Understanding Alerts

ChainRaven monitors your smart contracts for four types of security-relevant events. This guide explains each alert type, why it matters, and what information is included in each notification.

Alert Types at a Glance

---

Large Transfer

What is it?

ChainRaven monitors Transfer events emitted by ERC-20 token contracts on your watchlist. When a single transfer exceeds your configured threshold, a Large Transfer alert is triggered.

Why it matters

• Could indicate an exploit actively draining funds from the contract
• Signals significant whale movements worth investigating
• Helps catch suspicious outflows the moment they happen on-chain

Threshold modes

You can configure thresholds three ways:

• Amount mode — raw token amount (e.g., 1,000,000 USDC)
• USD mode — dollar value at time of transfer (e.g., $500,000)
• Percentage mode — percentage of total supply (e.g., 1%)

See Large Transfer Detection for full configuration details.

How severity is determined

Large transfer alerts use multiplier-based severity relative to your configured threshold:

What's included in the alert

• Token name and symbol
• Transfer amount and estimated USD value
• From and To addresses
• How much the threshold was exceeded
• Transaction hash with block explorer link

---

Ownership Transfer

What is it?

Detects when a contract emits the OwnershipTransferred event, indicating the contract owner has changed to a new address.

Why it matters

• Unauthorized ownership transfer is a critical security breach
• May indicate compromised private keys or a targeted phishing attack
• Could be part of a legitimate handoff — but you should always verify it was expected

Tip: If you weren't expecting an ownership transfer on a contract you own or rely on, treat it as a potential security incident and investigate immediately.

What's included in the alert

• Previous owner address
• New owner address
• Transaction hash with link to block explorer
• Contract address and chain

---

Proxy Upgrade

What is it?

Detects when a proxy contract's implementation is upgraded via the Upgraded event. This means the contract's logic has been replaced with a new implementation.

Why it matters

• The new implementation could contain malicious, broken, or undisclosed code
• Upgrading is a privileged operation that should always be communicated in advance
• Critical for tracking code changes in any upgradeable contract you interact with

Note: If you receive a Proxy Upgrade alert, consider running an AI Contract Analysis on the new implementation address to understand what changed.

What's included in the alert

• New implementation address
• Transaction hash with link to block explorer
• Contract address and chain

---

Admin Change

What is it?

Detects AdminChanged events when the admin role is transferred to a different address. The admin role controls who can upgrade the proxy implementation.

Why it matters

• Admin can perform privileged operations including upgrading contract logic
• Unexpected admin changes could indicate compromise or unauthorized access
• Important for governance transparency on contracts you rely on

What's included in the alert

• Previous admin address
• New admin address
• Transaction hash with link to block explorer
• Contract address and chain

---

Severity Levels Explained

ChainRaven uses four severity levels across all alert types:

You can configure a minimum severity threshold in Alert Preferences to reduce notification noise on busy contracts.

---

Contract Health Score

Each monitored contract receives a health score from 0–100 based on recent event activity:

The score is recalculated continuously and considers the number and severity of events detected in the last 24 hours.

---

Next Steps

• Alert Preferences — Customize notification settings, channels, and cooldowns
• Email Setup — Configure email alerts
• Telegram Setup — Get mobile push notifications
• Discord Setup — Send team alerts to Discord