Alerting

Tracks specific smart contracts for predefined events and state changes. This is the foundation of DeFi and NFT security.

• Event-based triggers: Listen for function calls like transfer(), swap(), or liquidate().
• Parameter filtering: Alert only when specific conditions are met, such as a transaction value exceeding a threshold.
• Use cases: Detecting large token movements, governance proposal submissions, or contract upgrades.

Monitors blockchain addresses for activity related to specific entities or risk profiles.

• EOA & Smart Contract Wallets: Track deposits, withdrawals, and token approvals.
• Watchlists: Flag transactions involving addresses on sanctions lists, known exploiters, or project treasuries.
• Behavioral patterns: Identify anomalous activity like sudden high-frequency trading or interaction with newly deployed contracts.

Ensures the integrity and liveness of critical external data feeds that DeFi protocols rely on.

• Deviation alerts: Trigger when an oracle price deviates significantly from a consensus of other feeds.
• Staleness detection: Flag when a price update is delayed beyond a safe threshold, preventing outdated data from causing liquidations or bad swaps.
• Manipulation resistance: Monitor for flash loan attacks or other attempts to manipulate oracle pricing.

Identifies Maximal Extractable Value (MEV) opportunities and malicious sandwich attacks in the mempool and confirmed blocks.

• Mempool snooping: Detect pending transactions with high slippage tolerance that are vulnerable to being frontrun.
• Sandwich attack identification: Spot transaction pairs where a victim's swap is surrounded by two attacker transactions.
• Block analysis: Post-block analysis to quantify extracted MEV and identify persistent searcher bots.

Tracks proposals, votes, and treasury movements within decentralized autonomous organizations.

• Proposal creation: Alert when a new governance proposal is submitted, especially if it involves treasury funds or critical parameter changes.
• Voting milestones: Notify when a proposal is close to passing or failing quorum.
• Treasury activity: Monitor multi-sig executions or large asset transfers from DAO-controlled wallets.

Oversees asset transfers and message passing between different blockchain networks.

• Mint/Burn parity: Verify that assets minted on a destination chain match those burned on the source chain.
• Validator set changes: Alert on changes to the relayers or oracles securing a bridge.
• Anomalous volume: Detect unusually large withdrawal requests that could indicate an exploit or bank run on a bridge.

Triggers when a specific metric crosses a defined numerical boundary. Common examples include:

• TVL (Total Value Locked) dropping below a safety threshold.
• Collateralization ratio falling under a liquidation point.
• Wallet balance exceeding a withdrawal limit.
• Gas price spiking above an operational cost threshold.

Identifies statistically unusual patterns that may indicate an exploit, attack, or failure. This involves:

• Volume anomalies: Sudden, massive spikes in transaction volume for a token or protocol.
• Function call frequency: Unusual repetition of a specific smart contract function.
• New contract interactions: A wallet interacting with a newly deployed and unaudited contract.
• Deviation from baseline: Activity that falls outside historically normal patterns.

Monitors for specific changes in a smart contract's stored variables or access control. Key alerts include:

• Ownership/Pauser transfers: Detection of a transferOwnership or setPauser event.
• Critical parameter changes: Updates to fees, interest rates, or reward schedules.
• Admin function calls: Execution of privileged functions like upgradeTo (proxy pattern) or setGuardian.
• Pause state changes: Contract being paused or unpaused.

Ensures the reliability of external data sources critical to DeFi protocols. Alerts focus on:

• Price deviation: Significant difference between oracle price and market price on major CEXs/DEXs.
• Oracle staleness: A price feed not being updated within its expected heartbeat.
• Manipulation resistance: Monitoring for attempts to manipulate TWAP (Time-Weighted Average Price) oracles via flash loans or wash trading.

Tracks activity within Decentralized Autonomous Organizations (DAOs) and governance systems. Important alerts are:

• New proposal creation: Notification when a governance proposal is submitted.
• Quorum/vote threshold met: Alert when a proposal reaches the required voting power to pass.
• Delegation changes: Large shifts in voting power between delegates.
• Treasury transaction proposals: High-value multisig or treasury transfer proposals.

The mechanisms for delivering alert notifications to ensure they are seen and acted upon. Effective systems use multiple channels:

• Primary: Real-time messaging (Slack, Discord, Telegram).
• Secondary: Email for non-critical or summary reports.
• Critical Escalation: SMS or PagerDuty for severity-1 incidents requiring immediate human intervention.
• On-chain actions: Programmatic responses, like automatically pausing a contract, can be triggered by alert systems via secure relayers.

The specific on-chain event or off-chain condition that initiates an alert. Triggers are the core logic of any monitoring rule.

• Examples: A transaction exceeding a value threshold, a smart contract function call, a change in wallet balance, or an external API data feed update.
• Implementation: Defined using boolean logic (e.g., if balance < 0.1 ETH) or by listening for specific contract logs.

The endpoint where an alert notification is delivered after being triggered. Separation of trigger logic and destination enables flexible workflows.

• Common Destinations: Email, SMS, Slack, Discord, Telegram, PagerDuty, or a webhook URL.
• Webhook Integration: Allows alerts to trigger automated actions in other systems, such as executing a trade, pausing a contract, or creating a support ticket.

An HTTP callback that sends a structured payload of alert data to a specified URL. It is the primary method for programmatic alert integration.

• Payload: Typically a JSON object containing details like the alert name, trigger condition, blockchain data (tx hash, block number), and timestamp.
• Use Case: Enables real-time, automated responses by connecting monitoring systems to trading bots, incident management platforms, or internal dashboards.

The rules and operators used to define when an alert should fire. This moves beyond simple event detection to complex, state-aware monitoring.

• Operators: Includes comparisons (>, <, ==), logical operators (AND, OR, NOT), and time-based functions.
• Advanced Example: "Alert if wallet 0xabc... receives >10 ETH AND its total balance has increased by 50% in the last 24 hours."

A software service or daemon that actively watches the blockchain or data source for specified trigger conditions. It is the execution layer of an alerting system.

• Function: Continuously polls or subscribes to data (e.g., via JSON-RPC, WebSockets, or subgraphs) and evaluates conditional logic.
• Architecture: Can be a centralized cloud service or a self-hosted node to ensure reliability and data source integrity.

A critical metric measuring the frequency at which alerts are triggered incorrectly. A high rate leads to alert fatigue and reduces system effectiveness.

• Causes: Often due to overly broad trigger conditions, noisy data sources, or unanticipated contract behavior.
• Mitigation: Improved by refining conditional logic, adding cooldown periods, and implementing multi-signal confirmation before alerting.