Litepaper (draft version)

Polyzoa website: www.polyzoa.xyz

X: https://twitter.com/Polyzoa_xyz

Telegram: https://t.me/polyzoa_space

API: https://polyzoa.readme.io/

Table of content

Contents

Tokenomics (work in progress)

Tech Architecture

Poly-graph ML

1. Project Overview

The problem

The Web3 ecosystem and its stakeholders continually find themselves in the crosshairs of various types and scales of criminal activities. Despite claims of increasing safety and reliability, the reality often reflects a mere "crypto winter" lull, where the decline in on-chain activity corresponds with a temporary drop in victim counts.

As the market heats up again with another bull run, the incidence of crypto-related crimes, including scams and fraud, is not only surging to new heights but also shows no signs of abating. A stark reality within the Web3 space is the limited economic incentive for the growth of security projects, as the majority of initiatives are more concerned with safeguarding their own funds and liquidity. A significant chunk of security services, financed by DApp builders and blockchain ecosystems, revolves around smart contract audits and protection against attacks targeting liquidity, such as flash loan attacks, miner extractable value (MEV) exploits, or sandwich attacks.

While these security challenges are crucial and somewhat more straightforward to tackl, often based on recognizable patterns that heuristic logic can easily identify, they typically offer one-off protection rather than continuous security.

Before-launch security measures, including testing and audits, are essential but insufficient for identifying all potential risks and exploits. The delayed response to attacks and the rise of zero-day vulnerabilities exacerbate the damage. Transaction-based crimes like social engineering, scams, phishing, or money laundering pose unique challenges, demanding a deep understanding of the crime's off-chain context. Hence, the critical need for comprehensive system scanning for threat detection and prevention, widely referred to as runtime security, on smart contracts is ever more apparent to mitigate risks and prevent losses.

In many instances, early threat detection and swift response mechanisms could have significantly reduced or even prevented losses, offering users enhanced protection by alerting them to potential threats in time to take preventive action. While many security solutions capitalize on high-profile scams for PR and marketing, the reality is that these scams are often identified post-factum. Few existing "real-time" solutions can guard against nascent threats that haven't yet captured widespread public attention, leading to a false sense of security and an ineffective response to crypto crime.

The overdependence on centralized security services and solutions in the Web3 ecosystem presents formidable obstacles to the development and scaling of decentralized applications. These "black box" solutions fail to deliver fresh and relevant risk data, often providing conflicting information that leaves significant security gaps.

With 99% of blockchain security solutions unable to offer up-to-date and pertinent risk data, builders are forced to invest heavily in black-box security measures that rely on human intelligence, rudimentary algorithms, and outdated databases, all without verifiable proof of their efficacy.

To align with Web3 principles, the paradigm must shift towards security tools that are decentralized, reliable, and scalable, ushering in a new era of blockchain application development rooted in these core values.

Polyzoa solution

Polyzoa addresses this critical issue with its permissionless risk assessment platform, ensuring developers can build by leveraging the maximum available and trustless security.

Polyzoa builds a decentralized risk protocol that is focused on assessing risks and detecting scams and fraud within the blockchain ecosystem. As the number of blockchain applications and projects continues to grow, the need for a secure and reliable system to identify and verify potential risks has become increasingly important. Polyzoa aims to address this challenge by leveraging its decentralized nature and advanced algorithms to provide accurate and unbiased risk assessments. Polyzoa serves as a focal point for risk data providers, validators, and consumers.

Key Principles and Values in Polyzoa's Security Ecosystem

Permissionless Risk Assessment for Enhanced Security in Web3

Polyzoa is pioneering the effort to democratize access to risk assessment, envisioning a future where developers can effortlessly integrate a "by default" security layer into the core of their products across various blockchains. Polyzoa’s mission is to build essential security infrastructure for developers aiming to create safe, customer-centric decentralized applications with real-world utility, ready to provide high-scale security for the mass market.

Openness and Incentivized Participation

The Polyzoa ecosystem is designed with openness at its core, welcoming everyone to participate as a data provider and offering rewards for valuable contributions. This system ensures that only validated and unique data submissions are acknowledged and compensated, fostering a competitive environment among providers. Such competition motivates participants to deliver their data swiftly, ensuring the Polyzoa system remains constantly updated in real-time. This approach not only enhances the platform's efficiency and accuracy but also democratizes the process of data validation, making it a collective effort that benefits the entire community.

Consensus Judgment for Maximum Result Objectivity

Polyzoa aims to eliminate any single point of judgment regarding the risk level of an address. It establishes a consensus layer that acts as a collective mind to decide on the risk associated with the address. By encouraging and rewarding every player in the ecosystem to join the consensus, and by implementing strict penalty principles, it ensures that bad actors cannot manipulate or counterfeit results and the database. This structure means that actors producing invalid results lose any economic value by violating system rules. On the other hand, a good actor with high performance is incentivized to contribute more and maintain the quality and speed level of data at the highest level. By creating an open-door system for data producers, Polyzoa does not rely on a single security technology or source of data. This approach helps to find the best possible response for any current threat.

