Get started

Open source · Pre-execution firewall

Stop exploits before they land on-chain.

Moat evaluates high-risk calls against your protocol state and your rules before execution. Integrate once on the functions that move value, ship with a clearer story for LPs and partners.

$1B+ lost to DeFi exploits in 2025 (DeFiLlama). That is the class of failures pre-execution emulation is built to catch.

Get started How it works

Problem

The defense often arrives too late

Most defenses are reactive. By the time mempool races or pause switches fire, users are often already losing funds. Shipping has outpaced audit cycles, and the obvious closed tools do not help every team.

What is broken

  • Teams ship weekly. Audits snapshot one moment in time.
  • Hypernative Firewall is closed source and enterprise-priced, so early-stage teams cannot adopt it.
  • Forta Firewall and Ironblocks ship a custom-rule surface, but the products are built around vendor-managed detection — designed for L2s and protocols subscribing to a catalog, not for a lean team running its own simple rules.
  • There is still no permissively-licensed day-one firewall a lean team can drop in and wire to the simple invariants it already understands.

Solution

Moat is a circuit breaker your team controls

It sits in front of deposits, withdrawals, swaps, or any function you choose. A validator emulates the proposed state change, runs your rules, and signs a verdict. Your contract only executes when the verdict passes, or after a timelock gives users a guaranteed path forward.

What you get

Ship the critical path first

Add one modifier on the calls that matter. Cover the surface that moves money before you boil the ocean.

Rules only you can write

Reserve ratios, share-price bounds, yield caps, profit thresholds — the invariants come from the team that knows the economics, not a black-box score.

LPs see a real control

Point to gated functions, written policy, and user recourse. Moat is the floor. Layer Forta, Hypernative, or custom stacks as you grow.

Under the hood

On-chain gate

Moat keeps a minimal on-chain footprint: one lightweight gate in front of critical functions, with full policy checks handled off-chain. 

modifier onlySafe() {
  require(moat.isSecure(), "MOAT_REV");
  _;
}

Timelock exit

If a transaction is flagged, users can still withdraw after the timelock, while the protocol team gets a real window for incident response.

Validator, self-hosted to AVS

At v1, validation runs on a backend the team hosts itself. As the protocol decentralizes, it moves to an EigenLayer / Symbiotic AVS where independent operators run the same checks.

EigenLayer ecosystem

How it works

From submission to execution

Reference flow

Diagram of Moat flow from submission through off-chain validation to on-chain gate and guaranteed user force-through timelock.

The three steps

  1. 1
    Submission A user or app sends a transaction toward a gated function. That call is routed through Moat first, not straight into your core logic.
  2. 2
    Validation A validator emulates state before and after the proposed change, runs your rule set, and signs a verdict based on invariants your team knows best.
  3. 3
    Enforcement The on-chain gate allows execution when attestation passes. If something is held, a configurable window (for example 30 minutes) gives your team time to react. Then the user can still push the transaction through.

Install Moat on the calls that matter.

Audits still matter. This is how you show LPs you treated security as product from day one.

Get started on GitHub