To bridge valuable DeFi projects with enhanced security intelligence contributed by CertiK Foundation and leading security software companies and communities, we decompose our Decentralized Security Oracle into four areas:

  1. Business Chain: The targeted blockchain platform (that can support smart contract functionality) where CertiK Chain provides the Security Oracle to, i.e., Ethereum.

    1. Security Oracle Interface: The one and only smart contract serves as the interface to accept security inquiries from DeFi applications for upcoming transaction calls they need to make. If such an inquiry has no result or an expired result, then a new task could be broadcasted to CertiK Chain for fulfillment.

  2. CertiK Chain: The underlying blockchain to our solution which offers built-in components to facilitate the handling of security inquiries from Business Chains. CertiK Chain itself is envisioned as the Guardian of the Blockchain Galaxy, and it provides a range of Combinators that are tailored to solve different perspectives of security problems.

    1. Oracle Combinator: The built-in frameworks from CertiK Chain that facilitate the functionalities to fulfill general oracle workflows with characteristics on decentralization and transparency. Oracle movements such as task managements and result aggregation calculations will be broadcasted to CertiK Chain and recorded in states as proofs. By having a list of critical rules and reinforcements applied to the system, we could guarantee a professional and serious oracle network where good got prized and bad got punished.

    2. Security Primitive: This is the marketplace for Security Providers to register their on-chain services or off-chain API endpoints as Security Primitives and then for Oracle Operators to invoke with. Security Primitives are diverse service functionalities that tackle security considerations from different angles. It is best practice to have a select combination of Security Primitives thus to make the best judgement over the security score of a given smart contract address and its function signature.

  3. Cross-Chain: Communications and interactions are essential to the success of the Security Oracle network. Official authorized cross-chain components will be built and maintained by the CertiK Security Council, of which the members would be nominated by the broader CertiK community.

    1. Oracle Operator: Everyone could register as an Oracle Operator on CertiK Chain and start to contribute to the whole network. Technically speaking, an Operator needs to run and maintain a software that interacts with a CertiK Chain node. Each Operator is free to use their own infrastructure or leverage tech stacks provided by CertiK Foundation for quicker onboarding.

    2. Oracle Syncer: The Oracle Syncer is the Cross-Chain component that is solely owned and managed by CertiK Foundation’s Security Council. It could subscribe to the Security Oracle events on Ethereum and port to CertiK Chain. Vice versa, it also subscribes to transactions on CertiK Chain and pushes oracle results to the Security Oracle on Ethereum.

  4. Offchain Internet: This is the traditional Web2.0 ground where computing operations such as security scans and analysis happen. Tools will be provided to Oracle Operators to support popular communication protocols like HTTP/RPC to connect with those Security Primitives for accessing security insights and proprietary technologies.