Since announcing Forta on October 1, 2021, hundreds of developers have built threat detection agents for its decentralized runtime security protocol. To support continued growth, Forta is launching Forta Explorer and Forta Connect, two apps that give developers and users a platform to easily create, browse, and subscribe to security alerts.

As the world’s economy transitions to public blockchains and Web3, Forta’s mission is to make crypto a safe place. Forta does this by enabling a global community of developers to monitor the smart contracts powering the ecosystem. The vehicles for monitoring smart contracts on Forta are called agents – virtual security cameras that broadcast a public feed. Any developer can write and publish an agent on the Forta network, and anyone can subscribe to an agent and receive its alerts. The more agents running on Forta, the safer Web3 becomes. 

In July, Forta launched in private beta. OpenZeppelin was running the network’s single node and a handful of developers were onboarded to start deploying simple agents.

In the last four months, the community has grown a lot…

-Over 100 developers have published agents on Forta, monitoring a variety of risks and threats to the largest DeFi protocols

-Leading Web3 and DeFi projects are working with developers in the community to write Forta agents that monitor for security, financial, operational and governance risks 

-9,600 people are engaging about smart contract security in the Forta Discord

Today, a suite of new features is available, significantly improving Forta’s agent developer and user experiences, including:

-Forta Connect, a self-service platform for developers to publish and manage their agents. By making the agent development process easier, Connect should increase the number of developers building on Forta, as well as the number and quality of agents running on the network. 

-Explorer, an application allowing users to browse and subscribe to agents. Users have the option to receive alerts via Slack or email, with more integrations coming soon. By making it easier to consume alerts, Explorer will help onboard new users, and make Forta alerts more valuable and actionable.  

-Private Agents, allowing developers to obfuscate their agent code and encrypt alert output. There are certain agents, such as those monitoring for threats and exploits, where discretion is important. Giving developers the ability to create private agents means Forta can monitor for a broader set of risks and support more users. 

Read on for more details about these feature updates…

Forta Connect

If you published an agent on Forta in the last three months, you did it through the CLI. This wasn’t an ideal experience, but it served its purpose early on. That said, developers deserve better. 

Forta Connect is a new self-service platform that helps developers publish and manage their agents. Like other Web3 applications, developers must connect to the platform using a Metamask wallet and sign a transaction. The wallet address serves as your identity going forward.  

Connect also features a developer profile. The public profile is the basis for a developer’s reputation on Forta, and contains information on the agents published. The public can also view agent / alert documentation along with developer info and find links to agent source code (if published). 

Another benefit of publishing agents through the Connect platform is subsidized transaction fees. Publishing an agent requires recording the agent on a smart contract based-registry. Forta recently migrated its smart contracts and all agents to Polygon. Publishing a new agent on Polygon requires MATIC, but Forta will subsidize 100% of the publishing fees through Forta Connect. Developers are still able to publish and manage agents through the CLI, but they are responsible for fees.

Explorer

Until now, there hasn’t been an easy way to receive Forta alerts. An early version of Explorer displayed all alerts on the network, but it was difficult to filter for specifics and would have been difficult for a team, for example, to get actionable insights from. Most teams prefer to receive alerts through their default communication tool like Slack, email or Telegram. 

Explorer offers enhanced capabilities for users. One of the top priorities was making it easy for users to find and subscribe to agents. Explorer allows any user to subscribe to an alert, and integrate via webhook with Slack or email. Additional support for Telegram and other communication tools will be added soon. 

Like Forta Connect, users need to connect their Metamask wallet and sign a transaction. 

The Explorer will continue to offer a real-time alert feed, as well as other network-level statistics like total numbers of agents and alerts. 

Private Alerts

Dozens of protocol teams shared input over the last three months, and one piece of common feedback was a desire for private agents and alerts. 

Forta is public infrastructure and agent code and alert data is also public by default (viewable through the Explorer). However, there are circumstances that may be more sensitive than others, such as detecting a vulnerability or exploit, that a team may want to keep private and react to first before notifying their community or a hacker.

To address this need, the Forta developer docs include explicit examples for obfuscating agent code prior to publishing. Additionally, agent developers will have the ability to encrypt the alert output from their agents. The combination of agent code obfuscation and encrypted alerts will deliver partial privacy for more sensitive alerts. 

In the future, Forta may also add SDKs for compiled languages like Golang and Rust. Community contributions are welcome here! You can always offer input in the Forta Discord. 

Other Highlights

Transition to Polygon

During the network’s private beta period, Forta smart contracts and the published agent registry ran on Ethereum’s Goerli testnet. This approach optimized for cost effectiveness early on, but the goal has always been to run these components of Forta on a Layer 2 blockchain for maximum transparency and decentralization. 

To cope with the increase of agents and users on the network, Forta recently migrated all smart contracts and agents to Polygon. This migration gives Forta the infrastructure it needs to horizontally scale nodes, and a new assigner for agent registry listing. Now, when a developer publishes an agent, it will be registered in a Polygon smart contract. Agent code will continue to live in a docker container on IPFS. 

Integration with OpenZeppelin Defender (coming November 15th)

Defender is the leading smart contract operations platform, powering the operations of Aave, Yearn, theGraph, PoolTogether, Status, Mirror, Foundation, Opyn and many other leading projects, as well as thousands of individual users. Through an integration with Forta, Defender becomes even more powerful, enabling teams to automate smart contract operations in critical security conditions. OpenZeppelin may introduce additional Forta support and features in the future.

Projects can subscribe to and receive Forta alerts directly through their Defender dashboard and have the ability to use Forta alerts as triggers for auto-tasks. This means that teams can program automated actions conditionally on a specific agent/alert firing. For example, Defender can be configured to auto-execute the pause (timelock) function in your contract based on an alert about a potential exploit.

Defender will be one of the initial third-party user interfaces teams can use to interact with Forta alerts, and Forta is committed to integrating other smart contract operations platforms as they come to market. If you would like to integrate Forta alerts in other platforms, please reach out.

—

Forta will be releasing further updates, additional information and documentation over the coming days and all feedback and involvement from the community is encouraged. 

If you are a team interested in using Forta for your threat/risk detection needs, please reach out in the community Discord.