FORTA - Web3 security for everyone

[goldenbitC]

 
Real-time security & operational monitoring

Forta is a decentralized monitoring network for real-time detection of threats and anomalies in DeFi, NFT, management, bridging and other Web3 systems.



Forta is based on a decentralized network of independent node operators that scan all transactions and block state changes for extraneous transactions and threats. When a problem is detected, the node operators send alerts to subscribers about potential risks, allowing them to take action.

Supported circuits
The future is in multichain. That's why Forta continues to expand into the evolving landscape of new L1 and L2, offering runtime monitoring and anomaly detection for Ethereum, Avalanche, Polygon, BNB Chain, Fantom, Arbitrum and Optimism.   


Forta launches with $23M to bring better security to smart contracts

Blockchain cybersecurity startup OpenZeppelin this morning announced a $23 million investment in Forta, a security service aimed at smart contracts.

Andreessen Horowitz led the round, which OpenZeppelin CEO and co-founder Demian Brener described as 3x oversubscribed. The investment also attracted capital from Coinbase Ventures, True Ventures and Blockchain Capital, among others.

Per Brener, OpenZeppelin will retain a stake in Forta.


Forta is a neat project that comes at an interesting point for the larger blockchain community. When bitcoin came to market, it attracted interest as a potential medium of exchange, or perhaps a store of value. The latter use case wound up being the key bitcoin value offering. But while bitcoin was maturing, other blockchains were built that featured more native programmability, allowing developers around the world to leverage smart (self-executing) contracts for a host of use cases.

Why Forta?
As the value and complexity of the Web3 economy grows, security has become increasingly important. More than $1 billion was lost in the first quarter of 2022 due to hacks and exploits, some of which were not discovered until days after the attack. The need for real-time security and rapid monitoring has become apparent, allowing protocols and investors to react quickly to neutralize threats and prevent or minimize loss of funds.

However, the high speed at which the Web3 industry is evolving makes it difficult to monitor it all centrally. That's where Forta comes in.

Investors

Raised $23mn from Coinbase Ventures, a16z, BlockChain Capital, Blue Yard, Place holder and others.
 



How Forta works
The Forta network consists of two main components - detection bots and scanning nodes. Detection bots are pieces of logic (scripts) that look for certain transaction characteristics or state changes (such as anomaly detection) in smart contracts in any supported chain. Nodes run detection bots for each block of transactions. When the bots detect a particular state or event, the network issues an alert, which is stored in IPFS. Forta will also maintain an automated public registry of all alerts, and anyone interested in contract security can receive relevant alerts through the Forta Explorer or API .

There is also value in a negative alert - the knowledge that detector bots operate 24/7 and do not trigger alerts. Forta will keep an automatic record of the detector bots triggered by each node for each block.
 
Network Roles

Alert subscribers.
 
Protocols, DAOs, investors and individuals can use Forta to monitor transactional transactions and receive alerts for security, financial, operational and governance events at Layers 1, 2 and sidechains.

You can subscribe to Forta data feeds through various applications including the Forta app , OpenZeppelin Defender or directly using Forta's publicly available API .

Notification Channels
 
By default, detector bot alerts are sent from scanning nodes to the Forta-supported ElasticSearch database and then displayed in the Forta Explorer toolbar. If the detector bot is specified as private, the alerts will not display on the Forta Explorer toolbar, but they will still be available through the Forta Public GraphQL API using queries specifying the detector bot ID. Forta detection bots have several built-in options and a number of advanced options for accessing alerts:

Subscriptions through the Forta app - current email address and/or Slack web interceptor, but you can request the Forta Foundation to add other options.
OpenZeppelin Defender Forta Sentinels - monitors Forta's public API for new alerts and delivers those alerts to Defender autotasks and/or Defender notifications (email, Discord, Slack, Datadog, Telegram, other web interceptors).
Customized solution - manually polling Forta's public API on a local computer or a computer hosted in the cloud.
Transferring data directly from the Forta discovery bot to an external API endpoint. As with data sources, there is no mechanism to keep the API key secret. This is reckless.
 
