Forta Agent Development by Arbitrary Execution

• Overview

Arbitrary Execution (AE) is requesting a grant to develop a suite of monitoring agents on the Forta Network for the Synthetix Protocol.

Forta is the first decentralized runtime security network for smart contracts. The goal of Forta is to detect threats and other system critical issues as soon as possible. By providing users with timely and useful information about the security and stability of their systems, they have an opportunity to react and take defensive action, preventing or minimizing loss of funds.

The Forta Network has two main components - agents and nodes. Agents are pieces of logic (scripts) that look for certain transaction characteristics or state changes on smart contracts across any Layer 1, Layer 2, or sidechain. Nodes run agents against each mined block of transactions. When the agents detect a specific condition or event, the network emits an alert which is stored on IPFS and linked on a public blockchain. Forta will also maintain an automated public registry of all alerts, and anyone interested in the security of a contract can consume relevant alerts via the Forta Explorer Web UI or through the Forta API.

AE would work with the Synthetix team to create a list of approximately six Forta agents for AE to develop. Below is a list of example agents that we believe could be useful and demonstrate what is possible. We can also make many of the behaviors configurable so that the Synthetix team can adjust thresholds and other parameters to make them more or less sensitive.

Agent Examples:

Governance and Admin Events Monitor events emitted from Synthetix smart contracts. The list of monitored events are settable through a JSON file.

Price Oracle Stale Age of any price oracle exceeds 24 hours.

Address Watch Monitor transactions involving addresses from a watchlist.

High Gas Price, High Gas Used Gas price or amount of gas used in a transaction interacting with Synthetix protocol smart contracts exceeds a threshold.

High Transaction Amount Monitor any Synthetix transaction whose value exceeds a threshold.

• Value to the Synthetix Protocol or Community

We believe a decentralized runtime security network is a critical component of a global, open financial system. Whereas security audits focus on pre-launch vulnerability detection in smart contract code, Forta will actively monitor protocol activity post-launch and generate important alerts.

We anticipate the users of Forta will be protocol teams, as well as large or institutional investors, insurance protocols and companies, financial institutions interacting with DeFi infrastructure, and regulators.

For the Synthetix core team, We believe the value of Forta is to prevent and/or mitigate the impact of malicious activity, and generally have better visibility over your system’s health and performance, and the health and performance of other third-party contracts you rely on.

For sophisticated investors, Forta will provide more information about system critical events and issues.

For insurance and related applications, Forta will provide important data for accurately pricing risk involved in decentralized finance positions.

For the future, Forta will help manage risks that are currently keeping larger financial institutions (banks, fintechs) on the sidelines, providing regulators with more visibility into the risks and vulnerabilities that affect critical financial infrastructure.

• Applicant Background

Arbitrary Execution (AE) is a blockchain security company made up of security researchers that provides services for smart contract auditing, design consulting, software research and development, and training. AE's security researchers have extensive experience in finding exploitable vulnerabilites both on and off the blockchain.

AE has been actively involved in the pre-launch beta testing of the Forta network and has extensive experience developing Forta agents similar to the agents being proposed for this grant for Perp.Fi, UniSwap, UMA and Aave.

Arbitrary Execution Home: https://www.arbitraryexecution.com/ Github: https://github.com/arbitraryexecution Twitter: https://twitter.com/Arbitrary_Exec Blog: https://medium.com/@arbitrary_execution

• Implementation Plan

AE will deliver the agreed upon agents, three weeks from the start of the project.

AE will develop, test and perform a code review of each agent prior to submission to the Forta Network. As an additional quality control measure, the Forta team will perform a secondary review of the agent prior to submission. If necessary, the Synthetix team may perform a separate review of the agents prior to submission to the network.

Assuming the agents developed under this grant monitor for legitimate risks and are devoid of any quality issues, we expect them to be approved.

Agent code, documentation and tests will be made available in AE’s public repository unless otherwise dictated by Synthetix.

• Funding Required ($ Value)

$30,000