Why Shentu?

Shentu has one Mission;
To deliver provable trust across all facets of blockchain.

Shentu Ecosystem Overview


Decentralized reimbursement mutual system for digital assets

Security Oracle

Real-time and on-chain security insights for Smart Contracts

Shentu Chain

Security-oriented blockchain that enables provable trust for all


A programming language to write verifiable and secure Smart Contracts

Shentu Security Oracle

  • Oracle. ”A person or thing regarded as an infallible authority on something.”
    Oracles are utilized on the blockchain in order to send external (off-chain) data into and out of smart contracts.
  • The Shentu Security Oracle retrieves a set of security scores from a decentralized network of security operators, who assess the reliability of source code and are rewarded in CTK, the native digital fuel of the Shentu Chain. The Security Oracle relays these assessments and combines them to create a real-time, on-chain aggregate score that can be used by anybody seeking to validate the security of the contract.

    Depending on the risk tolerance of the interacting party—whether it’s a user or another smart contract—the security score can provide insight into whether transaction sizes should be smaller, split apart, or even stopped altogether.We can see this in action below:

  • The Security Oracle retrieved a low security score, and the security check saved the user from losing their assets in this dangerous transaction.

    The Security Oracle continuously aggregates the security assessments of a smart contract into the on-chain score—projects can get their code audited in an agile fashion to meet their aggressive timelines. By using a decentralized group of security operators, the suite of security primitives is constantly growing. New static analyzers and security tools can be created, and their assessments would also get incorporated into the ever-updating Security Oracle score. 

    The Security Oracle will build upon the security auditing work of Shentu, which has secured over $8B worth of digital assets across all sectors of blockchain, including the booming DeFi sector. Leading exchanges worldwide, including Huobi, OKEx, CoinOne, and Kucoin, have chosen to partner with Shentu's expertise to audit blockchain projects, so these Security Oracle scores will be important proxies to the reliability of smart contracts.Security bugs never sleep, so neither does the Security Oracle.


    • Business Chain: The targeted blockchain platform (that can support smart contract functionality) where Shentu Chain provides the Security Oracle to, i.e., Ethereum.

      • Security Oracle Interface: The one and only smart contract serves as the interface to accept security inquiries from DeFi applications for upcoming transaction calls they need to make. If such an inquiry has no result or an expired result, then a new task could be broadcasted to Shentu Chain for fulfillment.
    • Shentu Chain: The underlying blockchain to our solution which offers built-in components to facilitate the handling of security inquiries from Business Chains. Shentu Chain itself is envisioned as the Guardian of the Blockchain Galaxy, and it provides a range of Combinators that are tailored to solve different perspectives of security problems.

      • Oracle Combinator: The built-in frameworks from Shentu Chain that facilitate the functionalities to fulfill general oracle workflows with characteristics on decentralization and transparency. Oracle movements such as task managements and result aggregation calculations will be broadcasted to Shentu Chain and recorded in states as proofs. By having a list of critical rules and reinforcements applied to the system, we could guarantee a professional and serious oracle network where good got prized and bad got punished.
      • Security Primitive: This is the platform for Security Providers to register their on-chain services or off-chain API endpoints as Security Primitives and then for Oracle Operators to invoke with. Security Primitives are diverse service functionalities that tackle security considerations from different angles. It is best practice to have a select combination of Security Primitives thus to make the best judgement over the security score of a given smart contract address and its function signature.
    • Cross-Chain: Communications and interactions are essential to the success of the Security Oracle network. Official authorized cross-chain components will be built and maintained by the Shentu Security Council, of which the members would be nominated by the broader Shentu community.

      • Oracle Operator: Everyone could register as an Oracle Operator on Shentu Chain and start to contribute to the whole network. Technically speaking, an Operator needs to run and maintain a software that interacts with a Shentu Chain node. Each Operator is free to use their own infrastructure or leverage tech stacks provided by Shentu Chain for quicker onboarding.
      • Oracle Syncer: The Oracle Syncer is the Cross-Chain component that is solely owned and managed by Shentu Chain's Security Council. It could subscribe to the Security Oracle events on Ethereum and port to Shentu Chain. Vice versa, it also subscribes to transactions on Shentu Chain and pushes oracle results to the Security Oracle on Ethereum.
    • Offchain Internet: This is the traditional Web2.0 ground where computing operations such as security scans and analysis happen. Tools will be provided to Oracle Operators to support popular communication protocols like HTTP/RPC to connect with those Security Primitives for accessing security insights and proprietary technologies.
  • Workflow

    The mission of the Security Oracle is to give DeFi projects the insight (security score) on whether a potential transaction call is secure or not, thus gaining the confidence on the decision of issuing such a transaction. Here we describe the steps for the workflow via the perspectives of a targeted Business Chain and Shentu Chain.

