Forta is a rapidly expanding decentralised network that monitors and detects real-time threats and irregularities on blockchain activity such as NFTs, DeFi, bridges, governance, and all Web3 systems.
Early detection monitoring can help prevent a Web3 attack from escalating, and timely security alerts can significantly aid damage limitation by minimising the loss of assets.
Since launching in 2021, Forta has made significant progress, with over 13 thousand alert subscriptions, flagging $1.75 billion in hacks, and monitoring over $36 billion in total value locked (TVL).
Moreover, Forta currently safeguards over 52 per cent of the top 30 DeFi protocols in TVL, such as:
- Lido
- Polygon
- Maker
- Liquidity
- Poly Network
- UMA
- Gnosis
- Balancer
- Alpaca Finance
- Compound and more
Now, to better understand the Forta ecosystem, its usability and the value-add propositions, it is productive to dive deeper into how the protocol works on a more technical level.
How Forta Works
The Forta Network consists of two primary components, with these being:
- Detection Bots: Scripts looking for smart contract state changes and transaction characteristics on a specific chain
- Scan Nodes: For block transactions, the nodes run 24/7, checking and detecting specific events or conditions and emitting an alert (stored on IPFS)
In addition, Forta keeps automated public records of all alerts so that anyone wishing to check smart contract security can access them via Forta Explorer alerts or the API.
Forta has over 12,000 community-run Scan Nodes, executing Detection Bots for each new block and every transaction on a specific blockchain network and providing multichain support across seven of the leading blockchains, with these being:
- Ethereum
- Polygon
- BSC
- Avalanche
- Optimism
- Arbitrum
- Fantom
Now, this, of course, begs the question: Why does the Web3 economy need Forta and its threat detection network?
Forta: An Essential Tool For Protocol Security
Web3 is advancing at an incredible speed, and it’s simply impossible for a centralised entity to monitor real-time activity 24/7 in an entirely proficient manner. For instance, in the first quarter of 2022, hacks and exploits were responsible for over $1 billion in losses in Web3 alone, and some remained undiscovered for days after the breach.
To counter this, Forta sets the industry standard for real-time operational monitoring and threat detection in Web3. And it does this via accurate and timely alerts that can help neutralise threats and minimise potential losses.
Historically, blockchain and Web3 hacks have happened in multiple different ways, and these can generally be categorised into the following stages, with these being:
- Funding: The cybercriminal needs funds to execute trades, pay gas fees or for collateral for borrowing.
- Preparation: For example, before the exploitation occurs, the hacker may have to set up a smart contract.
- Exploitation: The stage where the attacker takes funds from users or smart contracts. There are numerous types of approaches at the exploitation stage.
- Money Laundering: Once the attacker has accessed the funds, they launder them through privacy-oriented protocols.
In the early stages, alerts may raise community awareness, but automated or manual alerts may trigger as the attacker progresses. In the last step, a protocol could instigate a total shutdown, thus preventing further losses.
Forta’s community-created Detection Bots can be protocol-specific or generic. Either way, the bot detects security-related issues.
Forta’s Threat Detection Kits
Forta has five protection kits to help you monitor and protect your Web3 projects and assets without needing a custom-made bot. Each kit consists of:
- Security Detection Bots
- Bot Templates created by security experts and the Forta community
The design of each kit monitors and detects specific parts of a Web3 ecosystem, with each kit specifically designed to cater for a particular use case, with these being the Bridge Threat Detection Kit, DeFi Threat Detection Kit, Governance Threat Detection Kit, NFT Threat Detection Kit and the Stablecoin Threat Detection Kit.
To showcase the set of advantages inherent in Forta Network’s technology, let us now outline a few instances of real-world use cases for Forta’s real-time threat detection protocol, with social engineering being a prime example.
Examples Of Real-World Use
Spoofing and social engineering are commonplace on DeFi platforms, especially on the front end, where attackers can set up an identical front-end user interface and trick users into signing malicious contracts.
