Become a CertiK Security Oracle Operator

Originally published
September 9, 2020

Recently we released information regarding the CertiK Security Oracle network. Additionally, we launched a promotion campaign for community members to test out how they could contribute to increasing smart contract security by becoming an Oracle Operator. Given that not everyone is tech-savvy, here is a detailed guide on installing and running an Operator.


You need to have an Internet-connected machine (like your laptop or any cloud instances) with the certikcli binary installed. Depending on your machine’s operating system, please download the corresponding file here and install it if needed. For this tutorial, we chose to use Ubuntu OS (and have downloaded the executable binary named certikcli at the home folder) to demonstrate the steps.

Configure the certikcli

We need to create a config file for certikcli:

mkdir .certikcli/config/
vi .certikcli/config/config.toml

Fill in the file with the below content:

hain-id = "shentu-oracle-testnet"
keyring-backend = "test"
node = "tcp://"
trust-node = true

After saving the file, you should have access to the latest status of the blockchain testnet:
Note that --home <.certikcli-path> would be necessary if the config path has been set up before

chmod +x certikcli
./certikcli status --home .certikcli/

With output like:


If you receive a similar response to the above, then you’ve completed the setup of certikcli! Feel free to run other commands like ./certikcli query oracle operators to get the current list of registered Operators.

Retrieve Your Wallet

In order to earn points for the Operator Game as well as the Shentu Games, a DeepWallet account is required. Once you’ve created a wallet, assure that you safely store the mnemonic words/private key (24 random generated words) as there is no way to recover a lost key. With certikcli you could import and unlock your wallet address with the below command:

./certikcli keys add jack --recover "YOUR_MNEMONIC_WORDS"

should be replaced with your secret words separated by an empty space: apple banana orange …. You should then see the address added by running the command ./certikcli keys list.

Get Some CTK from the Faucet

Since being an Operator is an important role in the oracle network, it is required to lock an amount of CTK as collateral in order to fulfill oracle tasks. Because this is a separately-running testnet compared to the Shentu Games’ one, you need to go here to get some test CTK from the faucet (make sure you are on the shentu-oracle-testnet network which can be seen at the upper-right side of the page). Feel free to write an email to to get a bit more test CTK later on. You can run this command to check your balance:

./certikcli query account

Create an Operator

Run this command to register to be an Oracle Operator on CertiK Chain:codec

./certikcli tx oracle create-operator
certik1qqyq3dpcxfyjyv40htlagp9felss3tsg2g3gly 500000uctk --fees
10000uctk -b block --name "YOUR-CHOOSE-A-NAME" --from jack

Switch certik1qqyq3dpcxfyjyv40htlagp9felss3tsg2g3gly with your own wallet address. You should then see your Operator information with the command ./certikcli query oracle operators.

Config and Run the Operator

After the successful creation of your Operator entity on-chain, it’s time to configure the Operator software. We’ve introduced many innovative ideas for each Operator to customize their own settings to complete security tasks, but to keep it simple, let’s just copy the sample config items:

vi .certikcli/config/oracle-operator.toml

Fill in the file with the below content. Note that weight for a Primitive means the ratio of a score responded by such a Primitive represents in the total weights. Total weight is simply the linear sum of different Primitives’ weights defined in the config file. Feel free to update the weight with some other numbers!

# configurations related to runner
# strategy type
type = "linear"
# primitive configuration
primitive_contract_address = "certik16c9hd93uxq8puq77t0za8f2vyt5jjdxudr9j44"
weight = 0.1
primitive_contract_address = "certik17asart35rgvya9w9swmje36ncrsxs6npew8e3y"
weight = 0.1

The primitive section on the config file basically means the security checks you choose to use. Each one is represented as a Primitive Contract on CertiK Chain that either gives the security score directly or responds back with an endpoint for you to call.
Lastly, we just need to have a long-running background job to maintain the Operator software that is built-in to certikcli:

nohup ./certikcli oracle-operator --log_level 'debug' --from jack -b block > ~/oo.log 2>&1 &

You should see some printed log events with the command tail -f oo.log:

I[2020–09–08|00:47:59.555] Starting oracle-operator… module=Oracle-Operator
I[2020–09–08|00:47:59.555] start to listen to certik-chain module=Oracle-Operator protocol=certik submodule=listener node=tcp://

And…that’s it! We’ve scheduled task submitters to create oracle tasks frequently so you should be able to see some additional logs describing the fulfillment of security tasks. If you need any help, you are more than welcome to reach out via our discord channel!
Happy Oracle Operating!

Join the Community and Stay Up to Date