Oracle Risk Stack — Business Plan 2026-05-12

0. Executive summary

Oracle Risk Stack chỉ đáng làm nếu nó biến “oracle anomaly” thành “protocol impact + decision path” nhanh hơn, đáng tin hơn, và rẻ hơn một analyst/risk engineer đang trực thủ công.

Category to claim

Risk Ops

Oracle incident intelligence + decision support, không phải oracle provider.

Beachhead

5–20

Qualified lending/perp/vault teams để phỏng vấn/demo trước khi build rộng.

First paid proof

$500+

Setup hoặc monthly pilot. Nếu không thu được gì sau direct asks, kill subscription wedge.

Verdict

Go, nhưng chỉ ở chế độ validation có kỷ luật. Không build platform trước.
Wedge đúng: Watchtower + incident timeline + blast-radius stub + policy replay narrative.
Moat tương lai: incident database, protocol-to-feed dependency graph, policy replay benchmarks, not UI.
Không nên bán: raw price feed, generic dashboard, “AI autopilot”, automated liquidation guardrails giai đoạn đầu.

Điểm khắt khe: nếu 10–15 cuộc nói chuyện với protocol/risk teams không tạo được 2–3 LOI/pilot trả tiền hoặc ít nhất explicit weekly-use commitment, dự án phải pivot sang research/service memo hoặc dừng UI build.

0.5 Critical stress test

Cold verdict

Hôm nay Oracle Risk là product thesis + PRD + mockup, chưa phải business. Business chỉ bắt đầu khi một buyer có budget nói: “Tôi trả tiền để giảm thời gian triage oracle incidents / audit risk decisions / prove governance response.”

Assumption	Critical question	Evidence today	Verdict
Protocols đau vì oracle risk	Đau đến mức trả tiền ngoài existing tools?	Incident history và industry writing xác nhận oracle risk tồn tại; chưa có buyer interviews.	Promising, unproven
Dashboard + alerts đủ giá trị	Alert có vào workflow quyết định không?	PRD có flow; chưa có runtime alert quality.	Unproven
Blast-radius map là wedge	Map có đủ chính xác để risk team tin?	Chưa có database feed→protocol→TVL.	Hardest gap
Policy replay là moat	Có đủ incident data để replay có ý nghĩa?	Chưa compile incident corpus.	Buildable
Team có lợi thế Chainlink	Lợi thế này tạo sales access hay chỉ là thesis?	Team có Chainlink thesis + treasury context, nhưng chưa có partnership/channel.	Narrative edge only

Buyer / budget question

Buyer khả thi không phải “DeFi user”. Buyer là Head of Risk, protocol founder, governance risk delegate, vault operator, hoặc market-maker ops lead. Budget đến từ risk tooling, analytics, consulting, infra monitoring, hoặc custom reporting — không phải retail subscription.

Kill / pivot criteria

Kill UI build: sau 15 qualified demos, dưới 3 người muốn dùng hàng tuần hoặc dưới 2 người đồng ý trả pilot/setup.
Pivot to service: khách thích incident memo/report hơn dashboard; bán “Oracle Risk Brief + custom blast-radius analysis” trước.
Pivot to internal treasury/tooling: không có external WTP nhưng nội bộ dùng được cho LINK/Chainlink risk monitoring.
Do not proceed to auto-action: trước khi có false-positive benchmarks, audit logs, legal review, and customer trust.

1. Sources & confidence

Source	What it supports	Confidence
Internal PRD: oracle-risk-stack-prd-roadmap-2026-03-19.md	Product modules, 30/60/90 roadmap, non-goals, MVP scope.	High internal
TT-HANDOFF.md	Risk taxonomy, ICP, open tasks, product ladder.	High internal
Chainlink Data Streams official/docs	Low-latency pull oracle, sub-second data, market data risk indicators.	High official
Pyth Price Feeds official	First-party market data, confidence intervals, plan structure.	High official
Chaos Labs Oracles official	Price + risk + proof feeds; competitor with real-time risk positioning.	High official
Gauntlet oracle-risk resource	Oracle KPIs, fragmented lending meta, risk perspective.	Medium
OpenZeppelin Defender/Sentinel public pages	Monitoring/ops tooling comparison, not direct oracle-risk competitor.	Medium

No fabricated traction, revenue, TAM, logos, or customer commitments are claimed. Financials below are planning assumptions only.

