Forta — first DeFi runtime security protocol for smart contracts, incubated by OpenZeppelin

The main idea of this project is that protocols, DAOs, investors and individuals can use Forta to monitor every transaction and receive alerts on events related to security, finance, operations and governance, at levels 1, 2 and side chains.

What is “Layer 1” and “Layer 2” and what is the difference between them?

Layer 1 is the first layer of the Open Systems Interconnection (OSI) model. Layer 1 consists of various network equipment and transmission technologies used in networks. This layer is the first and serves as the foundation, the fundamental layer under the logical data structures of the other higher layer network functions. This is considered the hardest level simply because of all the possible combinations of equipment. Layer 1 is also known as the physical layer.

Meanwhile, layer 2 refers to the second layer of the Open Systems Interconnection (OSI) model, which is the data link layer. At layer 2, data packets are encoded and decoded into real bits. This is the protocol layer that enables the transfer of data between neighboring network nodes on a network segment, such as a local area network or a wide area network.

However, it is worth noting the fact that since 2015, when Ethereum was launched, the process of developing smart contracts and security issues have changed almost beyond recognition. Today, both auditing and the issue of code library reuse have become the standard. But with all the regularity and standardization, in terms of efficiency, these tools are far from perfect. Once a smart contract is deployed on the blockchain, the risk profile changes. New risk vectors are issues of contract management, issues of contract interaction with other contracts, the reaction of contracts to unforeseen events in the market — all this is becoming a new reality of risk monitoring policy. And this means that your code may well work, but this does not exclude the presence of problems.

The issue of smart contract security is a matter of continuous development, not to mention that monitoring of threats or other possible problems after deployment should not be underestimated — these aspects are as significant as similar actions before deployment.

The active monitoring and protection of running systems in Web 2.0 is called “runtime security.” And it is worth noting that today there are many worthy solutions in this topic that ensure the security of applications and systems at a very decent level. However, there are no comparable proposals for smart contracts yet.

Solution development

2015 is marked by another important moment — the OpenZeppelin platform focused on making the process of developing smart contracts as simple and at the same time as safe as possible. And, thanks to their library, tens of thousands of developers have been able to create an infinite number of assets and applications on Ethereum, and using their audits, which rightfully occupy a leading position in the market, it is possible to ensure that errors and code vulnerabilities are detected and eliminated before deployment.

And the Defender platform is now used by hundreds of projects to automate smart contract operations after deployment. And, as is usually the case, as they delved deeper into security practices, the OpenZeppelin team quickly realized that the weak point of the entire chain was in a reliable and flexible runtime solution.

After conducting dozens of conversations and analyzing hacks over the past 18 months, it became clear that it was necessary to focus on two important points:

early detection — this mechanism will not only minimize the facts of a significant loss of funds, but also prevent such cases in general,
with a clear advantage of decentralized solutions, the problem of the deadline remains relevant — the problem of time.

To sum up, OpenZeppelin has developed a prototype that has evolved tremendously over the past year thanks to feedback and input from the Forta community.

Forta — “CCTV cameras and alarms for an open economy”

The goal of the project is to detect threats and other critical system problems in real time. By providing users with timely and actionable information about the security and stability of their systems, they are empowered to respond and take protective actions to prevent or minimize losses and other issues.

What does the Forta protocol consist of?

Forta consists of two main components — agents and nodes.

Agents are certain scripts or pieces of logic whose task is to find certain characteristics of transactions or any state changes that can be identified as anomalies at any of the two levels of smart contracts or a side chain. Nodes are used to launch agents for each specific block of transactions. At the moment when agents detect a state or event that matches certain parameters, the network immediately issues an alert, which is subsequently stored in IPFS and associated with the public block chain. Forta will also maintain an automatic public registry of all alerts, and anyone interested in the security of the contract can receive relevant alerts through the explorer or through the API.

The value is also a negative signal — agents work around the clock and seven days a week. Forta assumes the maintenance of an automatic record of the agents that were launched by each node for each block.