Open-Source and Developer-Friendly Ecosystem

Polyzoa’s design principles focus on openness and developer empowerment, offering seamless access to security data and risk assessments through a flexible, modular structure. This open structure ensures that security data is not only consumed but also provided and validated in a decentralized way, ensuring full unbiasedness and reliability.

Tokenomic Model to Foster Innovation and Community Growth

The increase in blockchain data production and the growing need for data storage highlight the necessity for a scalable and efficient tokenomics model. Polyzoa's tokenomics is crafted to leverage this growth, enhancing the network's value through expanded data storage, risk assessment, and community engagement. By offering incentives to data providers and validators via rewards and staking mechanisms, Polyzoa seeks to significantly lower the costs of risk assessment, thereby promoting security and trust within the Web3 ecosystem.

Built on the principles of openness, data integrity, accessibility, and rewarding contributions, the Polyzoa ecosystem motivates community involvement with token rewards. This approach boosts the risk assessment process's efficiency and efficacy while providing a sturdy and dependable solution for the Web3 community. Encouraging active participation, Polyzoa solidifies its role in advancing a safer, more transparent decentralized economy.

Decentralized Risk Protocol for Enhanced Security

As decentralization is a core principle of the Polyzoa ecosystem's activity, let's clarify its definition. Polyzoa aims to decentralize security in several areas:

  • Risk Data Storage: It's crucial to have permissionless and fault-tolerant availability of risk data. That's why Polyzoa shards the storage among many Node providers, enabling maximized performance and availability.

  • Data Production: Polyzoa does not rely on a central point of judgment; instead, it decentralizes the decision-making on the risk level of a given entity. By building fair governance logic, Polyzoa provides only a weighted average decision by aggregating responses from many data providers based on their performance and speed.

  • Risk Analysis: Polyzoa's ML algorithms are set to be built, trained, and run in a decentralized manner. Any ecosystem player can set up their own Polyzoa ML node and provide risk assessments for rewards. Since data aggregation and training are also computationally costly procedures, they will be designed for open participation and contribution.

Polyzoa distinguishes itself as a decentralized risk protocol focused on identifying and mitigating scams and fraudulent activities within the blockchain space. Its unique approach leverages decentralized oracles and advanced algorithms to provide accurate risk assessments, enhancing security and transparency across the Web3 landscape.

2. Key Polyzoa Services

Polyzoa leverages its decentralized oracle network for blockchain risk assessments, identifying potential scams and fraudulent activities. It focuses on several critical services:

Unlimited Threat Detection Functionality

The Polyzoa protocol significantly enhances threat detection capabilities by allowing anyone to contribute information about new and previously unseen threats to the protocol, disseminating this vital data throughout the entire network. A robust consensus mechanism ensures the validity of the submitted data, allowing only verified information to be propagated. This open contribution model fosters a collective defense strategy, empowering the community to contribute to the ongoing enhancement of security measures and ensuring that the Polyzoa ecosystem remains at the forefront of threat prevention.

Polyzoa acts as a security intelligence hub, continuously learning from a wide array of sources and adapting in real-time to emerging threats. From its inception, it has been designed to offer proactive protection, beginning with industry benchmarks and constantly refining its accuracy to achieve unparalleled levels of reliability in identifying risks.

Real-Time Address Assessments

Polyzoa is capable of conducting real-time assessments for even previously unknown addresses, thanks to its proprietary ML technology. Along with other network data providers Polyzoa’s ML nodes dynamically examines fund flow routes, captures each address's unique footprint, and compares it against an extensive database of on-chain threat patterns. As Polyzoa progresses, it plans to integrate more participants into its protocol for real-time address checks, ensuring a thorough and impartial risk assessment process.

Through vigilant monitoring of on-chain activities and transactions, Polyzoa is adept at spotting patterns that signal scams, including rug pulls, phishing attempts, drainers, money laundering, and more. Its ability to discern these patterns enables it to safeguard the community against a wide spectrum of fraudulent schemes.

Coverage Across Ethereum Mainnet and Major EVM Chains

Polyzoa maintains an extensive database of fraudulent addresses within the EVM ecosystem and possesses the capability to dynamically identify unknown threats across all major L2 EVM chains. Looking ahead, there are plans to expand its reach to include more L1 chains and develop chain-specific solutions for detecting unique and genuine threats, thereby enhancing its comprehensive security coverage.

