Attendees
- Kiba
- Kaila
- mario + Juned - blue team
- guellermo - sec advisor, just on call
Questions
- Observability
- how due you define and monitor “suspicious transactions”
- custom monitoring + real time, anomoly prediction based on previous hacks, known attacker list, ML monitoring on pattern search -
- user-flow based monitoring - did they
- system monitoring - priviliged functions, private keys + roles not compromised,
- scenario based monitoring - we give them a list.
- E.g. a low severity audit issue we marked as “Acknowledged” but still want to make sure its not exploited
- How to customize? We write code or just tell you what we want to look for?
- have their own internal management tool
- analytics per contract and tx type. track false positives
- RedTeam creates attack scenarios
- also finding ways to hack us not just monitoring, active penetration tests. Making sure normal user funcs operate as normal
- we opt into getting notifications - email, telegram, notifications
- monitoring and analytics types/formats customizable
- What do they need from us to get started?
- will talk to other auditors to know what are functionality.
- deployed
- contract commit hash + addresses + names
- undeployed yet
- can do special monitoring on testnets
- Payment
- fatfa to detect money laundering and other stuff with bots
- Testing
- Game theory + mechanism design stuff?
- Agent based modeling tools, advice, advisors for smart contract + tokenomics testing? Ideally not simplistic agents - use reinforcement learning, genetic programming, etc. to adapt and evolve more complex interactions over time
- dont do in blue team, different domain. thinking about it, in a roadmap.
- giving more scenarios to them can help them target better
Blue Team
standard monitoring
- priviliged functions
- external/public user funcs
custom monitoring
- blacklist
- ML
scenario monitoring
Next Steps
- Need list of addresses and ABIs to watch
- need list of scenarios to watch
- anything doesnt relate to function inputs
- worst case scenarios for protocol
- external risk
- For Example
- if stablecoin depegs by >1% get an alert
- if liquidation fails and gets bad debt in system
- much more high level reqs, not low level exploits to watch
- my scenario
- user sends funds directly to line contract
- oracle price suddenly stops
- Send game theory that we want to test with ABM
- Setup call with Guillermo about ABM