Best Practices

Implementing a secure, performant, and reliable oracle system—whether it’s for price feeds, proofs, or risk parameters—requires attention to critical operational and security details. The following best practices help protect against data tampering, downtime, and unexpected behavior.

Signature Verification and Key Security

Why it matters: The integrity of off-chain data relies on cryptographic proofs. If signatures are invalid or signers are compromised, false data may enter your protocol. - Verify all signatures on-chain to prevent manipulation. - Allowlist trusted signers only, and rotate keys regularly to reduce the risk of key compromise. - Use multi-signature schemes for critical parameters to add redundancy and trust minimization. - Implement replay protection by enforcing timestamp uniqueness and validating against duplicates.

: On-chain signature verification ensures data authenticity and guards against unauthorized sources.

Timestamp Validation

Why it matters: Accepting stale or future-dated data opens the door to replay attacks or manipulation based on time-based assumptions. - Reject updates older than 30 seconds or set in the future. - Normalize timestamp units (seconds vs. milliseconds) before comparison. - Use server time or block time to validate incoming data consistency.

The following code is for illustrative purposes only, has not been audited, and should not be used in production without thorough testing.

func ValidateTimestamp(timestamp int64) string {
	const maxAgeMs = 30_000
	now := time.Now().UnixMilli()
	var ts int64
	if timestamp < 1e12 {
		ts = timestamp * 1000 // assume seconds, convert to ms
	} else {
		ts = timestamp // already ms
	}
	if ts > now {
		return "Timestamp is in the future."
	}
	if now-ts > maxAgeMs {
		return "Timestamp is too old."
	}
	return "Timestamp is valid."
}

Validating timestamps prevents attackers from replaying outdated but valid-looking data.

Error Handling and Fallback Mechanisms

Why it matters: Systems fail—whether due to network latency, node issues, or signature mismatches. Without fallbacks, your protocol becomes fragile. - Retry on failure with exponential backoff to prevent rate limits. - Detect stale or corrupted data and isolate the issue. - Implement circuit breakers that pause updates when repeated anomalies occur. - Use failover data providers when possible to maintain data continuity.

Robust error handling ensures graceful degradation instead of total failure.

Monitoring, Alerts, and Auditing

Why it matters: Early detection of anomalies prevents downstream damage. Auditing enables post-mortem analysis and accountability. - Maintain an audit trail of all changes and data sources for verification and transparency. - Monitor latency, frequency, and failure rates of off-chain services.

Continuous monitoring helps you detect threats early and respond quickly.

Access Control and Safety Switches

Why it matters: Unrestricted access to sensitive functions exposes your protocol to internal and external threats. - Use role-based access control (RBAC) with libraries like OpenZeppelin’s AccessControl. - Limit update privileges to verified actors only. - Add an emergency pause or kill switch to disable updates during incidents.

Strong access control prevents privilege escalation and enables emergency response.

Was this helpful?