Since its launch in 2021, the Forta Network has been at the forefront of on-chain security. Forta defined the “real-time monitoring and threat detection” category. It also championed the use of artificial intelligence for early exploit detection, and continues to advance the state of the art in threat detection.
The industry is now at a point where most exploit TXs can be detected. Unfortunately, in most cases protocols cannot prevent the exploit TXs despite being able to detect them. In short, the industry’s detection capabilities are good (and constantly improving), but prevention capabilities still fall short.
So far, there has been very little focus on prevention capabilities, and that isn’t surprising. Only recently have protocols been forced to consider – “if we can catch an exploit before it occurs, what can we do about it?”
This is the most important security question facing teams today, and now the Forta community has an answer…
In collaboration with the Forta Foundation, members of the Forta community including OpenZeppelin and Nethermind are developing an exploit prevention network called “Forta Firewall” alongside a handful of projects that will be early adopters. The Forta Firewall prevention network will include new Forta nodes called Attesters and the Forta Chain. Attesters will analyze pre-chain transactions – prior to transactions being included in a block – to identify and flag those determined to be high risk, and provide a positive attestation to all the other (safe) transactions. Transactions deemed high risk, meaning those that exhibit patterns consistent with exploits, will not receive attestations and will revert in execution, thereby preventing the attack. In order to preserve censorship resistance and protect against false positives, blocked transactions will be added to a privacy-preserving timelock on the Forta chain, which will afford protocols the time to protect against exploits, while allowing users to execute the transaction after the timelock expires.
Forta Firewall’s pre-chain analysis will leverage the same techniques used today on the Forta Network for exploit detection, including transaction simulation, artificial intelligence, and anomaly detection. The Forta community has made breakthroughs in the use of AI that can perform analysis in milliseconds and identify 99%+ of exploits while maintaining a false positive rate less than 0.001%, techniques which the Forta Firewall network can utilize to stop exploits before they can be executed.
Reverting and delaying potentially malicious transactions is preferred over relying on pausing the protocol or rescuing funds. The latter approaches have proven ineffective at stopping exploits, and also have considerable downstream negative effects on good actors. Focusing on the malicious transaction is a more reliable and surgical approach, with fewer downsides.
Further details about potential network architecture, screening approaches, privacy, censorship resistance, and integration options will be released in the near future. Additionally, a Forta community governance proposal to launch a Forta Firewall testnet is expected to be brought to the community for approval in the coming weeks.
Timing is perfect to introduce this new security mechanism.
First, the Forta Network has enabled major advances in AI-based exploit detection, and there is now a wealth of real-time intelligence available for re-training and continuous improvement of risk-scoring models. Given the security exploits that continue to plague the industry, this data must be utilized in new ways that can make use of blockchain technology safer.
Second, the industry is in the early stages of the next technology adoption curve. As adoption increases and bull markets follow, crypto becomes a target and attracts even more attention from bad actors. The frequency and severity of exploits usually increase in bull markets, and this is consistent with data on the increase in exploits in H1 2024.
Finally, the barriers to launching new protocols and chains are disappearing, meaning the “long tail” of both categories will continue to grow. This will naturally lead to more feature experimentation, including security. Advanced security can be a major source of differentiation for new protocols and decentralized applications and keep users safe as the world moves on chain.
Transaction screening, depending on the implementation, has the potential for censorship. It was very important when the teams were designing Forta Firewall that they preserved decentralization, privacy, and censorship resistance, in line with the tenants of the Forta Network. The goal of the prevention network is to be a fully “Ethereum-aligned” security solution.
Some of the principles that will inform Forta Firewall design decisions include:
– DeFi protocols have the right to manage their own risk. The choice on what type of transactions/user behavior protocols accept and if/how they want to screen those transactions is defined and managed by each protocol. Different protocols will fall across the spectrum of what they deem acceptable.
– Censorship resistance. Blocked transactions go to a privacy-preserving timelock that allows execution after delay. No transaction can be blocked forever.
– Transparency through open source and on-chain attestations.
– Consensus-based detection. Utilize multiple detection techniques, all open source and leveraging the work of an open market of teams and contributors, to determine the risk of individual transactions.
– Privacy preserving. User transaction details are never publicly leaked.
The Forta Network will continue to offer a permissionless network for monitoring and threat detection, and the Forta community will determine how Forta Firewall is ultimately integrated into the Forta Network. The utility of the FORT token is expected to expand with the launch of Forta Firewall, serving as a gas token for the Forta chain among other potential uses.
More details on how the existing Forta Network infrastructure can be leveraged in Forta Firewall, and how bot developers, node runners, and other stakeholders can play a role will be discussed by the community in the coming weeks and may culminate in governance proposals to formally integrate Forta Firewall into the Forta ecosystem.
Forta Firewall is expected to launch as a testnet in Q4 later this year. More details on pilot users, partnerships and how you can participate will be available in the coming weeks and months – so stay tuned!
If you’re a DeFi protocol or rollup interested in not just detecting exploits, but preventing them, please register your interest via this form or reach out to the Forta Foundation on Telegram, Discord or via email at info@forta.org.