    • Business Chain (i.e. Ethereum)

      • Shentu Chain deploys and manages a Security Oracle contract that serves as the oracle inquiry interface and holds all security scores that processed via the oracle network;
      • The DeFi contract make a call to the Security Oracle to query for a upcoming transaction by providing the contract address and function signature offset;
      • Once receiving the inquiry, the Security Oracle would:
        • Respond back with the insight if such data record has already been monitored and logged. - Since there are a significant number of external dependencies shared by different DeFi projects, the chance for hitting the Oracle result table is considerably high;
        • Respond back with a default score indicating no suggestion at the moment. - Under the hood, such inquiry could be turned into a task on Shentu Chain and accepted by a group of Oracle Operators, who will then answer back their results;
      • The DeFi contract receives the result for the security insight and makes the next move with confidence.
    • Shentu Chain:

      • End users submit oracle tasks, funded with CTKs, for those security insights they wish to have on the Business Chain;
      • Oracle Operators will receive the task by subscribing to Shentu Chain events;
      • For each Operator, it will forward the task details to its customized Primitive Combination for real-time security checks;
      • After the generation of a  security score, the operator will respond to the oracle task by broadcasting a transaction to Shentu Chain;
      • With the closing on the task response window, Shentu Chain’s Oracle Combinator will gather all responses per that task and aggregate with a final security score; (Task bounties will be issued out to operators accordingly;)
      • A cross-chain bridge component, maintained by Shentu Chain, will then push the final security score to the Security Oracle contract on the Business Chain.
  • Conclusion
    The Security Oracle we present is built to solve security pain points by bridging the gap between on-chain transactions and real time security checks via decentralized approaches. By adopting this innovative yet practical solution, DeFi projects will be shielded with more security guarantees by having security insights, with significant reference values, on every potential move to mitigate the risk factors. With its decentralized and distributed characteristics, we believe that Shentu Chain with its Decentralized Security Oracles will serve and link the security technologies and become an indispensable component of the ever-growing blockchain ecosystem.


  • Introduction
  • The estimated amount of cryptocurrency which has been stolen by malicious actors from 2018–2020 has reached a grand total of $7.1B. Due to the pseudo-anonymous, immutable nature of blockchains and the crypto assets which power them, the vast majority of users who lose their funds — whether from a hack or misplaced private key — never retrieve their assets.

    ShentuShield fixes this.

    A ShentuShield Pool is a decentralized pool of CTK that is used to reimburse lost, stolen, or inaccessible assets from any blockchain. The amount that’s lost can be reimbursed by the members of the ShentuShield Pool.

  • So, how does it work?

    There are two parts of the ShentuShield system: 1) members who fill the pool with CTK as collateral to be used to reimburse approved Claim Proposals, and 2) members who seek to protect their crypto assets by reserving a part of the ShentuShield Pool.

    • The Workflow
      Let’s start with the members who are filling the Pool. Just like liquidity providers in DeFi, these members are staking their CTK. In addition to normal staking rewards, these members also gain a portion of the fees paid by the other members who reserve a portion of the Pool to protect their crypto assets. These members who are filling the Pool must recognize the risks associated with being liquidity providers: their staked CTK may be used to pay out approved claims of reimbursement. High risk, high reward.

      Now let’s talk about the members who seek to protect their crypto assets. Each ShentuShield Pool is intended to protect the users of a specific crypto asset (like BNB, for instance). If you’re a BNB holder and you are  a member of the ShentuShield Pool, you can reserve a part of the funds to request a reimbursement if your BNB gets lost or stolen. You’ll pay a fee, and as mentioned, this will go directly into the members who have pooled their own CTK as liquidity providers.

      Reimbursement eligibility is defined by the provable and irretrievable loss of crypto assets — this can be from a hack, a malfunctioning contract, or other unfortunate event, but losses from social engineering (sim swap, Telegram/Twitter scam, etc.) or a misplaced private key are not eligible because proof of a legitimate loss, as opposed to a coordinated “loss,” is not absolute.

