Greetings, dear readers!
Since our previous review digest, the Web3 ecosystem has undergone a major paradigm shift. It’s been a few weeks since then…
Originally posted here:
So today, in the following digest piece, we’ll talk about the most recent news, how it affects (and will affect) industry and our Spotter project, and, of course, we’ll gradually add more features to our Pessimistic Spotter on-chain monitoring & defense service!
Follow:
-
spotter.pessimistic.io — Sign-up
-
pessimistic_spotter_public — Spotter Public Alerts Channel (Telegram)
I - Euler Exploit: Thoughts
As you probably already know, the whole DeFi industry was very painfully hit by the recent hack of the Euler protocol. The incident left the protocol devastated and led to a chain of damage to the entire Lego-based DeFi ecosystem…
PoC
-
Business-logic-flaw PoC
Despite the fact that only one of the 6 audits covered vulnerable code in one way or another, the event cast a shadow over the auditing business and the entire industry and forced the public to raise important questions:
We don’t tend to underestimate this threat and at the same time want to say that this just proves once again the importance of monitoring — as another layer of security. But did you know we could have prevented it?
Take a look:
Check Out:
You may be wondering if monitoring is useful for contracts that lack upgradeability or killswitches. Yes, but not in attacks like the one against Euler. Only a killswitch would have made a difference in this situation.
To make it more clear to you, please read on! Read more about MEV here or here! Check out my blog’s navigation page as well!
The reason why you shouldn’t solely rely on the mempool monitoring is explained below, but first, we want to admit that we have already discussed how our Spotter addresses and overcomes it:
Some may say that such systems will be inconvenient to use and will raise questions among users, but we have a different vision, which is that it is worth normalizing such a process.
As sites use DDoS protection, so we can use our system in the same way— and it can pause/halt (by implementing circuit breakers/timed withdrawals) the protocol for, let’s say, 20 minutes, until the problem is solved, or/and announce/alert/halt it instantly.
Even before the attack hit the protocol, it is also possible to get in touch with the blackhat (via RPC pop-ups, tx message or DPush-like solution) and negotiate with them for a bounty payout, as well as to offer them a special contract to make the money return easier and an escrow contract, if desired.
To counter such damaging attacks in future, we are going to collaborate with Flashbots & RPC providers to get extra seconds for our clients!
We were able to detect this certain attack on Euler Finance before the attack actually happened:
More proofs:
We also want to admit that we spotted an attack faster than PeckShield & Certik Alerts:
Forta has also detected this attack. See the tx here. Check out this very-special bot as well!
Our Spotter system is designed to respond in seconds, so we’re backtesting it on a dataset of hacks — and the results are pretty great, as we will reveal in the following articles…
We also detected an attack on ParaSpace_NFT:
Currently our Spotter does not frontrun/backrun malicious transactions, but BlockSecTeam was able to rescue 2900 ETH (more here) with using a MEV bot and their Iron Dome system.
The attacker left this message after their attack failed and they lost a lot of money on gas 🙂 :
Amazing, isn’t it? We also plan to launch an attack prevention system soon!
What can we state for sure is that Spotter really works. It predicts hacks and can save your protocol and money from big trouble one day!
II — Market research (monitoring & defense tools):
Since the topic of active protection has become very popular, we have conducted market research and identified the following projects that exist at the moment!
Here is the technology I described in 2020, and it is similar to the implementation of roughly the same web2-origin thing but in blockchain.
In my opinion, these are worthy representatives:
-
Forta (as an example, check out this bot)
We aim to be compatible with other tools and services, and we prefer to collaborate rather compete because we believe that multiple monitoring solutions will complement one another, resulting in greater ecosystem security:
I’m sure many people would correct me — if you’re building a wall of security, you have to know it better than anyone else.
There’s certainly some truth in those words, and one of the main drawbacks of these services — the complexity of configuration — also stems from them…
Spotter Product News
Our baseline ML model (it relies on readily available data) has already achieved the quality of Forta, it identifies over 50% of deployed attacks, while keeping less than 50% false positive rate!
By the end of the fourth quarter in 2023, comprehensive bytecode analysis will have yielded sufficient trustworthy data for the development of a superior ML model.
We aim to achieve a false-positive rate of less than 50% and an overall 95% detection rate!
With all said, it is also crucial to note that we want to move away from the conventional idea of dividing tools for guarding against and reporting attacks on the project and the community, and instead we want to make the system adaptable so that it can be used for a variety of purposes:
III — Fundraising News
As we finalize our project, we are communicating with various interested parties, as we are honest with you, we can now state the following:
-
Berkeley Skydeck is the top tier Silicon Valley accelerator, and we’re thrilled to announce that we’ve been invited to their first ever interview!
-
We’re happy to tell you that we’ve also just been invited to the 1st interview with Hub71, startup accelerator from Abu Dhabi — Emirate, which recently announced the plans to invest $2 billions into the development of Web3 ecosystem!
In the near future, we intend to pitch Spotter at a significant number of conferences and turn on protection for a couple of our cordial DeFi protocols & web3 projects:
This year promises to be full with exciting events! Come by whenever you like to meet our professionals!
Pessimistic.io News
Some news from our ‘‘parent’’ auditing company that we think is important enough to mention:
- Cambridge Blockchain Group has partnered with pessimistic_io to deliver world class smart contract audits. For more information visit: bit.ly/3kDBIz8. Also check out:
- In particular, articles about AAVE and Сompound have been published and endorsed as we continue our research:
To make sure you don’t miss anything, subscribe to our blog! All articles are also posted on my (Officer's Notes) personal Mirror blog!
Follow:
-
spotter.pessimistic.io — Sign-up!
-
pessimistic_spotter_public — Spotter Public Alerts Channel (Telegram)
-
blog.pessimistic.io — Follow our blog!
We also hope for your support because we think this market is crucial, first and foremost for the overall security of our industry!
You can subscribe to our blog to make sure you don’t miss any of the regular news and updates we plan to publish on the project in a special digest!
Additionally, Spotter now has a Twitter account, so follow it there as well: twitter.com/sadspotter
In the following articles we will gradually expand the functionality of our service and provide an opportunity to test it on your system. We’ll let you know the release date soon, stay tuned! 🙂
Support is very important to me, with it I can do what I love — educating users!
If you want to support my work, you can send me a donation to the address:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR