The mission of the Security Oracle is to give DeFi projects the insight (security score) on whether a potential transaction call is secure or not, thus gaining the confidence on the decision of issuing such a transaction. Here we describe the steps for the workflow via the perspectives of a targeted Business Chain and CertiK Chain.
Business Chain (i.e. Ethereum)
CertiK Foundation deploys and manages a Security Oracle contract that serves as the oracle inquiry interface and holds all security scores that processed via the oracle network;
The DeFi contract make a call to the Security Oracle to query for a upcoming transaction by providing the contract address and function signature offset;
Once receiving the inquiry, the Security Oracle would:
Respond back with the insight if such data record has already been monitored and logged;
Since there are a significant number of external dependencies shared by different DeFi projects, the chance for hitting the Oracle result table is considerably high;
Respond back with a default score indicating no suggestion at the moment;
Under the hood, such inquiry could be turned into a task on CertiK Chain and accepted by a group of Oracle Operators, who will then answer back their results;
The DeFi contract receives the result for the security insight and makes the next move with confidence.
CertiK Chain:
End users submit oracle tasks, funded with CTKs, for those security insights they wish to have on the Business Chain;
Oracle Operators will receive the task by subscribing to CertiK Chain events;
For each Operator, it will forward the task details to its customized Primitive Combination for real-time security checks;
After the generation of a security score, the operator will respond to the oracle task by broadcasting a transaction to CertiK Chain;
With the closing on the task response window, CertiK Chain’s Oracle Combinator will gather all responses per that task and aggregate with a final security score;
Task bounties will be issued out to operators accordingly;
A cross-chain bridge component, maintained by CertiK Foundation, will then push the final security score to the Security Oracle contract on the Business Chain.