Response to alerts
 
Performing actions online from the Forta detection bot is not recommended, given the publicly available nature of the Forta detection bot code and any keys it may use. However, Forta detection bot alerts can be monitored using OpenZeppelin Defender Forta Sentinels, as long as the Defender account is private (i.e., password protected). When a Forta Sentinel detects a new alert from a particular Forta detection bot, it can execute a Defender autotask to initiate transactions in the chain to invoke certain contract methods, such as pause(). Defender autotasks are JavaScript scripts that can perform operations similar to Forta discovery bots, including interacting with external APIs to retrieve or publish data.

Private monitoring
 
There are several options for users who prefer private monitoring. Forta bots are not required to publish their source code, and bot code in a deployed container can be obfuscated in various ways, as described in the Forta documentation . Alert output from bots can be encoded or encrypted. For users who prefer to deploy bots in a private environment without public access or who simply need redundancy for their bots on the public network, Forta can also support such users using private nodes that remain completely independent of the Forta public network and do not participate in public assignment of detector bots or public broadcast of detector bot results.

Detecting Bot Developers
 
The tools for monitoring smart contracts on Forta are called detection bots - virtual security cameras that broadcast a publicly available feed. Any developer can write and publish a detection bot on the Forta network, and anyone can subscribe to the bot and receive its alerts. The more detection bots running on Forta, the safer Web3 becomes.

You can develop and deploy your own detection bots to Forta using the SDK. There are many templates and examples you can work with. There are also a growing number of #DevelopmentTeam s that you can hire to develop Forta bots for your project (visit the bot development marketplace or contact the Forta Foundation at info@forta .org for more information).

If you are an independent developer who wants to develop bots for discovery, you can visit the Forta bot development marketplace to learn about requests for proposals, apply for grants or participate in Forta development contests, which are announced in Forta Discord - https://discord.gg/uDs6h8XKTJ
 
Scan node operators
 
Scan node operators run detection bots, which are directed to them by the Forta manager, for each block of transactions. When the bots detect a particular state or event, the network issues an alert, which is stored in IPFS. If you want to become a node operator, go to the following link .

Security
 
Betting will be required to allow scanning nodes to be detected on the network and to issue alerts, and Forta detection bots can bet on signal quality.

Bots are executed in separate containers and cannot affect scanning nodes or other bots. Detection bots are further constrained in various ways by scanning nodes at runtime, and bot output can be verified by users and community members, and malicious, redundant or inaccurate detection bots are cut off and disabled.

Scanning nodes must provide scan confirmation for each block, which ensures that the community can be monitored. Malicious or inaccurate scanning nodes can be cut off and disabled.

Forta smart contracts, node software and other network components are regularly checked for security and reports will be published.

How does Forta provide reliable monitoring?

Forta reliability is achieved by detecting bot redundancy and monitoring and enforcing community scanning node service levels. In a public network, Forta detection bots are assigned to multiple scanning nodes with periodic reassignment. The scanning nodes must provide a rate and must provide scan confirmation for each unit. Scanning nodes are monitored for reliability and disconnected if they do not meet the community's established service levels.

How are Forta alerts and findings verified?
 
Forta scanning nodes collect data from detection bots for each block, and then store the scan confirmation in IPFS and transmit the detection information to the Forta analyzer node. Users can obtain detailed information from the Forta parser node through a public API, which can be verified based on the confirmation of scan data in IPFS. The analyzer node performs data indexing and can provide additional analysis.

Fees
 
There are currently no fees for subscribing to Forta alerts or running bots, although Forta encourages projects to fund experienced developers to build quality Forta detection bots for their specific use cases.

Managing

The decentralized architecture of the Forta Network supports a growing community of node operators, detection bot developers and the ecosystem built around it. Forta's vision assumes that only a community-based platform will be powerful enough to handle the rapidly changing risk landscape in blockchains, where each new smart contract deployed introduces new risk vectors that can affect thousands of interconnected protocols and millions of users.

The integral part is that the management of the Forta Network architecture is also decentralized, to ensure that Forta remains an open platform without permissions, available to anyone who wants to use it or build upon it. In addition, the Forta community should be able to influence the evolution of the Web along with the evolution of Web3.

