[Guide] How to run a Keep3r on OpenZeppelin Defender for free

Edit: Before reading and following this guide, I encourage you all to read the reply from @spalladino from the OpenZeppelin team. You will see that the OpenZeppelin team is working on a more economical solution for Keep3rs, which is much more secure than what I propose below.

@Silver_surfer also included a very helpful reply on how to get started with registering with OpenZeppelin defender as Keep3r user in order to have access to some hot-off-the-press features that will help make running Keep3rs on their system better! It is also free for the time being!

I’ll keep my guide up for educational purposes, but I do ask that no one actually uses it except for testing with a wallet you are willing to abandon and throw away later. Putting your private key into a cloud system is pretty much asking to leak your key.

Soon I will provide an update to the code that users the relayer signer instead of a private key signer, just like Andre’s original solution, but I will include more than just the UniswapOracleV2 job.

Also, after testing my method on my own Keep3r, I am pretty sure my code has an issue with proper gas estimate. So it will end up just failing txs due to out of gas errors.

Andre recently posted this guide showing how to run a Keep3r in the cloud with OpenZeppelin Defender.

However, using OpenZeppelin Defender’s relayer feature costs a lot of money and the code provided by Andre depends on relayers.

So, I decided to post a quick guide and share some code on how to run without relayers so that people can run Keepers using the OpenZeppelin free tier.

This method involves uploading a private key to OpenZeppelin in a javascript file. Exporting your private key and putting it in a file is extremely dangerous. This instantly turns any cold wallet into a hot wallet and you should only be doing this with wallets you are prepared to lose. As soon as someone else sees your private key, that wallet is compromised and your coins will be stolen. Do not screenshot this code after pasting your private key and try to ask questions for help here. Be very careful.

I repeat, exporting your private key and putting it in a file is not secure. Do NOT under any circumstance put your main wallet’s private key into a file like this. If you bonded with your main wallet, too bad. Make a new account, send it some ether, bond again and wait 3 days. It is worth the safety.

Once your private key is in a file in OpenZeppelin, you are putting your entire faith into their system to be secure. If they get hacked, your wallet will be stolen. I repeat, DO NOT USE your main wallet. Create a new account and wait the 3 days to bond. Don’t play games and risk your main wallet.

Now that we got that out of the way.

  1. Follow Andre’s guide prerequisites to create an OpenZeppelin | defender account and register a Keep3R (remember, make a new Keep3r on a burner account and don’t use your main account)

  2. Skip step 1 in Andre’s guide since you won’t need a Relayer

  3. For step 3, paste the code from my Github gist into the task instead of the one that Andre posts.

You will need to fill the first couple of lines with your Keep3r address and private key (put these in between the quotes that I included). Also, take time to reread the caveats at the top of the post. Putting your private key in a file on a cloud system is not secure.

  1. Save your autotask and now you should have a Keep3r that runs in the cloud and checks the UniswapOracleV2, HegicPoolKeep3r, and YearnV1EarnKeep3r jobs and will run them if they are workable.



Thanks as usual. This is really a clear and to the point guide.


Thanks a lot,
Very glad to see what i was looking for! Some ressources from techy guys for non too techy one who want to give a try to this.

I’ve contacted the openzepplin team for having access to a mainet relayer. Is still free for now and for some mounth.

So I want to stick to the relayer and try to avoid the private key export in a file part. But then, the relayer adresse i’ve create have to bond token to become a keepers and i don’t now what will be the transaction code for that?

It will be very helpfull to add this to your guide, for offering the widest range of setup and use

1 Like

Amazing dude, like you bold stuff and put highlights everywhere… thank you for helping protect uninformed keepers

1 Like

Hey there! Santiago from the OpenZeppelin team here. First of all: awesome guide @kx9x! We love to see the community working out how to best use the tools we build, and the synergy between Defender and Keep3r has been amazing.

As @kx9x points out, storing your private key in plain text in autotask code is not the way we intended Autotask/Relayers to be used, but it is a clever way to stay within the free tier for mainnet interaction. It misses out on several Relayer features, such as nonce management, automatic resubmissions, low funds alerts, gas price oracles, and a few others - not to mention securely storing the private key on a key vault. Nevertheless, it gets the job done!

Something else to take into consideration is that autotask runs are throttled based on the plan. No more than 30 autotask runs can be executed per hour in total (see docs) in the free plan, so other relayers in the paid plan will have a better chance to snatch the available jobs to be executed, since they can execute at a higher frequency.

Also, we understand that U$S500 a month may be too high for individuals just looking for running a keep3r. We came up with that pricing for teams looking to use all the features of Defender, but this new use case took us by storm. As @Elma mentioned, mainnet relayers are still free to use upon request until Dec-Jan, and we are working on a more reasonable tier for keep3rs.

In the meantime, we are also rushing to implement new features and provide new docs to make onboarding as easy as possible, to solve issues like the one mentioned here. We expect to have something ready to ship by this week.

So I want to stick to the relayer and try to avoid the private key export in a file part. But then, the relayer adresse i’ve create have to bond token to become a keepers and i don’t now what will be the transaction code for that?