2. Product positioning

Claim this

Oracle Risk Operations Console for DeFi protocols: detect feed/data anomalies, map protocol exposure, and produce defensible action recommendations with replayable evidence.

Avoid this

Do not claim to be a new oracle provider, automated onchain defense system, compliance attestor, or generic crypto dashboard.

One-liner

“Oracle Risk Stack helps protocol operators detect bad market-data states, understand blast radius, and decide what to do before oracle issues become bad debt, wrong liquidations, or governance chaos.”

Why this wedge is sharper than Chainlink Trust Monitor

The older Chainlink Trust Monitor thesis is broader. For Oracle Risk, the sharper commercial wedge is narrower: incident triage and decision support for oracle-dependent protocols. Treasury/reserve monitoring can remain a later adjacent module, but it should not blur the first buyer.

3. Market opportunity

Market should be treated bottom-up, not TAM theatre. The reachable first market is small: protocols and operators with meaningful oracle dependency and enough TVL/OI/reputation risk that false liquidation or stale price incident is expensive.

Segment	Pain	Ability to pay	Launch priority
Lending protocols	Collateral valuation, LTV changes, bad debt, liquidation safety.	High if TVL meaningful.	P0
Perp / synthetic protocols	Mark price integrity, funding, oracle latency, manipulation risk.	High but demanding.	P0
Vault / strategy operators	Rebalance errors, bad NAV, dependency opacity.	Medium.	P1
Risk delegates / governance	Need defensible proposals and postmortem evidence.	Medium; often service/retainer.	P1
Retail / general investors	Curiosity, not budget.	Low.	Avoid

Market trap: “DeFi is large” does not mean this product has a large market. The paid market is only teams with operational responsibility and budget for risk tooling.

4. Problem

Oracle failure is rarely a single clean event. Operators need to distinguish: market dislocation vs stale feed vs source divergence vs manipulation vs safe recovery. Current internal PRD identifies four risk classes: stale data, divergent data, economically wrong but technically valid data, and no action layer.

Economically valuable jobs-to-be-done

Tell me within minutes which feeds are unsafe or degraded.
Tell me which markets/protocol functions are exposed.
Show why this is an oracle/data problem versus real market movement.
Produce an action recommendation with confidence and audit trail.
Replay past incidents to justify thresholds and governance policy.

5. Product strategy

Product ladder

Layer	Purpose	Launch scope	Revenue role
Watchtower	Freshness/deviation/divergence alerting.	Must launch first.	Demo wedge + monitoring value.
Risk Console	Dependency map, blast radius, incident explorer.	Launch as “manual-assisted” first.	Differentiation; supports higher ARPA.
Defense Engine	Policies, simulation, runbooks, approvals.	Simulation only.	Enterprise narrative + future moat.

MVP that can be sold in 30 days

10–20 high-value feeds/assets across Chainlink/Pyth/reference sources.
3 anomaly detectors: heartbeat lag, cross-source deviation, confidence-band/volatility stress.
Incident timeline with raw source snapshots.
Manual blast-radius mapping for 5–10 protocols/markets.
Weekly Oracle Risk Brief PDF/HTML plus urgent Telegram/webhook alert.
Policy replay on 3 historical incidents: Mango-style manipulation, stale feed, source divergence.

Do not build yet

Full multi-tenant permissioning.
Automated onchain action.
Broad all-chain/all-feed coverage.
White-label dashboards.
AI-generated actions without deterministic evidence.

