Introduction

Blockchain technology, often classified as the Web3.0, evolved from the Internet (Web2.0) and quickly became the primary medium for digital assets. Due to its inherent properties of transparency, decentralization, and immutability, the world quickly adopted blockchain platforms such as Ethereum and positively embraced the novel concept of smart contracts to fulfill a variety of business needs.

In the world of blockchain applications, DeFi (Decentralized Finance) dominates with its exponential growth. Data accuracy and security are the two primary motivations for pursuing the concept of DeFi. There are many successful attempts at providing the former given that feeding data to a smart contract is straightforward and easy to achieve. However, when it comes to providing security checks for DeFi, there are still many concerns. As DeFi is more widely used and more money is funneled into these apps, those projects quickly become lucrative targets for hackers and a sharply increasing amount of attacks are observed recently.

Security was never a one-dimensional issue which can be simply figured by individual solutions. Current security offerings for DeFi, namely conducting static source code reviews or audits, are not persuasive at all. These one-off security checks are important at software development phases as they can catch bugs and vulnerabilities before DeFi smart contracts go live; however, once DeFi projects are published into real runtime production, any vulnerability hidden in any part of the tech stack is widely open for malicious manipulations and can be easily taken advantage of by those bad actors, and there’s seemingly little-to-none that can be patched to stop these actors from stealing unsecured assets. This is why we have seen so many post-mortem articles explaining why and how attacks happened, while ideally we would much rather see technologies that could prevent malicious things from happening.

In the best effort to prevent these attacks in real-time, we present a solution on CertiK Chain, namely CertiK Decentralized Security Oracle, to guard on-chain transactions by bridging DeFi smart contracts with industry-leading security checks in a decentralized fashion. By invoking this Security Oracle to get back security intelligence, smart contracts could make better decisions on their potential transactions and external invocations. With such a bridge, DeFi projects are equipped with the safeguards to prevent attacks through real-time security checks. It is our hope that our proposed security oracle approach will be widely adopted, spurring further development and investment in blockchain security technologies to set higher industry standards.