# core-concepts
Detections
Detections are the core building block of ChainAlert. Each detection defines what to watch for on-chain and when to alert you. You create them from pre-built templates — no code required.
How Detections Work
When you create a detection, you pick a template and provide a few inputs (like a contract address or a threshold). Behind the scenes, ChainAlert compiles your detection into one or more monitoring rules that the pipeline evaluates against live blockchain data.
If the contract is verified on Etherscan or Sourcify, ChainAlert automatically fetches its ABI. For standard events like ERC-20 transfers, detections work out of the box on any contract — no ABI needed.
Detection Lifecycle
Template → user selects + provides inputs
Detection → API compiles into rules
Rules → workers evaluate against chain data
Events → matched on-chain activity stored
Alert → notification sent via your channels
Severity Levels
Every detection has a severity level that propagates to its alerts. Use severity to prioritize your response and route alerts to the right channels.
Detection Templates
Browse the full catalog here. A few examples:
Large Transfer
Fires when an ERC-20 Transfer event exceeds a threshold you define.
"Alert me when any single USDC transfer is greater than $1M on Ethereum."
Inputs: Token address, threshold amount
Ownership Transfer
Monitors OwnershipTransferred events on Ownable contracts.
"Alert me the moment ownership of our vault contract changes."
Inputs: Contract address
Fund Drainage
Watches a wallet or contract balance and fires when it drops by a percentage within a time window.
"Alert me if our treasury loses more than 15% of its ETH in an hour."
Inputs: Address, token, drop %, time window
Proxy Upgrade (Storage Slot)
Polls the ERC-1967 implementation slot directly to catch silent proxy upgrades that bypass the Upgraded event.
"Alert me if the USDC proxy implementation changes — even without an Upgraded event."
Inputs: Poll interval (optional)
Custom Storage Slot
Monitor any EVM storage slot for changes or threshold crossings. Ideal for protocol parameters stored on-chain.
"Alert me if the collateral ratio in slot 0x05 drops below 150%."
Inputs: Storage slot (hex), condition type, threshold, poll interval
Contract Interaction
Monitor any contract event with your own filter conditions. For teams that need full flexibility.
"Alert me when our AMM's Swap event fires with amountIn > 500 ETH."
Inputs: Contract address, event signature, filter conditions
Custom View Function
Periodically calls any read-only contract function and monitors the return value for changes, threshold crossings, or anomalies.
"Alert me if totalSupply() on our token increases by more than 5% from its rolling average."
Inputs: Function signature, arguments, return type, condition, poll interval
Custom Function Call
Detects when a specific function is called directly on the monitored contract. Catches admin functions that emit no events.
"Alert me when addRollup(address) is called on our governance contract."
Inputs: Function signature, function name, optional parameter filter
Event Frequency Spike
Detects sudden increases in an event's firing rate compared to a historical baseline. No fixed threshold needed.
"Alert me if withdrawal events spike 200% above the hourly average."
Inputs: Event signature, observation window, baseline window, spike %
Deep Dive
Want to see the exact math, algorithms, and RPC calls behind each template? Read the See-Through Detection Templates documentation for full transparency on every computation.
Custom Conditions
Every detection supports filter conditions on decoded event fields. Conditions use simple comparison operators and full BigInt precision, so they work correctly with Solidity's uint256 values.
value > 1000000000000# amount exceeds 1M (6 decimals)
from != 0x000...000# exclude mints
role == 0x0000...ADMIN_ROLE# specific role