6. Competitive landscape

Player	What they do	Threat	Opening for Oracle Risk
Chainlink Data Streams / Data Feeds	Low-latency market data, DON-signed reports, risk indicators.	Could own data-quality layer.	Build on top as independent risk ops / impact layer, not compete.
Pyth Network	First-party price feeds, confidence intervals, high-frequency data.	Strong data provider and ecosystem.	Use as reference/secondary source in cross-source risk view.
Chaos Labs	Risk oracles, price/risk/proof feeds, Aave/Ethena-style integrations.	Most direct strategic competitor.	Avoid enterprise oracle-provider fight; focus nimble incident intelligence + advisory pilot.
Gauntlet	Risk management research/services for DeFi protocols.	Credibility and relationships.	Position as focused oracle-risk ops console, not broad risk consultancy.
OpenZeppelin Defender Monitor	Contract/event monitoring and ops tooling.	Can cover generic alerts.	Oracle-specific incident reasoning, blast-radius mapping, replay, and risk memo layer.

Copyability objection: UI, alert rules, and basic feed tables are easy to copy. Defensibility must come from curated incident corpus, dependency map quality, replay methodology, and trusted operator workflow.

7. Business model & pricing

Pricing is assumption, not forecast. Start with paid pilots and custom reporting; only later package SaaS.

Offer	Who	Price assumption	What is included
Validation Brief	Risk delegates / small protocols	$500–$1,500 one-off	One protocol/feed dependency audit + incident replay memo.
Pilot Watchtower	Small protocol / vault operator	$500–$2,000 / month	Tracked feeds, weekly brief, alerts, manual blast-radius notes.
Risk Console Beta	Protocol with real TVL/OI	$2,000–$7,500 / month	Dependency map, incident explorer, policy simulation, governance-ready reports.
Enterprise Defense Simulation	Large protocol / risk team	Custom $10k+ / month or retainer	Custom policy packs, replay benchmarks, integrations, SLA. Later only.

Revenue sequencing

Do not wait for self-serve SaaS. Sell 3 paid audits/briefs first, then convert repeat pain into product.

8. Go-to-market plan

Founder-led GTM, not ads

Compile 30 target teams: 10 lending, 10 perp/synthetics, 10 vault/strategy/risk delegates.
Prepare one sharp demo: “LINK/USD deviation event → affected markets → suggested response → replay evidence.”
Offer a paid “Oracle Risk Exposure Audit” for one feed/protocol pair.
Publish 3 public incident teardown posts to establish credibility.
Use Chainlink ecosystem thesis and >60k LINK context as credibility, but do not oversell it as partnership.

Demo script

Start with a concrete incident, not product features.
Show raw source anomaly.
Show protocol exposure.
Show action menu and confidence caveat.
Ask: “Would this have changed your incident response? Who owns this today? What would you pay to avoid manual triage?”

9. Product roadmap tied to revenue

Phase	Build	Revenue gate	Stop if
Days 1–14	Incident corpus + 1 HTML/demo + 20 outreach targets.	5 discovery calls booked.	No one agrees oracle risk is owned/budgeted.
Days 15–30	Watchtower prototype + manual brief format.	1 paid audit or explicit LOI.	Only “interesting” feedback, no weekly-use signal.
Days 31–60	Dependency map v0 + 3 replay cases.	2–3 paid pilots.	Blast-radius mapping cannot be made trustworthy.
Days 61–90	Risk Console beta + policy simulation.	$2k+ MRR or service revenue.	Ops burden exceeds willingness-to-pay.

10. Financial model assumptions

Scenario	6 months	12 months	18 months	Interpretation
Conservative	0–2 paid briefs, $0–$2k MRR	$2k–$6k MRR	$5k–$12k MRR	Useful as niche service, not SaaS yet.
Base	2–3 paid pilots, $2k–$6k MRR	$10k–$25k MRR	$25k–$60k MRR	Small B2B risk-tool business forming.
Upside	1 enterprise beta + briefs, $8k–$15k MRR	$40k–$100k MRR	$100k+ MRR	Requires trust, integrations, and clear ROI proof.

