General Workflow

The mission of the Security Oracle is to give DeFi projects the insight (security score) on whether a potential transaction call is secure or not, thus gaining the confidence on the decision of issuing such a transaction. Here we describe the steps for the workflow via the perspectives of a targeted Business Chain and CertiK Chain.

  • Business Chain (i.e. Ethereum)

    1. CertiK Foundation deploys and manages a Security Oracle contract that serves as the oracle inquiry interface and holds all security scores that processed via the oracle network;

    2. The DeFi contract make a call to the Security Oracle to query for a upcoming transaction by providing the contract address and function signature offset;

    3. Once receiving the inquiry, the Security Oracle would:

      • Respond back with the insight if such data record has already been monitored and logged;

        • Since there are a significant number of external dependencies shared by different DeFi projects, the chance for hitting the Oracle result table is considerably high;

      • Respond back with a default score indicating no suggestion at the moment;

        • Under the hood, such inquiry could be turned into a task on CertiK Chain and accepted by a group of Oracle Operators, who will then answer back their results;

    4. The DeFi contract receives the result for the security insight and makes the next move with confidence.

  • CertiK Chain:

    1. End users submit oracle tasks, funded with CTKs, for those security insights they wish to have on the Business Chain;

    2. Oracle Operators will receive the task by subscribing to CertiK Chain events;

    3. For each Operator, it will forward the task details to its customized Primitive Combination for real-time security checks;

    4. After the generation of a security score, the operator will respond to the oracle task by broadcasting a transaction to CertiK Chain;

    5. With the closing on the task response window, CertiK Chain’s Oracle Combinator will gather all responses per that task and aggregate with a final security score;

      • Task bounties will be issued out to operators accordingly;

    6. A cross-chain bridge component, maintained by CertiK Foundation, will then push the final security score to the Security Oracle contract on the Business Chain.