Event Trigger

Executes an action when an asset's price crosses a predefined threshold. This is the most common trigger for DeFi automation.

• Examples: Liquidating a loan when collateral value falls, executing a limit order on a DEX, or rebalancing a portfolio.
• Key Data Source: Relies on decentralized oracles like Chainlink or Pyth for accurate, tamper-proof price data.

Executes an action at a specific block height, timestamp, or after a set interval. It introduces temporal logic to on-chain operations.

• Examples: Claiming vested tokens on a specific date, renewing a subscription service, or scheduling regular portfolio rebalancing.
• Key Mechanism: Uses the blockchain's internal clock (block timestamp) or a counter of blocks for execution.

Monitors a specific wallet address and triggers an action based on its state changes or transactions.

• Examples: Sending an alert when a whale wallet makes a large transfer, auto-compounding staking rewards upon receipt, or executing a trade when a governance wallet votes.
• Key Data: Tracks balance changes, incoming/outgoing transactions, or interactions with specific smart contracts.

Executes an action when the internal state of a monitored smart contract meets defined conditions.

• Examples: Triggering a buy order when a lending pool's utilization rate exceeds 90%, or providing liquidity when a DEX pool's imbalance reaches a threshold.
• Key Function: Requires reading specific public variables or calling view functions on the target contract to assess its state.

Activates based on the outcome or process of a decentralized governance proposal.

• Examples: Automatically voting with a strategy, executing the result of a successful proposal (like a treasury transfer), or hedging position risk if a contentious vote passes.
• Key Data: Monitors proposal state (created, active, passed, executed) and vote tallies on platforms like Snapshot or on-chain governance modules.

Uses data or an event from one blockchain to trigger an action on another, enabling interoperable automation.

• Examples: Minting an asset on Chain B when it's locked on Chain A (bridge completion), or executing a trade on Ethereum based on an oracle report from Solana.
• Key Infrastructure: Relies on cross-chain messaging protocols like LayerZero, CCIP, or Wormhole to verify the triggering condition.

The most common trigger. A smart contract function is executed when a specific transaction is sent to its address. This includes:

• Token transfers (e.g., an ERC-20 transfer)
• Function calls (e.g., calling swap() on a DEX)
• Contract deployment (triggering constructor logic) The contract's logic validates the transaction data (e.g., msg.sender, msg.value) before proceeding.

Contracts rely on oracles like Chainlink for external data. A price feed update past a defined threshold can trigger critical functions:

• Liquidations in lending protocols (e.g., Aave, Compound) when collateral value falls.
• Settlement of derivative contracts or prediction markets.
• Rebalancing of algorithmic stablecoins. The trigger is the oracle's authenticated data submission to the on-chain contract.

Execution is triggered by reaching a specific block timestamp or block number. Used for:

• Vesting schedules releasing tokens at predefined intervals.
• Option expiries in decentralized finance.
• DAO governance closing a proposal vote period.
• Yield farming epochs ending rewards distribution. Relies on the deterministic nature of blockchain time.

A message from another blockchain can act as a trigger via a cross-chain messaging protocol like LayerZero or Axelar. Examples:

• Bridging assets: A lock event on Chain A triggers a mint event on Chain B.
• Cross-chain governance: A vote passed on Ethereum mainnet triggers a parameter change on an L2.
• Interchain accounts: An action on one chain triggers a transaction from a controlled account on another.

Off-chain keepers or indexers monitor the blockchain for specific events emitted by contracts. When detected, they trigger further actions:

• Keepers (e.g., Chainlink Automation) listen for conditions like low liquidity in a DEX pool and trigger a rebalance.
• Indexers (e.g., The Graph) watch for events to update queryable databases for dApp frontends.
• Bots trigger arbitrage when a price discrepancy event is logged.

Triggers restricted to specific authorized addresses, often managed via role-based access control (RBAC). Examples:

• Admin functions: Only an OWNER can trigger an upgrade to a proxy contract.
• Guardian actions: A multisig can trigger an emergency pause in a protocol.
• Minter role: A designated contract can trigger the minting of new tokens. The trigger validates msg.sender against an access control list.

A malicious actor can observe a pending transaction that will trigger a valuable event (e.g., a large trade or liquidation) and pay higher gas fees to have their own transaction executed first. This is a form of Maximal Extractable Value (MEV).

• Example: A public liquidation call triggers a price update. A searcher front-runs the call to buy the collateral cheaply.
• Mitigation: Use commit-reveal schemes, private mempools (e.g., Flashbots), or design mechanisms where the outcome is not predictable from the public trigger.

Many event triggers rely on external oracles for data (e.g., "if price reaches $50"). An attacker who can manipulate the oracle's reported data can trigger events fraudulently.

• Example: A flash loan is used to skew the price on a DEX that serves as an oracle, triggering an unintended liquidation.
• Mitigation: Use decentralized, time-weighted average price (TWAP) oracles, multiple data sources, and circuit breakers that delay execution after a large price movement.

A classic vulnerability where an external contract is called during an event trigger, and that contract calls back into the original function before the first invocation is complete, violating state assumptions.

• Example: The transfer event in an ERC-20 token triggers a callback in a malicious contract, which re-enters the withdrawal function to drain funds.
• Mitigation: Apply the checks-effects-interactions pattern, use reentrancy guards (e.g., OpenZeppelin's ReentrancyGuard), and complete all state changes before making external calls.

Centralized control over who or what can trigger an event creates a single point of failure. A compromised private key or malicious insider can trigger catastrophic actions.

• Example: An admin key for a multi-signature wallet that can trigger fund transfers is phished.
• Mitigation: Implement decentralized governance (DAO votes), multi-signature schemes with distributed signers, and timelocks to delay execution, allowing the community to react to malicious proposals.

An attacker can make triggering an event prohibitively expensive or impossible by manipulating the gas cost or state required for execution.

• Gas Griefing: Filling a contract's storage to increase the gas cost of writing state during a trigger.
• DoS: Designing a function so that a trigger always reverts (e.g., by forcing an integer overflow), blocking a critical process.
• Mitigation: Implement gas limits for loops, avoid unbounded operations, and use pull-over-push patterns for payments.

For off-chain systems (keepers, bots) that listen for on-chain events, security failures can lead to missed triggers or incorrect executions.

• RPC Node Reliability: Relying on a single node provider can cause missed events if it goes down.
• Logic Flaws: The off-chain service misinterprets event data or has a bug in its response logic.
• Mitigation: Use multiple, redundant RPC endpoints; implement robust error handling and alerting; and formally verify or extensively audit the triggering logic.