Data Integrity

Risk scores are only as good as the data feeding them. Philidor enforces strict data integrity guarantees.

Finality Depths

Per-chain confirmation depths prevent reading unfinalized (potentially reorganized) data:

Reorg Safety

Six invariants protect against data corruption from chain reorganizations:

1. Finalized blocks only — toBlock capped at getFinalizedBlockNumber, never getBlockNumber
2. Persist-then-advance — events written to database before sync cursor advances. If persistence fails, cursor stays put
3. All-or-nothing — any batch/module failure means no state advancement. Retry next cycle
4. Reorg rollback never jumps forward — uses Math.min(lastFinalizedBlock, lastProcessedBlock)
5. DB write failures propagate — RPC read failures are swallowed; DB write failures are exceptions
6. Deduplication — ON CONFLICT (tx_hash, log_index) DO NOTHING. Re-fetching is safe

Reconciliation

Automated checks run every 30 minutes to detect:

• Sync gaps — missing block ranges in the event log
• Event density drift — unusual changes in event frequency
• Stale cursors — sync state that hasn't advanced
• Data anomalies — inconsistencies between expected and observed data

Anomalies trigger alerts before they affect risk scores.

Sync Intervals

Oracle Freshness Monitoring

A dedicated worker polls Chainlink price feeds every 15 seconds and writes freshness data to Redis. This provides:

• Real-time staleness detection for oracle-dependent vaults
• Historical freshness data for the Oracle Freshness API
• Automatic score adjustment when feeds go stale

APR Data Sources

APR is sourced from on-chain share price reads (ERC-4626) or protocol APIs (Aave, Compound). Forward-looking estimates and boosted marketing figures are never used.

• Base APR: native protocol return (lending interest, share price accrual)
• Rewards: token emissions, points, trading fees — sourced from Morpho rewards API, Aavescan, and protocol subgraphs
• Invariant: apr_net = base_apr + SUM(reward APRs)