Summary

The Oracle contract implements a number of "validity checks" to ensure that data being reported by the off-chain Oracle services is correct and reasonable. This helps protect the protocol in the unlikely case of an Oracle reporting issue or Oracle compromise.

Validity checks are strict invariants which must always hold:

• Reports are in-order and cannot contain gaps — every block/slot is accounted for.

• The total reported processed deposit amount on the consensus layer is never higher than the amount sent through our deposit contract.

• The number of validators being reported on is never higher than the number created through our deposit contact.

• Reports are of a large enough length (e.g., over 100 blocks).

• The total number of validators in the withdrawable state did not decrease (validators entering this state should not leave it).

• The cumulative total of validator numbers in all states did not decrease.

• The total amount of deposits processed by the Oracle did not decrease in the new Oracle period. And the amount of newly deposited ETH is possible, given how many validators were included in the new period.

References

Oracle Contract: 0x8735049F496727f824Cc0f2B174d826f5c408192