Consumer Node For Locally Stored Risk Data

Polyzoa allows anyone to become a private node holder. Such a node holds the full scope of Polyzoa's risk data and can be accessed locally at any moment. It maintains a constant connection with the network and is updated immediately. A Polyzoa private node offers unprecedented flexibility and speed of protection to infrastructure providers and node operators, even offering the possibility to install Polyzoa under the system firewall.

3. Risk logic at the smart contract level

One of the biggest constraints in implementing security tools is the Web2 approach that the majority of security providers take. The requirement to integrate centralized APIs into the backend makes the project more complex and heavyweight. With such integrations, it becomes impossible to build a lightweight on-chain solution without off-chain dependencies. Polyzoa aims to solve this challenge, enabling dApp developers to build decentralized and legally compliant solutions simultaneously. Polyzoa makes it possible to incorporate security logic and flexible risk thresholds directly into smart contract execution. This allows builders to block fraud, money laundering, or other malicious transactions purely on-chain, without disrupting transaction execution or needing to call the backend.

4. Decentralized ML: The Core of Polyzoa's Innovation

Machine learning, with it’s ability to predict attacks based on subtle (learned) transactional patterns, has opened new doors for protection against threats in the web3 universe. A well-trained machine learning model can capture the nuanced relationships and characteristics of different attack types, facilitating more accurate and insightful alerts.

The landscape of web3 attacks is too complex for a single prediction model; instead, tailored models are needed, considering specific threats and associated labels, such as anti-money laundering regulations for DEX and concerns about Sybil attacks for node providers. Despite diverse modelling needs, most applications can utilize the same graph structure in transaction networks, allowing for model creation with varying input variables and training algorithms. The PLZ-prediction toolkit, centered around a universal "threat graph" structure, facilitates ML customization for web3 by providing developers with open-source tools to train precise models tailored to individual threats, leveraging custom labels, tech-stacks, and hardware configurations to combat attacks effectively.

Poly-graph, part of Polyzoa's decentralized machine learning network security, empowers nodes to create and utilize specialized models while incentivizing high-quality model development through token payments and rewarding feature developers whose contributions are incorporated into models, with models meeting accuracy requirements eligible for adoption and rewarding, ultimately contributing to the growth of the Poly-graph chain.

The heart of Poly-graph is its provisioned machine learning (ML) engines, serving as both data providers and validators, where labels generated by Poly-graph's predictions are redistributed as alerts, and newly contributed alerts from the community are integrated into future models through a continuous training cycle to ensure their ongoing relevance and accuracy.

5. Ecosystem

The Polyzoa ecosystem is designed to act like a collective mind, leveraging the synergy of different Web3 security and protection approaches and services to combat cybercriminals. It offers multiple roles, allowing anyone to contribute while ensuring high accuracy, data validity, and availability. Polyzoa aims to deliver risk data directly to the core of blockchain architecture, whether on-chain or off-chain, where it is most needed by data consumers. Our network encourages anyone joining to become a data provider and earn rewards for valid contributions. We strive to unite Web3 security efforts and consolidate fragmented risk data into a single decentralized storage, accessible and verifiable by anyone.

The data producer role is a key contributor position that can be filled by a wide variety of Web3 companies, organizations, and individuals. Risk data can be supplied by compliance agencies, country authorities, Web3 security solutions, DApps, and individual researchers.

The Polyzoa protocol rewards all valid contributors and penalizes those who violate rules or supply false data, promoting ecosystem players based on their activity.

NAMEROLE

Data consumer

A data consumer accesses data from node operators. A data consumer must have a sufficient amount of $PLZ in their balance and pay in $PLZ for every data request. A data consumer may become a full node provider.

(Private Node consumer)

Private Node consumer maintain the entire Polyzoa security data set for their own purposes and to serve other data consumers. To be eligible for full node operator status, customers must pay a subscription in $PLZ.

Node Operator

Polyzoa Nodes play a crucial role in the Polyzoa network, acting as intermediaries between collected and analyzed risk data and the smart contracts of decentralized applications (dApps), ensuring a stable and reliable data stream. Each Node stakes a certain amount of $PLZ tokens as collateral, guaranteeing reliable, honest, and high-quality performance.

Node providers must guarantee data availability and are responsible for adhering to rules against data manipulation.

Data provider

Data providers contribute their analysis data to the network. There are two types of data providers:

  • Simple Data Provider (SDP) acts as a data supplier, pushing new data when available, and gets rewarded in case of data validation. SDPs do not have the rights to participate in validation (Consensus layer).

  • Full Data Provider (FDP) has two-way communication with the Polyzoa network and must be able to provide risk status on demand. A Full DP must stake $PLZ to meet the trust threshold and is punished for rule violations. Each Full DP may act as a part of the consensus layer. Every submission of scam and threat data is validated by consensus, and after verification, is distributed throughout the network

Consensus layer

Consensus layer is a collective role that determines the validity of data received from Data Providers.

Last updated