Smart Contract Monitoring with Forta
What is Forta?
Forta is an exciting new security monitoring platform in collaboration with OpenZeppelin that aims to provide comprehensive threat detection for smart contracts. Forta’s goal is to apply some of the best practices from traditional network monitoring to decentralized networks, initially focusing on Ethereum.
Why Forta?
In the smart contract world today, security is primarily achieved through code audits. While smart contract audits are an essential part of the process, even the best auditors cannot guarantee bug-free code. Once a contract is deployed, security monitoring tends to be nonexistent, and incident response is very primitive. Teams may not be aware that their contracts have been exploited until minutes or hours later, at which point often nothing can be done. Forta introduces real-time detection of suspicious behavior and generates alerts (called findings in Forta lingo) that are broadcast to the Forta network. These alerts empower teams to develop automated response actions when threats are detected.
How does it work?
The Forta platform consists of dockerized scan agents written in Javascript, Typescript, or Python that analyze blockchain transactions in real time for information or events of interest. Anyone can develop a scan agent and publish the code to the Forta network. Here are some examples of useful things to monitor:
- Transactions with an unusually high gas price paid
- Transactions from a banned address
- The upgrade of a proxy contract
- Ownership transfers and role changes
- Administrative events not happening as expected or when scheduled
- Changes to the number of administrators or approvals on an M-of-N wallet
- Sudden drops in liquidity
- Sudden token price changes
- High number of failed transactions for a specific contract
This is by no means a complete list, but should give you an idea of some basic monitoring capabilities of Forta. Scan agents can be written to identify behavior that is considered suspicious, or to report purely informational “health and status” data that can identify when a protocol may be in a degraded state.
Scan nodes are computers that run the scan agents. A scan node operator will select which agent docker images they wish to run and will push transaction data to the agents for analysis. When an agent generates an alert, the scan node will publish it to the blockchain.
Project teams and the broader community can use this information to monitor the status of a set of contracts, and can also leverage alerts to automatically respond to an incident and potentially minimize the impact of an attack or stop it from executing to completion.
Access will be open to everyone, and anyone can develop agents. All the findings are made public on the blockchain.
What is AE’s role?
Arbitrary Execution has been working with the Forta team in the beta development phase to research and build scan agents, and help identify improvements in the SDK and development process. The Forta team is great to work with — they’ve been very helpful and responsive to feedback. The SDK is easy to use and developers can get started quickly writing agents using the examples that the Forta team has provided. So far we’ve developed an agent that provides comprehensive threat detection and status monitoring for the Aave protocol, and we’re currently working on a new agent for UMA’s priceless contracts. We’ve also developed simpler agents like a Tornado Cash withdrawal monitor and some basic examples for identifying outliers and suspicious transactions — high gas price, large swap value, banned addresses, transfer of ownership, etc. Our Forta source code is available at https://github.com/arbitraryexecution/.
We are very excited to be part of the Forta effort! Forta brings a huge advance in decentralized security monitoring and to date we’ve just scratched the surface of what’s possible.
To learn more about Forta, check out https://forta.org.
Looking for smart contract audit, or other decentralized technology security services? Check us out at arbitraryexecution.com.
