Orbital Sentinel

1. The Problem

DeFi dashboards cannot prove their own data.

Traditional DeFi monitoring dashboards pull data from APIs, databases, or third-party aggregators. There is no mechanism to prove that the numbers displayed are authentic, timely, or untampered. A backend server could silently alter metrics, and users would have no way to detect it.

2. Solution Overview

Autonomous monitoring with verifiable proofs.

Orbital Sentinel reads live DeFi protocol data directly from smart contracts, compresses the key metrics into a cryptographic fingerprint (keccak256 hash), and writes that fingerprint on-chain 7 times per day. Anyone can verify the data is real by re-running the same workflow and checking that their hash matches.

The system monitors eight aspects of the stake.link protocol, the largest Chainlink liquid staking service. Each aspect is an independent CRE workflow that reads on-chain state, classifies risk, and produces a verifiable proof.

Beyond individual monitoring, a composite intelligence layer reads data from all workflows simultaneously and feeds it to an AI analyst (GPT-5.3-Codex). This creates cross-workflow intelligence: the AI can see that treasury health, oracle prices, lending market utilization, and bridge status all interact, and can override isolated signals when the broader ecosystem context demands it.

3. System Architecture

Four layers: CRE workflows read data, AI analyzes risk, proofs anchor on-chain, dashboard displays results.

Data Flow

Phase 1: CRE Execution. Eight workflows read Ethereum mainnet contracts via EVMClient, compute risk metrics, and write JSON snapshots. The LAA workflow runs on the CRE mainnet DON; the other 7 simulate locally.

Phase 1.5: Composite Intelligence. A composite script reads all snapshots and sends cross-workflow context to GPT-5.3-Codex for ecosystem-aware analysis. The AI can override isolated signals.

Phase 2: On-Chain Anchoring. A bridge script (record-all-snapshots.mjs) reads all snapshots, computes keccak256 hashes, and writes them to the SentinelRegistry on Sepolia. Deduplication ensures only changed assessments create new records.

Phase 3: Dashboard. A Next.js 15 application reads HealthRecorded events from Sepolia, stores them in PostgreSQL, and serves per-workflow health data at sentinel.schuna.co.il.

4. Unified Cycle

Three phases, seven times per day: simulate, synthesize, anchor.

Schedule (UTC)

5. The 8 CRE Workflows

Each workflow is an independent CRE project reading live Ethereum mainnet data.

6. Core Product: LINK AI Arbitrage

The arb mechanism: sell stLINK for LINK on Curve (at a premium), deposit LINK to the Priority Pool at 1:1 to mint new stLINK, pocket the spread.

What LAA Reads (via CRE EVMClient, Ethereum Mainnet)

Signal Logic

Priority Pool closed?     -> pool_closed
Vault has zero stLINK?    -> no_stlink
Premium <= 0 bps?         -> unprofitable
Premium < minProfitBps?   -> wait
Otherwise                 -> execute

What LAA Cannot See Alone

The LAA workflow only reads the Curve pool and Priority Pool. Without the composite intelligence layer, it has no visibility into:

• LINK/USD price movements (price-feeds workflow)
• Community staking pool capacity supporting premium persistence (treasury-risk)
• Morpho utilization locking wstLINK as collateral (morpho-vault-health)
• CCIP lane degradation disrupting cross-chain LINK flows (ccip-lane-health)
• Curve pool imbalance shifts (curve-pool)

This is why the composite intelligence layer exists.

7. Composite Intelligence

Five context workflows feed the LAA override decision. The whole is greater than the parts.

Real Example (Live Mainnet Data, March 2026)

How Each Workflow Influences LAA

Composite Proof Hash

The composite proof encodes metrics from all 6 data sources into a single keccak256 hash:

encodeAbiParameters(
  'uint256 ts, string wf, string risk,
   uint256 premiumBps, uint256 linkUsd,
   uint256 communityFillPct, uint256 queueLink,
   uint256 morphoUtil, uint256 ccipOk,
   uint256 curveImbalance, uint256 confidence',
  [timestamp, 'composite', risk, ...metrics],
)

This creates an on-chain proof of cross-workflow AI reasoning: verifiable data from 6 CRE sources compressed into one tamper-proof record.

8. On-Chain Proof System

Each workflow encodes domain-specific metrics into a single keccak256 hash written to Sepolia.

Why Hashes Instead of Raw Data?

Storing the full snapshot on-chain would cost hundreds of dollars in gas per write. A keccak256 hash is always 32 bytes regardless of input size, costing ~21,000 gas (~$0.01 on Sepolia, ~$2-5 on mainnet). The hash is a deterministic fingerprint: if even one metric changes, the hash is completely different.

Per-Workflow Hash Fields

9. SentinelRegistry Contract

52 nSLOC. Append-only. Owner-gated. Deduplicated. Audited.

