Share
Recaps
Introducing Forta - a Web3 approach to securing the open economy
September 30, 2021
•
Incubated by OpenZeppelin, Forta is the first real-time detection network for security & operational monitoring of blockchain activity. Protocols, DAOs, investors and individuals can use Forta to monitor transaction activity and receive alerts on security, financial, operational and governance related events on Layer 1s, Layer 2s and sidechains.
Security is a continuous effort
Smart contract development and security practices have evolved a lot since Ethereum launched in 2015. Smart contract audits and reusable code libraries have become standard practice. However, as helpful as audits, code libraries and other techniques are in identifying or preventing bugs and vulnerabilities in code, there is a limit to their effectiveness. Once a smart contract is deployed on a blockchain, the risk profile changes. How the contract is managed (administration), how the contract interacts with other contracts (composability), and how the contract responds to unanticipated market events all become relevant and introduce new risk vectors. Put differently, the code can work and you can still have problems. Smart contract security requires a continuous effort, and post-deployment monitoring for threats and anomalies is as important as the steps taken prior to deployment.
In Web 2.0, active monitoring and protection of live systems is called runtime security. There are very mature, centralized solutions that perform runtime security for applications, systems and networks today, but we don’t have comparable offerings for smart contracts running on decentralized networks…yet.
Incubating a Solution
Since 2015, OpenZeppelin has focused on making the smart contract development process as easy and secure as possible. Their smart contract library has enabled tens of thousands of developers to build assets and applications on Ethereum, and their industry-leading audits help eliminate bugs and vulnerabilities in code pre-deployment. Post-deployment, their Defender platform is now used by dozens of leading projects to automate smart contract operations. As they dove deeper into post-deployment security practices, they quickly realized a reliable, flexible runtime solution was needed.
After speaking with dozens of projects and analyzing the last 18 months of hacks, it became clear that (a) early detection could prevent or significantly minimize loss of funds and other anomalies, and (b) there were distinct advantages to a decentralized solution to the runtime problem. Based on those conclusions, OpenZeppelin developed a prototype. Over the last year this prototype evolved based on feedback and contributions from the early members of our community.
Today, we are excited to introduce Forta, the first real-time detection network for security & operational monitoring of blockchain activity.
Forta – the “security cameras and alarm system for the open economy”
The goal of Forta is to detect threats and anomalies on DeFi, NFT, governance, bridges and other Web3 systems in real-time. By providing users with timely and useful information about the security and stability of their systems, they have an opportunity to react and take action, preventing or minimizing the losses and other anomalies.
The Forta Network has two main components – detection bots and nodes. Detection bots are pieces of logic (scripts) that look for certain transaction characteristics or state changes (e.g. anomaly detection) on smart contracts across any Layer 1, Layer 2, or sidechain. Nodes run detection bots against each block of transactions. When the bots detect a specific condition or event, the network emits an alert which is stored on IPFS and linked on a public blockchain. Forta will also maintain an automated public registry of all alerts, and anyone interested in the security of a contract can consume relevant alerts via the explorer or API.
There is value in the negative signal too – knowing that detection bots are running 24/7 and not triggering alerts. Forta will maintain an automated record of the detection bots run by each node, for each block.
For a Web3 runtime security solution to be successful, it needs to be permissionless. The pace of innovation on public blockchains is exhausting. Everytime a new protocol or contract is deployed, new risk vectors are introduced. No single company with a centralized solution can effectively address these evolving risks. A decentralized community-based approach that properly incentivizes stakeholders is the most effective and efficient way to cover the landscape of risk.
Community-led
Forta is designed to be a public utility serving the DAO, DeFi and NFT ecosystems. This requires building an even more robust community of engineers, security professionals and infrastructure providers to develop useful detection bots, operate nodes, and develop related products and services on top of or alongside Forta and to ultimately govern the network.
A growing number of developers and protocols are building and using Forta in private beta. These early contributors have provided valuable feedback that continues to improve the developer and user experiences. Beginning today, Forta will be onboarding a wider group of developers to build novel detection bots.
If you’re a developer interested in building detection bots, hop in the Forta Discord! If you’re a team interested in using Forta as part of your threat and anomalies detection capabilities, introduce yourself here! We are excited to work with you!
Securing blockchains and digital assets is a critical part of driving mainstream crypto adoption. As the world’s economy moves to decentralized systems, Forta’s end goal is to protect the world’s most valuable economic transactions.
We look forward to securing the open economy with you!
…
For more info, check out www.forta.org and join the conversation on Discord.