Forta Firewall is live, ushering in a new era of onchain security and compliance

Forta Firewall detects and blocks malicious transactions before execution. It can be leveraged by rollups and protocol teams to screen transactions in real-time for security and compliance risks. 

Today’s Firewall launch ushers in a new era of onchain security - where instead of just detecting threats, Firewall can prevent them. This form of protection has been table stakes in Web2 since the mid 1990s, but hasn’t been available in Web3 until now.    

A superior approach

The same way a Web2 application firewall screens and blocks malicious Internet traffic, Forta Firewall screens for malicious transactions. Firewall integrates into the transaction flow and blocks malicious transactions before they are included in a block. 

The “firewall” approach is more effective at preventing exploits than auto-pausing contracts via frontrunning because (a) it has total visibility into pending transactions (even txs submitted via private channels), and (b) it doesn’t depend on being faster than the attacker. Regardless of how the exploit is submitted, and how efficient it is (atomic vs. multiple transactions), it must pass through the Firewall before it can be executed.

Embedding these basic security protections into rollups and protocols gives developers and end users more peace of mind that their assets are safe, and will help scale DeFi and RWA adoption. 

Breakthrough AI

Building on over two years of the Forta community’s work in machine learning-based threat detection, Firewall uses an advanced AI model called FORTRESS that examines transaction logs to analyze and detect high risk transactions. Each transaction simulated and screened by FORTRESS receives a risk score from 0 to 1. The closer the score is to 1, the more likely it is malicious. Each rollup and protocol that uses Firewall sets their desired threshold, above which transactions are blocked at the firewall. 

FORTRESS has been trained on past exploits, and is fine-tuned on a regular basis as Firewall screens new transactions. In terms of performance, FORTRESS runs in < 50 milliseconds, and can detect > 99% of exploits (recall), with a false positive rate of < 0.001% (1 in 100,000 txs).

Here’s a graph showing the risk score distribution for a range of blocks on Base that included the SumerMoney exploit in April. As you can see, FORTRESS correctly identified the exploit transaction on the far right. While there were two other transactions that received higher risk scores, they were within the acceptable range. Only the exploit tx would have been blocked by Firewall.

For Rollups and Protocols

Firewall can be integrated directly into rollups and smart contract protocols. For rollups, Forta works with a rollup’s RaaS provider to route transaction activity to Firewall for screening. High risk transactions are flagged and filtered out before they get to the sequencer. Firewall users can also select to enforce that transactions pass regulatory compliance checks, such as OFAC.

While Firewall can easily be enabled by any RaaS provider, Forta has already partnered with Conduit, the largest provider with over 300 rollup customers. Conduit rollups can opt-into Firewall protection during the configuration process and have security and basic compliance screening enabled at launch.

For protocols, Firewall integrates at the smart contract level via the Firewall Proxy contract. Incorporating the Firewall proxy takes minutes and doesn’t require additional audits. 

Firewall is backed by the Forta Chain, a Layer 3 that provides decentralized verifiability for all Firewall activities, and censorship resistance for users.

You can learn more about Firewall and the integration process in the docs. 

Launch Partners

We’re excited to launch Firewall alongside teams like Euler, Plume, and Balmy. They are some of the most forward thinking and sophisticated with respect to security, and are helping set a new standard in the industry. 

More details on these integrations and use cases will be released over the next weeks.

If you want your rollup or protocol to be protected by Forta Firewall, please contact the Foundation here. 

‍