100,000 FORT Pledged to Gitcoin Grants to Protect Web3 From Hacks

Article by Forta Network Aug. 25, 2022

As part of Gitcoin Grants Round 15, the Forta community voted to pledge 100,000 FORT to empower detection bot developers to secure Web3. Starting now, anyone can apply for the Forta Network’s grant program.

This round of Grants begins on September 7th and ends on the 22nd. The Forta Foundation is also excited to host a Gitcoin Grants Matching Round to help fund open source projects in the Forta ecosystem using Quadratic Funding. Quadratic Funding (QF) is the mathematically optimal way to fund public goods in a democratic community. With QF, the number of unique contributors is more important than the respective amounts funded, giving power to the majority and not the wealthiest. Gitcoin has run matching rounds every quarter since the beginning of 2018 raising over $65 million dollars to fund public goods. QF has been established as a powerful mechanism to bootstrap ecosystems, support open source projects, and distribute resources in an egalitarian manner. 

The Forta Network Ecosystem Round will run as part of Gitcoin Grants Round 15. This round will be held on gitcoin.co/grants and is open to all grantees who fit the eligibility guidelines below. The matching pool is set at $30,000, paid out in FORT. Only donations during this round will be counted towards the QF distribution of the matching funds.

Program Goals

For the Forta community, the goal of participating in Gitcoin Grants Round 15 is twofold. First, to tap into the greater Web3 developer ecosystem and empower security minded engineers to develop innovative detection bots that will secure the next generation of DeFi technologies. Second, to give back to the greater decentralized community via matching grants funding the development of technologies that play important roles in Web3, like the Forta Network.

The Forta Network has two main components – detection bots and nodes. Detection bots are pieces of logic (scripts) that look for certain transaction characteristics or state changes (e.g. anomaly detection) on smart contracts across any Layer 1, Layer 2, or sidechain. Nodes run detection bots against each block of transactions. When the bots detect a specific condition or event, the network emits an alert which is stored on IPFS and linked on a public blockchain. You can find a few examples of the type of bots that the Foundation is encouraging development of below:

Attack Chain Detection: Smart contract attacks usually propagate through 4 distinct attack stages: funding, preparation, exploitation and money laundering. An existing bot (alert combiner)  triggers when each of the four stages has been observed. A more nuanced anomaly detection model could increase recall of this bot.

Attack Contract Creation Bot: 40% of DeFi hacks involve an attacker created smart contract. Based on statically analyzing the deployed code, there are plenty of detection opportunities, such as looking at function calls, deriving Abstract Syntax Tree patterns, opcodes, strings, etc.

New account bot: Attackers usually utilize new accounts; the transaction 1-100 is probably much more likely to be an attack than transaction 100+.

Tagging Library: Bots trigger on transactions/blocks and all addresses involved in a transaction are placed in the alert. A tagging library would allow bot developers to create a standardized set of fields in the meta data (e.g. attacker contract, exploited protocol address, whale, etc.).

Money laundering bots: Tornado Cash has been sanctioned and it is expected some attackers move to different services, like other privacy protocols, bridges. Further, money laundering bots merely identify the outflow so far, but often attackers trade tokens into native assets prior to the outflow. Lastly, there is an opportunity to cluster addresses together to better understand flow of digital assets (e.g. Ronin attacker).

Requirements & Eligibility:

The Forta Foundation retains discretion on which grants are eligible for matching. Disputes will be handled by the GitcoinDAO Public Goods Funding Workstream consulting with Forta representatives. Here are key factors for determining whether your project is eligible to be a grant included in the Forta Network Ecosystem Round:

  1. The Grant must be in support of, or directly advancing the Forta Network community
  2. The Grant may not have any form of quid pro quo that has financial value (a scenario in which a user gets some additional unique benefit/award in return for their donation).
  3. The Grant owner/applicant must be directly affiliated with the project, all funds must go to the project, and must be used for the purposes stated in the Grant’s details.
  4. The Grant should be focused on accomplishing detection bot development for the Forta Network (i.e.developing detection bots to protect the Web3 space).
  5. The Grant should be open source

Grants submitted after the first week of the round will not be accepted or qualify for matching. Please try to submit your project’s application before the round begins (September 7th), to ensure your grant is reviewed, approved and put into active status for the entire round. There is typically a 2 to 3 day review period after being submitted before grants are published.*

Getting started

Anyone can head over to gitcoin.org and create a Grant. Fill in the requested details and select the tags that best align with your project (make sure to select the Forta Network tag to be considered for this Ecosystem Round. Grants can have multiple tags, so please select all that apply and provide reasoning). Grants need to be approved (to be on the Gitcoin platform) and your tag of Forta Network may be removed if you do not meet the criteria above. Reach out support@gitcoin.co or in the Gitcoin Discord if you have any questions.

If you already have a Gitcoin Grant, please fill out this round eligibility form and share the relevant tag(s) to be added to your existing Grant. The Forta Foundation will verify your eligibility, and if approved your grant will be included in the round.*