Decentralized Security Oracle for DeFi Infrastructure
RLAR is an Ethereum-based protocol that delivers continuous, on-chain security risk feeds for DeFi protocols and smart contracts. It transforms fragmented, off-chain security data — audit reports, incident records, contract metadata — into composable oracle feeds that other protocols can consume programmatically within their smart contract logic.
RLAR does not adjudicate truth. It aggregates verifiable security signals into structured confidence metrics, enabling DeFi protocols to make automated, security-aware decisions without human intervention.
DeFi protocols collectively secure over $80 billion in TVL, yet operate with no standardized on-chain mechanism for assessing the security posture of the contracts they interact with.
Audit reports exist as static PDFs — point-in-time snapshots with no machine-readable format and no on-chain presence. Security ratings live on centralized dashboards maintained by single entities, updated at arbitrary intervals. Risk assessments are conducted through private consulting engagements, with results neither shared nor standardized.
None of this is composable. A lending protocol cannot programmatically verify whether a collateral asset's underlying contracts have been recently audited before accepting a deposit. Wallets cannot warn users at the point of transaction signing. Insurance protocols cannot automate underwriting based on real-time security states.
Several projects operate in DeFi security infrastructure. RLAR occupies a distinct position that none currently fill.
Forta Network operates as a real-time threat detection network — monitoring mempool activity and anomalous transactions to issue alerts. Forta detects live threats. RLAR scores structural security posture. The two are complementary.
OpenZeppelin Defender provides centralized monitoring and operational tooling for protocol teams. Its outputs are not on-chain, not composable, and not accessible to external protocols.
Sherlock is an audit marketplace combined with exploit insurance. Sherlock's audit reports are valuable data that could feed into RLAR's Record Layer, but Sherlock does not produce on-chain risk scores consumable by other protocols.
Gauntlet and Chaos Labs provide bespoke risk management consulting to large protocols like Aave and Compound. Their analyses are private, non-standardized, and unavailable to the broader ecosystem.
RLAR's position: the composable, on-chain oracle layer that sits downstream of all the above. It aggregates, scores, and delivers security data as a standardized feed any protocol can integrate — democratizing access to security intelligence.
The Record Layer accepts immutable security data submissions. Each submission is a structured entry containing: on-chain content hash (SHA-256 of the full report), source classification (audit report, incident disclosure, configuration change, dependency update), target contract address(es) and chain ID, submitter address and stake amount, and metadata including auditor identity, assessment date, severity findings, and remediation status.
Submissions require a minimum RLAR token stake, scaled by data type. Audit report registrations require a higher stake than routine configuration observations, reflecting the higher impact of inaccurate audit data.
Records are permanent. Updated assessments are published as new entries referencing prior versions, maintaining a complete audit trail per contract address.
If a submission is disputed and found inaccurate, the submitter's stake is partially slashed: 70% redistributed to the challenger, 30% to the validator committee.
The Reference Layer produces dynamic Risk Scores for registered contract addresses through a hybrid computation model combining deterministic on-chain signals with validated off-chain submissions.
These signals are computed entirely from on-chain data with no human input:
Tier 1 — DAO-Governed Whitelist: Submissions from whitelisted sources (auditors with established on-chain track records and minimum reputation scores) are integrated with a 24-hour observation period. The whitelist is initially managed by a 5-of-9 multisig composed of security ecosystem participants, transitioning to full DAO governance via token-weighted vote by Month 12. Whitelisting proposals require 100,000 RLAR to submit and a 7-day voting period with 10% quorum.
Tier 2 — Optimistic Ingestion with Challenge: Submissions from non-whitelisted sources enter a 72-hour challenge period. Unchallenged data is incorporated at 80% weight. Challenged submissions are resolved by a randomly selected validator committee (minimum 5 validators). Committee scores are aggregated via stake-weighted median with quadratic dampening — each validator's influence scales with the square root of their stake.
RLAR's core product is an on-chain oracle feed that DeFi protocols consume directly within their smart contract logic.
Each query returns the current score (0-100), last update timestamp, and a confidence metric reflecting data density. Consuming protocols pay subscription fees denominated in RLAR tokens.
Off-chain computation is performed by a permissionless node operator network (minimum 7 operators per attestation round). Node operators independently compute scores from Record Layer data and submit attestations. On-chain consensus requires matching results from at least 5 of 7 operators before score updates are committed — preventing any single aggregator from manipulating feeds. Attestation rounds occur every 6 hours or upon significant score change exceeding 5 points.
Phase 0 — Seed Layer (Pre-Launch): RLAR seeds the Record Layer with publicly available security data before launch: verified contract metadata from block explorers, historical audit reports from public repositories, and known incident databases. This provides baseline Risk Scores for the top 200 DeFi contracts by TVL at launch.
Phase 1 — Subsidized Integration (Months 1-12): The bootstrap reserve (15% of Ecosystem allocation, vesting over 24 months) subsidizes both sides. Data submitters receive boosted rewards from the reserve. Early integrating protocols receive discounted subscription access for the first year. Target: 3-5 lending protocol integrations and 500+ scored contracts.
Phase 2 — Organic Transition (Months 12-24): As query volume scales, organic subscription revenue replaces subsidies. Reserve subsidies decrease linearly, reaching zero at month 24.
Phase 3 — Self-Sustaining (Month 24+): All protocol economics run on organic revenue. No cliff events at reserve exhaustion due to linear taper.
All protocol revenue is generated from oracle subscription fees paid by integrating DeFi protocols, wallets, insurance providers, and aggregators.
High-reputation submitters receive a multiplier (up to 2x) on their revenue share, creating compounding returns for consistent, honest participation.
Token: RLAR — Total Supply: 100,000,000 (fixed hard cap, minted at genesis). No inflation. No future minting under any circumstances.
Data submitters stake RLAR to register security data (minimum stake varies by data type). Validators stake RLAR to participate in dispute resolution (minimum 10,000 RLAR, 90-day lockup). Consuming protocols pay RLAR for oracle subscription access. Token holders vote on governance proposals including treasury allocation, parameter changes, and whitelist management.
20% of subscription revenue is used to purchase RLAR from the open market and permanently burn it. Because supply is hard-capped with no issuance, every burn is a net reduction with no dilutive offset.
Month 0: 25% circulating (public sale). Month 6: ~32% (investor unlock begins). Month 12: ~42% (team unlock begins). Month 24: ~65%. Month 36: ~85%. Month 48: 100% fully circulating. All vesting is linear after cliff — no sudden unlock events.
RLAR governance operates through a token-weighted DAO with the following scope: treasury allocation (10% reserve), protocol parameter adjustments (score weights, decay rates, minimum stakes), Tier 1 whitelist additions and removals, and emergency score freezes (requiring 67% supermajority).
Governance proposals require a minimum 100,000 RLAR to submit and a 7-day voting period. Quorum is 10% of circulating supply. Parameter changes are subject to a 48-hour timelock before execution.
During launch phase (Months 0-12), whitelist management is handled by a 5-of-9 multisig composed of security ecosystem participants. This transitions to full DAO control by Month 12.
RLAR provides the trust infrastructure that DeFi requires — not by deciding what is secure, but by making the evidence trail transparent, verifiable, and economically accountable.