      Members seeking reimbursement must submit Claim Proposals, which are voted by the decentralized group of ShentuShield members to approve or reject the claim. All submissions require fees, protecting the system against illegitimate claims and gaming of the system.

      The blockchain world is filled with early adopters and long-term holders, so the ShentuShield offers a safer way to protect your crypto assets from any unexpected losses.

    Shentu Certified Virtual Machine (CVM)

    • Security as an On-Chain Value
      None of today’s virtual machines expose security as a runtime value or include it as part of blockchain semantics. Formal Verification is done outside of a virtual machine and is invisible to the chain operation and VM execution. 

      We believe establishing smart contracts and blockchain security brings more dynamic, actionable value to chain operation and VM execution. For example, a secure smart contract may choose to interact differently with secure and non-secure smart contracts. In real life, this kind of differentiation based on security levels is common and useful. 

      The Shentu Virtual Machine (CVM) exposes smart contracts and blockchain security information to the VM code, enabling unprecedented ways to access, check, depend on, and even dynamically establish blockchain and smart contract security. The interaction of security and other blockchain semantics will result in safer, simpler, and more efficient VM code, which leads to new true killer apps for the blockchain world.
    • Advanced Security of and for VM Code
      The CVM supports advanced formal verification via mathematical proofs, where the trusted computing base (TCB) is minimal, which is how the DeepSEA compiler is fully mathematically verified. 

      In particular, CVM supports bytecode and proofs generated by DeepSEA’s certified compiler. Eventually, the CVM will enforce sandboxing and isolation of any code not fully certified via mathematical proof by being completely formally verified via mathematical proof. 

      The CVM establishes a hierarchy of VM code security so that different vendors and technologies can coexist and collaborate with clarity. In one extreme, trustless VM code with a complete mathematical proof will be of the highest levels of security and can help achieve true decentralization for the blockchain world. In the other extreme, even non-secure VM code, which has no verification or auditing, may still be allowed to execute in CVM with proper protections against it and still be able to collaborate with other secure smart contracts in CVM.


    • A Language to Write Verified Smart Contracts
      DeepSEA is a functional programming language that allows developers to handle extremely complex code while formally verifying through the Coq proof assistant. Originally designed for implementing systems software such as OS kernels, DeepSEA uses the same set of features that are used for encapsulating state inside a kernel for implementing smart contracts in the blockchain ecosystem.  

      The language provides a streamlined solution that automatically generates both executable code and a formal model that can be loaded into the Coq theorem prover. By integrating smart contracts and Coq, users can apply Formal Verification to the most challenging tasks, allowing for a completely verified program.
    • DeepSEA Principles
      DeepSEA was built with four key principles that combine the best features of several other programming languages.
    • Equational Reasoning: Each DeepSEA term translates into a corresponding functional specification, which can then be reasoned about in the Coq proof assistant.
    • Layered Specification: DeepSEA keeps proof manageable by abstraction layers that provide a high-level view of the program. The compiler proves that the raw bytecode implementation behaves as intended, while the developer only needs to look at the high-level representation.
    • Encapsulation and Composition: Each DeepSEA layer consists of a set of objects that are built on top of another layer, and the layers can be proven correct one at a time.
    • Built-In Abstract Refinement: DeepSEA verifies larger systems in user-friendly steps. The process is structured as a series of linked refinement proofs that prove a linked program meets the specification.

    On-Chain Contract Specification

    • With the Shentu Chain, smart contract publishers have the option to store ABI (the Application Binary Interface) on-chain along with deployed smart contracts. This feature, not found in many other blockchain ecosystems, allows users to interact more easily with smart contracts without needing to keep track of and manually copy-and-paste ABIs every time.


    • Users can easily view their token balance, redeem delegated rewards, and send and receive tokens to other users from their DeepWallet, which is accessible through a web browser. Unlike traditional wallets, the DeepWallet has additional enhanced features to allow users to delegate stakes as well as deploy smart contracts. Check out DeepWallet

    Built-In Smart Contract Security

    • Beyond initial auditing and verification, smart contracts on the CVM can validate other smart contracts’ security, in either cryptographic and mathematical forms, for ultimate security assurance. On-chain smart contracts will contain cryptographic certificates as proof of verified security.  

      The Chain additionally provides different permissions, allowances, and limits of smart contracts based on different security levels. For example, an advanced secure contract with open formal specifications can restrict the outflow of funds to any basic contract, ensuring a deeply secure transaction.