Hi,
I wanted to talk about assertions and and start a broader discussion on what “security” really means for DeFi protocols in 2026.
As builders, we often notice a disconnect: users typically prioritize high incentives (above all else), leverage, UIs, low fees… While these are essential for adoption, the “invisible” layer protocol solvency and risk management is often taken for granted, until some problem occurs…
At Denaria we believe that in the derivatives space, a static audit is no longer enough. Especially if the system’s complexity opens up an infinite number of scenarios for which it is almost impossible to predict everything. This was also reiterated to us by the auditors (Consensys Diligence in primis).
Furthermore, this makes the audit process extremely long and expensive. This also creates the risk that, once it’s completed, the product will need to evolve without ever having been on the market.
The trade-off between innovation and complexity translates into: sustainability vs. user safety
The Shift to Active Security
We have officially deployed our first On-Chain Assertion in partnership with Phylax. This moves our security model from “reactive” (fixing bugs after they are found) to “proactive” (preventing invalid states before they finalize).
(You can read the technical breakdown about the first assertion in our official documentation)
Our First Assertion is a general Solvency Check
The first assertion we implemented follows this logic:
”Any user cannot cause bad debt to himself as a result of his transaction.”
This means that the first invariant we are now enforcing on Linea ensures that the protocol’s accounting remains mathematically sound in every block. Specifically, it verifies that the system’s total collateral always covers open interest liabilities. If a transaction attempts to break this invariant (due to a bug or an exploit), the assertion triggers, effectively preventing the sequencer from executing the transaction and preventing bad debt creation (this is what we don’t want).
The idea is ultimately simple, but fundamental: there’s no reason (except for complex attacks involving multiple participants) for a user to open a position that puts himself in bad debt (this means first of all losing all his collateral).
The assertion was written in solidity by the Denaria team and enforced by Phylax, and is public.
What’s Next?
This is just the baseline. We are currently thinking about the next set of assertions to cover more complex vectors:
-
Oracle Price Execution: to strictly validate that trade execution prices fall within acceptable deviation bounds relative to the primary oracle, mitigating impact from flash crashes or manipulated oracle price feeds.
-
Curve Math Integrity: the idea is to implement a parallel mathematical validation. The assertion independently calculates the expected bonding curve and AMM outcomes, strictly verifying that the on-chain execution result matches the valid mathematical model. This redundancy ensures that the smart contract logic is performing exactly as intended, immediately flagging any calculation anomalies or logic deviations.
In summary, with this approach we can test the system’s complexity without having to predict the infinite number of scenarios that could lead to an undesired state, knowing exactly what that state is. This means we don’t compromise user safety, while still remaining flexible with development dynamics.
We believe that this approach, if presented and explained correctly, can be an excellent incentive to attract capital into DeFi.
Thanks to the Phylax team for the support during the integration phase, I’m sure that the collaboration is giving important feedback to both of us.
We welcome feedback from other developers and security researchers on our approach.
Tiziano, Co-Founder at Denaria