Xeno

DeFi protocols get hacked in seconds. The response takes minutes, multisig coordination, human availability, manual intervention. Euler Finance lost $197M. Cream lost $130M. Monitoring detected both attacks in real time. The autonomous response didn't exist.
Xeno closes that gap permanently.
It's a Chainlink CRE workflow that turns a DeFi protocol into its own defender. When the math stops adding up — when vaultBalance < totalOwed — the protocol pauses itself. No humans. No AI risk scores. No delay.
How it works: Two independent defense layers run continuously. Layer 1 is a CronCapability that checks invariants every 30 seconds, catching gradual collateral erosion before an exploit can complete.
Layer 2 is an EVM Log Trigger that fires on VaultStateChanged events, catching zero-day attacks in Block N+1. When either layer detects a violation, a Confidential HTTP enclave runs a live simulation via Tenderly's API (sealing the API key and raw vault state from node operators), derives a cryptographic proof ID, passes it through DON BFT consensus via consensusIdenticalAggregation, and writes an immutable PauseProof on-chain, all within a single block window.
What makes it verifiable: Every pause writes a PauseProof struct containing a simulationId derived from keccak256(blockNumber ++ VaultInvariant.check() output). Anyone can replay check() at the same block and hash the output to get the same bytes32. The audit record is a cryptographic proof, not a log entry.
Measured, not claimed: p50 response latency of 543ms. p99 of 1053ms, across 20 live simulation runs on a Tenderly Virtual TestNet forked from Ethereum Mainnet. Block time is 12 seconds. Block N+1 containment fits 11× inside one block

Smart contracts (Solidity 0.8.19, Hardhat, Tenderly Virtual TestNet)
XenoVault implements Chainlink's IReceiver interface — its onReport() function is the on-chain entry point for DON consensus write-backs. VaultInvariant contains the hard (balance < owed) and soft (ratio within warning buffer) invariant logic. IXenoInvariant is a universal interface any protocol can implement to plug into the same defense layer. All contracts are deployed on a Tenderly VNet forked from Ethereum Mainnet at block 24515664 , live Aave, Lido, and Compound state on the same network.
Chainlink CRE workflow (TypeScript, @chainlink/cre-sdk@1.0.9)
main.ts composes four CRE primitives: CronCapability (30s prevention layer), EVM Log Trigger (Block N+1 containment layer), ConfidentialHTTPClient (sealed Tenderly simulation enclave), and EVMClient write-back through MockKeystoneForwarder. consensusIdenticalAggregation enforces that every DON node independently produces the same (violated, proofId) tuple before anything lands on-chain.
Dashboard
Reads live vault state and protocol health (Aave v3, Lido stETH, Compound v3) directly from the Tenderly VNet via viem. Components map 1:1 to CRE primitives: CronPulse visualises the 30s cron cadence, SimulationProofCard surfaces the on-chain PauseProof, PauseEventLog streams ProtocolPaused events in real time.
Testing & validation
29 Hardhat tests across XenoVault and VaultInvariant. Latency benchmarked across 20 live simulation runs (p50 543ms, p99 1053ms).