Smart contracts and the decentralized economy have seen amazing growth in the past 2 years, including huge growth in transaction volume and Total Value Locked. However, there have also been many highly-publicized hacks and exploits. Such events are cause for concern among new and experienced users alike. These security concerns also extend to the NFT market and other blockchain-based solution areas such as supply chain, e-commerce, public records, utility management and elections.
Measures taken prior to code release, such as security testing and audits, are critically important but have proven insufficient to identify all risks and potential exploits. Further, slow or delayed response to attacks and zero-day vulnerabilities has led to larger losses. Therefore, it has become clear that thorough system scanning for threat detection and prevention — often referred to collectively as runtime security — must also be implemented on smart contracts to mitigate risks and losses.
Threat Detection and Prevention
In 2020, over $150m was lost in a variety of smart contract hacks and exploits, and in 2021 those losses have accelerated with over $1b lost already. The losses have resulted from a variety of outsider attacks, insider compromises, and undiscovered vulnerabilities.
In most cases, the smart contract threats and exploits could have been detected by scanning transactions and smart contract state changes, and losses could have been avoided or dramatically reduced by pre-scanning transactions or more rapid or automated response. In most cases, users of those smart contracts also would have benefitted from faster warning.
Due to the complexity of smart contracts, protocol composability, multi-chain deployments and the rapidly changing landscape of smart contract programming languages and L1s and L2s, it is impossible to catch all risks and potential exploits before new protocols, apps and versions are released. The risks also extend to the smart contract services that protocols and users rely on such as stablecoins, exchanges, oracles and smart wallets which are also subject to attacks. The open economy needs real-time threat detection and prevention for smart contracts in order to secure growth and achieve mainstream adoption.
Layered Security Best Practices
Centralized service providers rely on many commercial solutions for threat detection and prevention, including antivirus scanners, network traffic and log scanners, and homegrown security event scanners. These solutions are fundamental to security and risk mitigation in centralized financial services, e-commerce, and many other industries. Typically these solutions involve the use of agents and scanners and (more recently) machine learning.
Runtime security solutions are designed to detect and thwart attacks and they often help to discover vulnerabilities after the fact. Runtime scanning and anomaly detection has therefore proven critical to mitigate the risks associated with software and computer networks, and is considered a key part of “layered security” best practices.
Smart contracts, especially those running on public and permissionless platforms, present new and different types of vulnerabilities, risks, and attack and exploit vectors. As a result of composability — the ability to integrate different smart contract protocols together, even within a single transaction — threats can also change rapidly. And the increase in multi-chain smart contract deployments means that vulnerabilities can spread across multiple chains.
Bug bounties have proven useful for finding issues after deployment, however bounties alone cannot solve issues with zero day exploits (e.g. teams still have a problem determining how to block reported vulnerabilities until they are fixed). And in many cases, as we have seen in DeFi, the value of exploitation is so high (with hundreds of millions of dollars at risk) that black hat hackers have much higher incentives than the bounties offered to white hats.
OpenZeppelin’s mission is to protect the open economy. OpenZeppelin is a leading provider of smart contract security audits and maintains OpenZeppelin Contracts, the premier open source library for creating tokens and protocols. In Q4 2020, OpenZeppelin launched Defender, a novel platform to automate smart contract operations. OpenZeppelin proudly works with many leading teams in the space, including Coinbase, Compound, Yearn, Aave, Balancer, Synthetix, SushiSwap, The Graph, and many more.
In early 2021, OpenZeppelin began investigating the potential to create decentralized networks of threat detection scanners coordinated and validated through a permissionless and secure protocol. In mid 2021, OpenZeppelin expanded this effort to include other partners, and this work yielded Forta.
Forta is a fully permissionless decentralized network of threat detection agents, scanner nodes and analyzer nodes working together through multi-chain smart contracts. Forta is designed for scalability and is capable of providing threat detection and risk mitigation for all L1s and L2s. A demonstration of how Forta agents could have been used to prevent or minimize the $600m Poly Network hack can be seen here.
Forta node software, run by independent node operators within a Proof of Stake security model, acts as a decentralized network of continuous scanners and threat / risk information providers. Two types of Forta nodes will exist, scanner nodes and analyzer nodes, both integrated to Forta multi-chain smart contracts. Scanner nodes scan all transactions and block-by-block state changes and execute Forta agents which contain the logic for threat detection. Automated work distribution in the smart contracts algorithmically assigns agents to scanners. Scanner nodes execute agents and produce a Proof of Scan for every block. When a Forta agent discovers a potential threat or risk, the scanner node broadcasts an alert to Forta validation smart contracts which enforce security and consensus among participating scanners. Analyzer nodes will perform classification, clustering, and other machine learning analysis on the emitted alerts to provide the highest accuracy threat / risk identification and will make that information available to network users in near real-time. Analyzer nodes will produce Query Receipts when fulfilling client information requests.
The Forta network will be secured by a native FORT token by staking and consensus validation and is therefore indispensable to the network’s functioning. The Forta network will ultimately be governed by use of the FORT token, which will help coordinate the key contributors to the decentralized permissionless network:
- Agent developers who contribute to Forta by creating specific logic for anomaly and issue detection
- Agent reviewers who are trusted experts selected by the network who review and approve Forta agent proposals submitted by the agent developers
- Node runners who run Forta scanner or analyzer nodes which execute agents, scan all blocks and transactions, and respond to user information requests
- Application developers who integrate Forta into their user apps to receive alerts on watched contracts, enabling them to take swift action
Much More To Come
Forta is just getting started. Forta is in private network testing with a group of partners working rapidly towards the public network launch. In the coming weeks and months more information will be released on Forta agent development, network architecture, security, node running, agent reviewers, protocol coverage, and application integration.