Over the past months, we are very glad to see developers are paying more attention to security threats and best practices. Besides rigorous internal code reviews and external auditings, we are frequently asked by our customers: what we should do to keep our protocol safe once it's deployed on the chain. Indeed, we keep asking ourselves the same question too. We believe the on-chain monitoring could be the missing piece of the full lifecycle security.
Please don't get us wrong. The code reviews and auditings are still crucial to discover critical vulnerabilities before deployment. In fact, most attacks took advantage of missing proper account validations. Since it's relatively well known and targets security threats before deployment, we will skip this topic in this post.
When analyzing the steps in previous attacks, we made quite a few very exciting common observations that distinguish malicious attacks from normal transactions:
Inspired by those observations, we have been keeping our heads down and developing a monitoring service that can identify common attacking scenarios, learn from normal interactions, detect abnormal transactions, and alert/stop suspicious transitions.
Recently, we proudly announced sec3 WatchTower: Smart Monitor for Smart Contracts that provides pro-active and customizable monitoring services to detect several built-in attack scenarios as well as extendable abnormal transactions. We hope the sec3 WatchTower could contribute to post-deployment security and provide developers some peace of mind.
sec3 is a security research firm that prepares Solana projects for millions of users. sec3’s Launch Audit is a rigorous, researcher-led code examination that investigates and certifies mainnet-grade smart contracts; sec3’s continuous auditing software platform, X-ray, integrates with GitHub to progressively scan pull requests, helping projects fortify code before deployment; and sec3’s post-deployment security solution, WatchTower, ensures funds stay safe. sec3 is building technology-based scalable solutions for Web3 projects to ensure protocols stay safe as they scale.
To learn more about sec3, please visit https://www.sec3.dev