Tellor is a synergetic oracle protocol that is unique in the Ethereum Oracle space in the way that it enables people from all over the world to operate it via on-chain functions and smart contracts. This permissionless service offers flexibility that comes with unique monitoring challenges for the network’s participants. Reporters need to know whether their sources are reliable to prevent the submission of accidentally bad data. Users may need to know whether a questionable value was malicious or accidental. Monitoring these function calls is a matter of tracking transactions and this can be a daunting task. Enter OpenZeppelin’s Defenders, a platform designed to strengthen smart contract security. This blog post explores how monitoring the Tellor network with OpenZeppelin’s Defenders makes us stronger.
What are Open Zeppelin’s Defenders?
OpenZeppelin Defender is a robust security operations (SecOps) platform specifically tailored for Ethereum. This platform encapsulates industry best practices, assisting development teams to deliver their projects faster and with minimized security risks. It’s designed to alleviate the burden of operational security, allowing teams to focus on core development tasks.
Sentinels watch for certain functions on the Tellor oracle contract to be called. Every time the function is called, a Discord message is sent that includes the query type, the submitted value for that query, the transaction timestamp, and a block explorer link.
We have an autotask for decoding and making a mock price feed in discord, an autotask checking for potential disputable values, and an autotask checking that every EVMCall value matches the expected function response
Why OpenZeppelin’s Defenders is Important
The use of OpenZeppelin’s Defenders provides a significant boost to the security of the Tellor network:
Sentinels: These allow you to monitor a contract’s transactions. In our case, they watch for certain functions on the tellor contracts to be called: submitValue, beginDispute, and tip. With this, you get a Discord notification every time these specific functions are called or events are emitted.
Autotasks: These allow us to run code in response to certain transactions, enhancing the real-time reaction capabilities.
The combination of these features simplifies monitoring transactions on Tellor’s oracle, governance, and autopay contracts, providing readable Discord notifications every time someone uses Tellor. More details given below.
OpenZeppelin’s Defenders provides an easy-to-use interface:
- The integration with Discord allows a unique “blockchain to human event alert system.” This gives users an easy way to see what values are being submitted, automatically check if submitted values are appropriate, and monitor incoming tips.
- It serves as a handy backup or alternative for Telliot and data feed websites.
Use Cases of OpenZeppelin’s Defenders
Backup/Mobile Data Feed
Sentinels watch the `submitValue` on the oracle contract on each network. An autotask connects to the sentinel to manipulate the transaction data, making the sentinel’s Discord alert appear similar to what is seen on the data feed. Within the autotask, the query data is decoded, formatted, and passed into metadata that gets read back out by the sentinel. On Discord, all we end up seeing is the currency/asset pair, the decimal value submitted, and the transaction timestamp with its block explorer link.
Personalized Data Feed
Autotasks allow full customization for a personal data feed. Sentinels will pick up every transaction, but within the autotask connected to that sentinel, the transaction data can be parsed so that you only get notified for certain types of queries.
Disputable Value Monitoring
We also use the sentinel/autotask combo as a secondary disputable value monitor. Like the backup data feed, the defender is watching for `submitValue` to be called on the Tellor oracle contracts. A connected autotask first decodes the query data, and then within the autotask, we call the CoinGecko API to compare its price against the submitted value. If they are a certain percent different, we get alerted. Note that this feature is limited to USD as currency.
Initiated Disputes Alerts
If the value was indeed simply malicious, the dispute mechanism has it covered. However, not all bad values are malicious so It’s very important to determine if the value submitted was due to a reporting client error, ie. broken api.
In addition to watching for submitted values, we also use sentinels to watch for incoming tips on each network’s autopay contract, allowing us to monitor demand/activity.
While OpenZeppelin’s Defenders provides significant benefits, there are a few limitations to be aware of:
- Tough default readability can be worked around with autotasks.
- The documentation for autotask/sentinel could be more comprehensive and user-friendly.
Despite the limitations, OpenZeppelin’s Defenders offer great utility and most of the services are free. It’s a comprehensive tool that boosts security and improves transaction monitoring, making it an indispensable asset for those operating on the Tellor network. With continuous updates and improvements, it is expected to deliver even more value in the future.
Give OpenZeppelin Defender a Try!
OpenZeppelin Defender is not just robust but also free. If you’re interested in monitoring the Tellor system or any other on-chain transactions, you should give it a try. To get started, simply head over to defender.openzeppelin.com.