The mission of the Security Oracle is to give DeFi projects the insight (security score) on whether a potential transaction call is secure or not, thus gaining the confidence on the decision of issuing such a transaction. Here we describe the steps for the workflow via the perspectives of a targeted Business Chain and CertiK Chain.
Business Chain (i.e. Ethereum)
CertiK Foundation deploys and manages a Security Oracle contract that serves as the oracle inquiry interface and holds all security scores that processed via the oracle network;
The DeFi contract make a call to the Security Oracle to query for a upcoming transaction by providing the contract address and function signature offset;
Once receiving the inquiry, the Security Oracle would:
Respond back with the insight if such data record has already been monitored and logged;
Since there are a significant number of external dependencies shared by different DeFi projects, the chance for hitting the Oracle result table is considerably high;
Respond back with a default score indicating no suggestion at the moment;
Under the hood, such inquiry could be turned into a task on CertiK Chain and accepted by a group of Oracle Operators, who will then answer back their results;
The DeFi contract receives the result for the security insight and makes the next move with confidence.
End users submit oracle tasks, funded with CTKs, for those security insights they wish to have on the Business Chain;
Oracle Operators will receive the task by subscribing to CertiK Chain events;
For each Operator, it will forward the task details to its customized Primitive Combination for real-time security checks;
After the generation of a security score, the operator will respond to the oracle task by broadcasting a transaction to CertiK Chain;
With the closing on the task response window, CertiK Chain’s Oracle Combinator will gather all responses per that task and aggregate with a final security score;
Task bounties will be issued out to operators accordingly;
A cross-chain bridge component, maintained by CertiK Foundation, will then push the final security score to the Security Oracle contract on the Business Chain.