Cost buckets

Data/API costs: Chainlink/Pyth/free sources first, paid sources only after buyer proof.
Engineering: dashboard/backend/detectors/dependency graph.
Research: incident corpus, protocol mapping, quality control.
Sales: founder-led calls, content, demo prep.
Legal/compliance: before claims around attestation or action recommendations.

11. Funding & treasury options

Use cash/light infra first. Do not sell or risk LINK treasury for unvalidated product build. Treasury is strategic credibility and customer-zero story, not default runway.

Option	Use	Verdict
Self-funded micro build	30–60 day prototype and outreach.	Best first move
Paid audit/service first	Fund development from customer pain.	Best validation
LINK builder reserve	Only for proven, small, capped expenses.	Guardrail required
External fundraise	Only after 3–5 paid pilots or strong LOIs.	Later
Leverage/collateralize LINK	Finance product before PMF.	Do not do

12. Risks and mitigations

Risk	Why it can kill the business	Mitigation
False positives	Customers lose revenue or ignore alerts.	Confidence bands, severity tiers, replay benchmarks, manual approval.
False negatives	Tool misses the only incident that matters.	Clear scope, source coverage labels, no safety overclaim.
Data licensing	Cannot redistribute/reference paid data.	Use official/free data first; legal review before paid feeds.
Competitor absorption	Chaos/Chainlink/Gauntlet can copy simple features.	Own narrow workflow + incident corpus + customer-specific mapping.
Service trap	Every customer needs custom work, margins collapse.	Turn repeated custom work into templates; cap pilot scope.
Trust burden	Risk teams won’t trust new vendor.	Start as decision-support/reporting, not execution authority.

13. 90-day execution plan

Week 1–2

Build incident corpus v0: Mango, Synthetix sKRW, Cream, TWAP cases, Chainlink heartbeat/market stress cases.
Create target list and outreach script.
Define 10 feeds/assets and 5 protocol dependency examples.

Week 3–4

Prototype Watchtower detectors with raw event logging.
Create weekly Oracle Risk Brief template.
Run 5 demos; ask direct WTP questions.

Month 2

Add dependency graph v0 and blast-radius confidence badges.
Sell 1–2 paid audits.
Convert repeated audit format into product UI.

Month 3

Policy replay module for 3 incident classes.
Beta Risk Console for 2 pilots.
Decision gate: productize, service-pivot, or stop.

14. KPI dashboard

KPI	Target before “real business” claim	Why it matters
Qualified discovery calls	15+	Validates buyer and pain.
Paid pilots / audits	2–3	Validates willingness to pay.
Weekly active pilot usage	70%+ of pilots	Validates habit/retention.
Alert precision	>80% “useful / not noise” pilot rating	Prevents alert fatigue.
Incident replay coverage	10+ high-quality cases	Builds moat and confidence.
Mapping confidence	Every blast-radius claim has source/confidence	Prevents fake intelligence.

15. What must be true

Oracle risk is owned by a named person/team with budget.
Manual triage cost/reputation risk is high enough to pay for tooling.
Customers trust a new vendor as decision support if evidence is transparent.
Dependency maps can be maintained without impossible manual burden.
Incident replay creates enough differentiation versus generic alerts.
Team can resist building broad Chainlink platform before sales proof.

16. Bottom-line recommendation

Recommendation: Proceed for 30 days as a paid-validation sprint. Build only what is needed to sell an Oracle Risk Exposure Audit + Watchtower pilot. Do not build a full SaaS, do not promise auto-action, do not spend heavily on paid data until buyer proof exists.

Immediate next actions

Compile incident corpus v0 and protocol/feed map v0.
Create one demo scenario from raw event to recommended action.
Book 15 discovery calls with lending/perp/vault/risk contacts.
Offer paid audit first; use revenue to decide productization.

Artifact generated by Lưu Bị on 2026-05-12. Static HTML is self-contained and dashboard-embedded. The plan deliberately labels assumptions and refuses unverified traction claims.