Forta’s community-built social engineering Detection Bot monitors incoming contract transactions and compares addresses with a list of legitimate contracts. If the bot finds a similar address to an existing contract, it will automatically deliver a Forta alert to the subscriber, highlighting the existence of a potentially malicious contract.
The Social Engineering Bot In Action
Via the Convex Finance website, an unverified contract asked for user approval. The contract had identical first and last four characters of a verified Convex contract.
The unverified contract requested a signature by making it look like a Convex Finance contract. This type of attack is called ice phishing, a typical social engineering attack. Funds go to the attacker’s address if a malicious contract is approved.
The Forta Detection Bot can detect a malicious contract even when the first and last three characters of a contract are the same, and it’s programmed to execute an instant alert automatically. Subsequently, a potentially incredibly damaging situation is averted.
Forta Resources for Developers
Forta offers exceptional developer support, understanding that providing the best resources aids in attracting developers to create high-quality Detection Bots for the Forta Network:
- The Forta SDK helps developers understand the Forta bot development, core concepts, and architecture.
- The Bot Wizard is a no-code tool to quickly create Forta Detection Bots in a few minutes or even seconds. In addition, Forta has a range of community-developed Forta Detection Bot templates. Moreover, there are examples of potential use cases with little to no configuration needed.
- The Forta Detection Bot CLI is a tool for initialising projects.
- The Forta Hardhat plugin is an existing Hardhat projects can integrate Forta, keeping security and operational monitoring alongside smart contracts.
- Best Practices. Learning Forta best practices enables developers to learn how to develop successful Detection Bots.
The Forta Network currently has over 1 thousand developers, adding high-quality operational Detection Bots on a daily basis to the network.
Furthermore, Forta provides in-depth tutorials for beginners, such as the basics of building a Detection Bot. In addition, users can subscribe to real-time alerts on events or follow the progress of chosen projects.
Moreover, Forta has created a themed level on The Ethernaut, a popular Web3/Solidity war game, where players can create a Detection Bot within the game to assess potential security issues.
Forta Governance Council: A United Community
Holistically speaking, Forta Network’s core mission is to monitor all blockchain transactions and protect all assets in Web3. Forta is a public utility that serves the DeFi, DAO, and NFT ecosystems.
Forta’s vision is that a permissionless platform is the only solution to address the evolving risk factors. The formation of the initial Forta Governance Council in June 2022 includes ecosystem experts and early Forta community members.
Community involvement is an essential requirement for Web3 monitoring and security, and the Forta community is evolving rapidly. It is committed to developing a more substantial base of security professionals, engineers, developers, and infrastructure providers.
The Forta Foundation also plays a vital role in the ecosystem, with a mission to steward the continued evolution of the Forta Network by facilitating the collective action of its community. The Foundation focuses on building on the success of the Forta Network by encouraging top talent to embrace the Forta ecosystem and join the community by assisting with related product development, Scan Node operation, and creating more Detection Bots.
The FORT Network Token
A significant milestone for Forta was the launch of FORT, an ERC-20 token, in June 2022, thus creating a permissionless network. The token launch enables global users to contribute to the network’s security by operating a Scan Node or a signal on a Detection Bot.
The total supply of FORT tokens is capped at 1 billion FORT. The coin is listed within the top 500 on CoinMarketCap of over 20,000 listed coins, with a circulating supply of 162,129,566 FORT, as of September 2022.
As it pertains to token utility, Forta uses a work token model to ensure the integrity and accuracy of the Forta Network, and virtually anyone can stake FORT tokens to signal the quality of Detection Bots in the network.
There are two primary uses necessary for effective network functioning, being Scan Node Runner Staking and Detection Bot Signalling.
Bottom Line
Forta is the first decentralised detection network for real-time operational monitoring of blockchain activity. Forta made an impressive beginning with significant backing of 23 million dollars from industry giants.
Forta has attracted some of the leading and most reputable DeFi protocols in a short period of time and now takes care of threats and security alerts for some of the top DeFi protocols. In addition, with the launch of the FORT token only a few months ago, the network continues to reach impressive milestones.
