Protocol Labs: Web3 Assurance

How a web3 leader ensured the security and robustness of its decentralized storage and compute system using open source cloud native security solutions
Featured image

About Protocol Labs

Protocol Labs is at the forefront of providing decentralized storage solutions, enabling users to store information or provide storage in exchange for digital currency. As part of their ongoing innovation, Protocol Labs embarked on developing Bacalhau, a method for performing compute over data. However, they recognized the importance of addressing the security risks associated with this endeavor to uphold the confidentiality and integrity of the system.

Web3 Assurance

The Web3 Assurance project aimed to ensure the security and robustness of Protocol Labs’ decentralized storage and compute system, Bacalhau. By leveraging open source and cloud native security solutions, Protocol Labs aimed to protect against hacks that would compromise individual files, transactions, or the entire network. With the help of ControlPlane, Protocol Labs sought to implement security controls that would effectively mitigate these threats.


Protocol Labs faced various security threats specific to Bacalhau and the underlying Web3 technology. These threats included smart contract logic hacks, reputational attacks, malicious jobs, ransomware, and full compute network compromises. It was crucial for Protocol Labs to consider these threats during the design and development of Bacalhau to ensure a robust and secure system.


ControlPlane employed a threat modelling approach to gain a comprehensive understanding of potential threat actors and how they could exploit the decentralized systems, network, and currency underlying Bacalhau. The objective was to identify and implement security controls that would effectively mitigate these threats to an acceptable level. ControlPlane implemented a comprehensive set of solutions, including:

  • Development of a threat model and security architecture to identify potential vulnerabilities and define necessary security controls
  • Concrete and abstract threats against the system and countermeasures to reduce risk, or recommendations to avoid specific approaches
  • Guidance on the adoption of vulnerability scanning, code signing, and physical hardware tokens within pipeline and development environments

Business Outcomes

ControlPlane presented the threat model and a list of forward-thinking security control options to the Protocol Labs working group in Paris. Each security control was meticulously mapped against the current system workflow, highlighting the specific threat it would mitigate. The threat model served as a foundation for the design and development of Bacalhau, ensuring that security was prioritized throughout the process. ControlPlane’s expertise in cloud native security resulted in:

  • Strengthened security posture of Bacalhau, minimizing the risk of identified threats
  • Improved confidence among Protocol Labs’ stakeholders and users in the security and reliability of Bacalhau
  • Mitigation of security threats by implementing efficient and effective security controls

ControlPlane’s expertise with cloud native security delivered a secure and robust decentralized storage and compute system, enabling Protocol Labs to innovate while prioritizing security.

Similar case studies:  
security assurance web3 all