BlockSec and Forta Work to Secure Web3 Beyond Audits

Article by Forta Network Jan. 20, 2023

It takes a village to raise a child. Similarly, it takes a community to secure Web3. Fortunately, the Forta community just got a little bigger as BlockSec is now actively working with the Forta Foundation to improve threat detection and create safeguards for end users. BlockSec is a team dedicated to building blockchain security infrastructure founded by top-notch security researchers and experienced experts from both academia and industry.

In collaboration with BlockSec, a number of initiatives have sprung up. Forta researchers are working with their team on a number of Forta detection bots, including their own version of a Forta-based attack detector. Inside of BlockSec’s MetaDock extension, a Forta integration will be added to all blockchain explorers, exposing hackers and scams that the network has uncovered.

Along with creating a suite of blockchain security tools, BlockSec is a top notch auditing firm. As it stands, the commonly accepted way to secure a DeFi project is code auditing. It is the view of the BlockSec team that, while auditing has irreplaceable value, it is not enough due to the following reasons. First, code auditing with both static and dynamic analysis techniques cannot explore the attack surface of the entire program.  Thus, vulnerabilities might still exist even after the code auditing. There are many cases of projects audited by reputable security firms have been exploited in recent years. Second, new attack surfaces may emerge from the updated code (or changed configuration) that are not covered during the original code audit.  Third, DeFi LEGOs integrate a series of external contracts. Issues in the integrated contracts (that are not covered by the code audit) may also bring risks. 

Their team believes that in addition to audits before the code is deployed, monitoring is a proactive approach to mitigating the Web3 threats. By actively monitoring all transactions interacting with a project, ongoing attacks can be detected promptly and corresponding mitigations and emergency response can then be performed to prevent further loss. In fact, BlockSec has demonstrated the effectiveness of this proactive approach, managing to successfully monitor and even block the attacks on Saddle Finance in April 2022, and saving the protocol $3.8M.    

“By using Forta, we can focus on the threat detection logic instead of spending lots of time and effort on the underlying infrastructure. Besides, we can leverage the bots from the community and combine them to build our product instead of developing from scratch,” says Andy Zhou, CEO at BlockSec.  

The alpha version of BlockSec’s Forta integration and detection bot is already online (subscriptions are welcome), and more bots are on the way. Stay tuned to the official Forta Twitter for more updates on BlockSec’s bots and their upcoming Metadock extension integration.