The Forta Foundation is an independent non-profit organization (the "Foundation") that owns certain assets (e.g., public and open source intellectual property, Github repositories and FORT tokens) on the Web and will help manage Forta by its community members. To further decentralize the management of Forta, the Foundation has introduced a community management system consisting of two main components:
 
Forta Proposal Process - a formal but flexible structure designed for community self-organization and suggestion, as well as voting support by FORT token holders; and
Forta Governance Board - decision-making authority was delegated by the community to the initial board of representatives elected by FORT token holders, which always allowed the community to provide input and share opinions as part of the Forta Proposal Process.
The initial governance of the Forta community was simple by design and based on key takeaways from the current state of Web3 governance:

Complex governance systems can lead to voter fatigue and apathy
Radical democracy entails plutocracy, and it takes time for tokens to spread widely among Web users.
Governance must be flexible enough to meet the unique needs of each community as they arise.
Stakeholders in a network such as Forta go beyond token holders and must be represented by
Proposals to change the protocol should be public and unauthorized, and decision makers should be accountable to the community.
Governance should be minimized over time as the protocol tightens.
The initial community governance structure should allow anyone to easily participate in shaping the evolution of Forta, allowing the Network to evolve naturally over time. It should also maintain the network security and reliability necessary for Forta to fulfill its mission of monitoring all transactions and protecting all assets on the Web3.

Forta's Governance Council
 
The mission of the Council is to manage the ongoing evolution of the Forta network by facilitating collective action by its community. The initial council is a group of early Forta community members and ecosystem experts elected by a vote of FORT token holders .

The council reduces the need for individual voters to actively participate in every single governance issue. This saves an individual's attention for as long as it really matters, reducing the risk of community members feeling voter fatigue and apathy. Importantly, any community member can always share an opinion, make suggestions and/or express support by voting with FORT tokens in the Forta Proposal Process on changes and issues important to them. This does not preclude any other form of community involvement, including direct contact with other community members or directly with the Board.

The Board Charter establishes the Board's governance powers and responsibilities, which, in short, allow the Board to:

Support initiatives that contribute to the growth and sustainability of Forta
Contribute to the development of features and changes to the Network or related products and services.
Incorporate Forta security programs to ensure the long-term security of the Web and security procedures so that Forta can respond to potential vulnerabilities.
Educate the Web3 ecosystem about the importance of decentralized security at runtime and champion the concept of Forta and a decentralized network.
Engage and retain node execs, bot developers, core developers, and other community members through community building and marketing initiatives.
Take actions that would otherwise further the Council's mission.
The Board can usually exercise its authority under the Bylaws on a majority vote, although a two-thirds majority vote is required to appoint or remove other Board members. If Board members do not connect with and properly represent the community, the community can lobby the Board to remove a Board member, through an FPP proposal or directly.

The Council also has signature administrator rights over Forta's multi-signature wallets based on a majority of M of N, as well as authority over any Foundation accounts.

The Board should help reduce the real problems that can be created by the more complex governance system put in place from the beginning, which requires a FORT token holder vote on every single issue. The initial governance council should reduce the burden on FORT holders, who need to keep up with an ever-changing system that gives them more time and attention that can be used to create value in the Forta network, fulfilling their mission of monitoring all transactions and protecting all assets in Web3. 


 
And if you've seen to the end, I want to show you my game made for the Forta Network - https://liluo.io/instant-builds/525d638c-1768-4d32-a2b6-d87c1c434be0
 


Website -  https://forta.org/
Docs - https://docs.forta.network/en/latest/?_gl=1*15njhd9*_ga*MTQ4NjI4Nzc0Mi4xNjYxNzEzMjYz*_ga_3ERDDVRGQQ*MTY2MTcxMzI2Mi4xLjEuMTY2MTcxNjgwMi4wLjAuMA..
Discord - https://discord.com/invite/fortanetwork
Coinmarketcap - https://coinmarketcap.com/currencies/forta/markets/ 
Github -  https://github.com/forta-network
Twitter - https://twitter.com/fortanetwork
Media kit - https://forta.notion.site/Media-assets-e27d30d096d24627a1cb8a3b77880dfe

[goldenbitC]

Hello) Article at the top