Blue Team Intro

Attendees

  1. Kiba
  2. Kaila
  3. mario + Juned - blue team
  4. guellermo - sec advisor, just on call

Questions

  • Observability
    • how due you define and monitor “suspicious transactions”
      • custom monitoring + real time, anomoly prediction based on previous hacks, known attacker list, ML monitoring on pattern search -
        • user-flow based monitoring - did they
      • system monitoring - priviliged functions, private keys + roles not compromised,
      • scenario based monitoring - we give them a list.
        • E.g. a low severity audit issue we marked as “Acknowledged” but still want to make sure its not exploited
    • How to customize? We write code or just tell you what we want to look for?
      • have their own internal management tool
      • analytics per contract and tx type. track false positives
      • RedTeam creates attack scenarios
      • also finding ways to hack us not just monitoring, active penetration tests. Making sure normal user funcs operate as normal
      • we opt into getting notifications - email, telegram, notifications
      • monitoring and analytics types/formats customizable
    • What do they need from us to get started?
      • will talk to other auditors to know what are functionality.
      • deployed
        • contract commit hash + addresses + names
      • undeployed yet
        • can do special monitoring on testnets
    • Payment
    • fatfa to detect money laundering and other stuff with bots
  • Testing
    • Game theory + mechanism design stuff?
    • Agent based modeling tools, advice, advisors for smart contract + tokenomics testing? Ideally not simplistic agents - use reinforcement learning, genetic programming, etc. to adapt and evolve more complex interactions over time
    • dont do in blue team, different domain. thinking about it, in a roadmap.
      • giving more scenarios to them can help them target better

Blue Team

standard monitoring

  • priviliged functions
  • external/public user funcs

custom monitoring

  • blacklist
  • ML

scenario monitoring

Next Steps

  • Need list of addresses and ABIs to watch
  • need list of scenarios to watch
    • anything doesnt relate to function inputs
    • worst case scenarios for protocol
    • external risk
    • For Example
      • if stablecoin depegs by >1% get an alert
      • if liquidation fails and gets bad debt in system
      • much more high level reqs, not low level exploits to watch
    • my scenario
      • user sends funds directly to line contract
      • oracle price suddenly stops
  • Send game theory that we want to test with ABM
  • Setup call with Guillermo about ABM

XGitHub

Dev Docs

Product Docs

Borrower FAQ

Lender FAQ