All in all, we suggest that if you are interested in running a keep3r, reach out to us or join our discussion forum so we can best work with you on getting you up and running. We have already 30 teams running keep3rs on Defender in the mainnet plan, so the competition for the jobs will be fierce!

But, to be completely honest, we also love to see these efforts in how to bypass our own system - we are also hackers at heart after all! :slight_smile:


I registered for an account, and were pleasantly surprised by OpenZeppelin team!

For Keep3r users it’s possible to register on OpenZeppelin defender and get mainnet access as Relayer under these conditions:

“For now Defender is free to use. Sometime in the next few months we will start charging fees for mainnet access. For the keep3r.network the Defender fee will be 10% of keeper rewards up to a maximum of $500/month.”

When you fill out the registration form in the field Company just put keep3r.network, and under the form tick the box “keep3r.network”.

Then someone from OpenZeppelin will contact you via email, and set you up a Defender account including mainnet access.

“Keep on the lookout for more features coming soon, including special support and examples for the keep3r.network!”

For further information you can:

I plan to test it a little bit, to see how it’s working.


Thank you for the reply!

It put a bad taste in my mouth to release a guide that involved posting private keys into a unsecure file and also putting that private key into a cloud service. I decided to post it anyway, hoping that it would at least be a good learning opportunity or invoke some good discussion. Looks like it did!

Exciting to hear about the special pricing and the upcoming examples/new docs. Sounds great.

Also, glad to provide you of an example of someone bypassing the intended usage of your system. Hoping it gives you ideas on how to prevent users from shooting themselves in the foot by doing crazy things like me.

Also, @Silver_surfer thank you for that info about what everyone can do today to access Relayer for free right now. Sounds great!

I added an edit to the top of my post in order to inform everyone to read your responses and to convince them to go the route of trying out the secure solution of relayering rather than using my unsecure method.

Thanks all!


Nice to know the team propose their help!

As I asked to @kx9x, after creating an account (Andre’s tuto), you need that our relayer adress become a keeper. How we do that? Andre’s tuto take this for granted but for low level member is not ? For the another Andre’s tuto which is dedicated to " Joining as a Keeper" the explainations doesn’t cover the OpenZepplin defender process. What are the TX code we have to write (copy/paste and modify) to send from our relayer the bonding transaction?

Did the team, here on their channels, could help to develop some low level guide for setting up a Keeper?


You are right that Andre’s instructions don’t really cover how to actually activate a keep3r in the context of a Defender relayer.

It might not be possible yet without some custom scripting. The OpenZeppelin team seems to be working on a script that will bond and activate the Keep3r for you: defender-keep3r-demo/autoregister-keeper.js at master · spalladino/defender-keep3r-demo (github.com)

However, their scripts are currently for the testnet only. They will be working on this process over the next few days, so we might have to wait.

If I get access to the Defender with relayer, I will see if I can come up with a way to quick start the bonding/activation process but without the full features that the team may implement. I might just fork their example and use the mainnet addresses, test it myself, and then share it here for others to use.

Here are the forum posts that I used to find this info btw:
Keep3r: which addresses correspond to what - Support / Defender - OpenZeppelin Community
Complete Beginner’s Guide to being an Honest Keep3rV1 - General / Showcase - OpenZeppelin Community


Thanks a lot @kx9x!

I will wait for your instruction or the OpenZepplin one. Thanks again for not forgetting the more noobs of us!


No problem! Glad to help.

And remember everyone, don’t fear about missing out on anything right now. The system is in its infancy and there are lots of people hard at work to make it easier, more accessible, and profitable.

My advice is to take things slow, learn a lot, and give really good feedback. Don’t be afraid to ask questions and report issues. It will help the dev team a lot. My goal is to make sure non-technical users can succeed as much as anyone.



I mean, if these keys get leaked, whether they are part of the plan or not part of it… It’ll be a big blow to the reputation of your company. So I’m not sure that making this feature paid is something you guys can afford to do… I mean, just imagine the backlash if someone manages to syphon off the keys off of the unpaid plans, handling media will be interesting to watch… So I recommend, making that feature not paid or disallow having keys on your systems that are not secured with an acceptable threshold of security, but hey I’m just a random person, giving a recommendation (if it came from someone more reputable, it would get more weight).

1 Like

We’ll be posting something by end of day today, while we keep working on features to make the process easier. I’ll make sure to share it here once ready!


Guide is in progress here if you want to contribute! Please don’t use the code in yet until it’s finalized and we can properly test it.


Nice!! Just tried, bonding in process!
Will keep you update if I encounter issues.
Good jobs here

1 Like

Looks good! After reading the code, I wish Keep3r jobs had a consistent ABI. It is really annoying that each job has a different name for the workable and work functions. Maybe I can make a proposal here to promote a more strict adherence to an ABI spec. That way scripts like these don’t have to add custom logic for each kind of job.

Also, that last bit of the example code is helpful. I was looking for a way to debug locally without having to change the structure of the code.



Thanks you for your outstanding work :grinning:

yeah, i agree @kx9x and it will be great if you create a proposal on that.

Hey folks, we’ve published our guide to activating and running a Relayer on Defender, along with a few changed in the Defender Client that make the setup even easier. Check it out and let us know what you think!



Following the entire procedure.
Message: Error running autotask: Unhandled

Please advise

Thank you