Forta is excited to announce that Compound, one of the largest and most trusted DeFi protocols, is using Forta to detect critical security and operational risks in real-time.
Launched in 2018, Compound is an algorithmic, autonomous interest rate protocol built for developers, to unlock a universe of open financial applications.
In December 2021, the Compound DAO approved a proposal from OpenZeppelin to provide the protocol with continuous audit and security services. Real-time monitoring and alerting via Forta was one component of the security services.
OpenZeppelin solicited the support of a Forta community member, Arbitrary Execution, to assist with bot development. Since February, OpenZeppelin and Arbitrary Execution have worked closely with the Compound community to define and develop a suite of Forta bots that monitor for suspicious activity in the Compound protocol.
Protocol components being monitored by Forta include:
– Community Multisig Transaction Monitor – This Detection Bot monitors the Compound Community Multisig smart contract for important transactions, including adding/removing owners, assigning a new Pause Guardian, setting a new Borrow Cap, etc.
– Low Liquidity Market Attack Monitor – This Detection Bot monitors Compound Finance cToken contracts that have low liquidity for potential market attacks where a malicious actor mints cTokens and then transfers additional tokens in order to unbalance the contract such that subsequent mints will not yield cTokens.
– cToken Underlying Asset Monitor – This bot monitors the underlying assets of Compound Finance cToken contracts. First it determines which assets are deployed using upgradable proxy contracts and then it monitors those contracts for any upgrade events to detect when the implementation for a cToken’s underlying asset may have changed.
Other aspects of the Compound protocol being monitored by Forta include GovernorBravo events, COMP distributions, oracle pricing, and large borrows involved in governance activity.
“The promise of Forta as a decentralized solution to tracking and responding to protocol threats is immense. The solution OpenZeppelin setup for the Compound Protocol is far more comprehensive than I imagined their first pass at such a system could be,” said Jared Flatow, VP of Engineering
Alerts are currently publicly available via a dedicated “Alerts” discord channel. Eventually, all Forta alerts will be made publicly available to the community via a custom Dune Analytics dashboard that is currently under development.
Incubated by OpenZeppelin, Forta is the first decentralized network delivering real-time intelligence on the security and health of Web3 core infrastructure and dApps. Protocols, DAOs, investors and individuals can use Forta to receive real time insights on security, financial, operational and governance related events on L1s, L2s and sidechains.