// SPDX-License-Identifier: MIT
pragma solidity 0.8.19;

contract OrbitalSentinelRegistry {
    struct Record {
        bytes32 snapshotHash;
        string  riskLevel;
        uint256 timestamp;
        address recorder;
    }

    Record[] public records;
    mapping(bytes32 => bool) public recorded;
    address public owner;
    address public pendingOwner;

    event HealthRecorded(bytes32 indexed snapshotHash, string riskLevel, uint256 ts);
    error NotOwner(); error AlreadyRecorded();
    error EmptyRiskLevel(); error RiskLevelTooLong();

    modifier onlyOwner() { if (msg.sender != owner) revert NotOwner(); _; }
    constructor() { owner = msg.sender; }

    function recordHealth(bytes32 snapshotHash, string calldata riskLevel)
        external onlyOwner
    {
        if (recorded[snapshotHash]) revert AlreadyRecorded();
        if (bytes(riskLevel).length == 0) revert EmptyRiskLevel();
        if (bytes(riskLevel).length > 256) revert RiskLevelTooLong();

        recorded[snapshotHash] = true;
        records.push(Record(snapshotHash, riskLevel, block.timestamp, msg.sender));
        emit HealthRecorded(snapshotHash, riskLevel, block.timestamp);
    }

    function count() external view returns (uint256) { return records.length; }
    function latest() external view returns (Record memory) {
        require(records.length > 0);
        return records[records.length - 1];
    }
}

Key Security Properties

10. Verification Guide

How to independently verify that on-chain proofs match real protocol data.

What Proofs Prove

• Data integrity: The hash is a deterministic fingerprint of exact metrics. Modification of any field produces a different hash.
• Temporal ordering: Sepolia block timestamps provide an unforgeable record of when each assessment was made.
• Risk classification: The risk level string is stored in plaintext, creating a queryable health history.

Step-by-Step Verification

Step 1: Get the snapshot data

Each workflow produces a JSON file (e.g., cre_treasury_snapshot.json) with generated_at_utc and the relevant metrics.

Step 2: Reproduce the hash

import { keccak256, encodeAbiParameters, parseAbiParameters } from 'viem';

// Example: treasury snapshot
const ts = BigInt(Math.floor(
  new Date('2026-03-01T01:44:17Z').getTime() / 1000
));
const fillPct = BigInt(Math.round(100 * 10000));  // 100% x 10,000
const runway  = BigInt(Math.round(572.84 * 100));  // days x 100

const encoded = encodeAbiParameters(
  parseAbiParameters(
    'uint256 ts, string wf, string risk, uint256 fillPct, uint256 runway'
  ),
  [ts, 'treasury', 'critical', fillPct, runway],
);

const hash = keccak256(encoded);
// Compare with on-chain snapshotHash

Step 3: Check on-chain

const logs = await publicClient.getLogs({
  address: '0x35EFB15A46Fa63262dA1c4D8DE02502Dd8b6E3a5',
  event: {
    type: 'event',
    name: 'HealthRecorded',
    inputs: [
      { name: 'snapshotHash', type: 'bytes32', indexed: true },
      { name: 'riskLevel', type: 'string' },
      { name: 'timestamp', type: 'uint256' },
    ],
  },
});

// If your computed hash matches a snapshotHash from logs,
// the data is verified.

11. Security Audit

Enhanced 9-phase methodology. 32 tests. 80,000 fuzz iterations. Zero critical findings.

Findings Summary

Test Coverage

12. Trust Model

Current hackathon demo vs. production DON attestation.

What CRE Provides Beyond Hashing

You could hash data without CRE. The value CRE adds:

• Standardized workflow format: Portable, auditable definitions (YAML + TypeScript)
• Built-in capabilities: EVMClient for contract reads, HTTPClient for API calls, CronCapability for scheduling
• Path to decentralization: Same code runs locally in simulate and on the DON in production
• Consensus aggregation: consensusIdenticalAggregation ensures all nodes agree before proceeding

13. CRE Ecosystem Context

Orbital Sentinel uses the same verifiable workflow pattern adopted by major institutions.

CRE Capabilities Used

Institutional Adopters

CRE is adopted by major institutions for tokenized asset operations. Orbital Sentinel demonstrates the same verifiable workflow pattern used by:

• J.P. Morgan / Ondo: Cross-chain DvP transactions
• Swift / UBS: Tokenized fund workflows
• Deutsche Borse / Crypto Finance: Proof of Reserve feeds
• 21X: Regulated onchain exchange with verifiable post-trade data

CRE Upgrade Opportunities

14. Tech Stack

Production-grade tooling across the full stack.

15. Chainlink Products Used

Six distinct Chainlink products across 8 workflows.

CCIP Infrastructure Monitoring

The CCIP Lane Health workflow reads CCIP infrastructure contracts directly via EVMClient:

• CCIP Router: getOnRamp(destChainSelector) to verify lane configuration
• OnRamp: paused() to detect paused lanes
• LockReleaseTokenPool: getCurrentOutboundRateLimiterState(destChainSelector) for rate limiter bucket state

16. Deployment Status

LAA is live on the CRE mainnet DON. The other 7 simulate locally.

17. Contract Reference

All smart contract addresses referenced by Sentinel workflows.

SentinelRegistry (Write Target)

Mainnet Contracts Read