Oracle Hygiene

Oracle Hygiene is a continuous oracle compliance monitor that detects deprecated or stale (heartbeat/freshness-violating)price feed usage in DeFi protocols and publishes machine-verifiable risk signals onchain. When issues are found, it can automatically create or update GitHub issues to prompt remediation.

The Problem
In DeFi, smart contracts are only as secure as the data they trust.
Protocols rely on external oracle price feeds for collateral valuation, liquidations, and risk management. However, oracle feeds can become deprecated, or violate freshness/heartbeat expectations. When protocols continue using outdated or unsafe feeds, they silently inherit upstream risk.
These issues are difficult to detect because:

• There is no standardised onchain compliance metadata for oracle feeds.
• Protocols rarely monitor feed deprecation status continuously.
• Risk signals are often not published in a machine-readable, tamper-resistant way.
• Remediation is manual, reactive, and slow.
  Recent real-world incidents (Moonwell) have shown that outdated or unsafe oracle usage can lead to significant financial loss.

What Oracle Hygiene Does
Oracle Hygiene creates a continuous compliance loop for oracle usage:

1. Deterministic Feed Discovery
   Given a protocol address, the system identifies candidate oracle feed addresses via adapter-based getter probing and protocol-specific adapters.

2. Risk Classification
   Each discovered feed is evaluated against oracle metadata and observations (currently deprecated-feed status and heartbeat/freshness checks, with optional feed verification).
   Feeds are classified as:

• COMPLIANT
• NON_COMPLIANT
• UNKNOWN

3. Onchain Compliance Signals
   COMPLIANT and NON_COMPLIANT results are submitted via OracleRegistryReceiver to an onchain OracleRegistry contract as structured compliance reports 
   This makes the compliance state:

• Tamper-resistant
• Publicly verifiable
• Machine-consumable by governance systems, dashboards, and monitoring tools

4. Automated Issue Creation
   When non-compliance is detected, the system automatically creates a GitHub issue in the maintainer repository with the feed address, classification, and remediation guidance.
   When NON_COMPLIANT events are emitted, an optional notifier watches OracleStatusUpdated logs and creates or updates GitHub issues with the detected feed (when derivable), reason code/details, and remediation context. This closes the loop between detection and action.

Why This Matters
Oracle Hygiene turns oracle risk from a hidden, manual, and reactive problem into a continuous, automated, and transparent compliance signal.
Instead of:

• Finding out about deprecated feeds after an incident
• Relying on forum posts or social media for warnings
• Manually auditing integrations repeatedly
  Protocols gain:
• Continuous monitoring
• Public compliance attestations
• Automated remediation triggers
• Machine-verifiable risk signals that governance and tooling can integrate

Vision
Oracle Hygiene introduces the concept of onchain compliance signals for oracle integrations. It is intentionally “boring but critical infrastructure”: a compliance engine that continuously watches oracle integrations so protocols don’t have to.

Oracle Hygiene is built using Chainlink CRE, a Solidity registry contract, and a lightweight dashboard, with automated GitHub issue automation for remediation workflows.

Chainlink CRE workflow (oracle-hygiene-scan)
A scheduled Chainlink CRE workflow scans configured targets (Sepolia in production), discovers candidate feed addresses via adapter-based getter probing and protocol adapters, optionally verifies Chainlink aggregators, and evaluates deprecated-feed and heartbeat freshness checks.

Deterministic feed discovery
A discovery module uses adapter-based getter probing (for common feed/oracle getter functions) plus protocol-specific adapters to identify candidate feed addresses from protocol contracts.

Onchain compliance registry (Solidity)
Findings are submitted via OracleRegistryReceiver to an onchain OracleRegistry, which stores the latest compliance status per (protocol, oracleRef) and emits OracleStatusUpdated events for monitoring and historical tracking. This makes compliance signals tamper-resistant and machine-readable.

Automated GitHub issue creation
When NON_COMPLIANT events are emitted, an optional notifier watches OracleStatusUpdated logs and creates or updates GitHub issues with the detected feed (when derivable from oracleRef), reason code/details, and remediation context.
 
Dashboard (Next.js)
A simple UI reads OracleRegistry events and displays current (latest) and historical compliance reports for a protocol, with shareable links for demo and monitoring.