit

If a transaction is flagged, users can still withdraw after the timelock, while the protocol team gets a real window for incident response.

Distributed validation

Validation is distributed across independent operators, with an optional EigenLayer-backed backend for teams that want network-level security.

EigenLayer ecosystem

How it works

From submission to execution

Reference flow

Diagram of Moat flow from submission through off-chain validation to on-chain gate and optional user timelock.

The three steps

  1. 1
    Submission A user or app sends a transaction toward a gated function. That call is routed through Moat first, not straight into your core logic.
  2. 2
    Validation Operators emulate state before and after the proposed change, run your rule set, and co-sign an attestation based on invariants your team knows best.
  3. 3
    Enforcement The on-chain gate allows execution when attestation passes. If something is held, a configurable window (for example 30 minutes) gives your team time to react. Then the user can still push the transaction through.

Install Moat on the calls that matter.

Audits still matter. This is how you show LPs you treated security as product from day one.

Get started on GitHub