Alert System
Steakhouse Financial is responsible for curating and advising billions of dollars on-chain, and has established a solid framework to automate incident response and monitoring.
To support our ongoing assessment of risks, we have implemented a wide range of alerts within our monitoring system. The frequency of these alerts is determined by the severity of the underlying risk. Our incident response protocols range from human oversight and breach acknowledgment to fully automated kill switches that transfer funds to secure vaults.
Types of Alerts
We continuously develop new alerts as part of our ongoing evaluation of protocol integrations and collateral assets. During the due diligence process, we identify key risk vectors associated with each asset and configure a corresponding set of customized alerting parameters.
These alerts differ in type, source, and the nature of the risks they are designed to surface.
Detect abnormal price behaviour, including manipulation or depegging that could disrupt market conditions or create unfair borrowing and lending dynamics.
Source: On-chain vault pricing logic, smart contract price functions, oracle feeds, and external price providers (both on-chain and off-chain via API calls)
Identify transaction-level behavior indicative of risk, abuse, or malfunction
Source: Blockchain event listeners, value or number of transactions within specific timeframe, through both RPC and Hypernative integration
Monitor any high-impact changes to the economic parameters of collateral or loan assets, including shifts in risk settings or significant reserve value transfers
Source: Multisig activity, DAO proposal, governance forum discussions
Purpose: Assess the issuer’s ability to manage its protocol, sustain as a business and uphold a trustworthy reputation
Source: Proof of reserves, financial disclosures, smart contract audits, governance proposals, social media activity, community sentiment
Alert Frequency
The alerting cadence is defined by the nature and criticality of the event:
Triggered as soon as an on-chain event occurs (completed transaction, price oracle update, vault activity, governance action).
Instantly processed at block confirmation
Polled checks every few minutes (not exceeding 1 hour). Critical alerts always default to real-time block-based triggers. Aggregated signals supplement these for contextual decisions.
Used for less volatile indicators that benefit from aggregation
Calibrated Incident Response
The response framework is designed to scale with the severity of risk, ensuring that appropriate action is taken at every level of alert.
For low-risk situations, the response involves a human review to assess the potential future consequences of the alert, even if there has been no economic impact at this stage. Risk analysts annotate and investigate the event, evaluate its relevance, and discuss it with the broader team.
For medium-level risk, the automated system initiates preventive containment. This involves applying soft mechanisms such as halting new supply in specific vaults or markets, adjusting risk parameters, or temporarily freezing allocation functions until further assessment. These actions aim to prevent escalation without disrupting the entire protocol or sending premature signals. The freeze remains in place until clear signs of improvement justify lifting the measures or escalating to a higher level of intervention.
High-risk alerts trigger the most aggressive response, possibly leading to a hard kill switch. This includes forcefully withdrawing liquidity, processing liquidations, migrating funds to secure markets, or disabling smart contract interactions. Such events can escalate to a critical response environment where a dedicated war room is activated and risk teams, developers and managers coordinate to resolve the incident.
Last updated