Share this page!

Sec3 (formerly Soteria) Profile picture
Twitter logo
Feb 8 6 tweets 2 min read
1/ How does @sec3dev's WatchTower `SmartThreatMonitor` learn which transactions are normal and which one's aren't to provide on demand real time alerts of abnormalities?
2/ First, it loads all historical transactions of a particular smart contract and analyzes them using a machine learning algorithm to construct an initial set of invariants (pattern of behaviour)
3/ It then tracks every new transaction and updates its database of invariants and sends out an alert if any transactions or interactions is out of the ordinary
4/ The more often you train the monitor, the smarter it gets. Here is an example of the dashboard for the `SmartThreatMonitor`, where in a normal transaction the 5th input accounts are to match the content in the table. When it doesn't, an alert is sent out through sms/slack/tg
5/ You can even go a step further, by pausing your smart contract as soon as a potential threat is detected
6/ What are some common invariants?
- Token transfer amts
- Contract dependencies
- Contract Cohorts
- Reentrancies
- Frequency
- Instructions
- Flash Loans

And much more. To test #WatchTower yourself, schedule a demo!

sec3.dev/watchtower

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sec3 (formerly Soteria)

Sec3 (formerly Soteria) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Sec3dev

Sec3 (formerly Soteria) Profile picture
Feb 9
1/ Let's look at what was discussed during the Solana Changelog - January 31, 2023 video!

2/ A new proposal have been put up to have a fee market for storage on the cluster, where the cost of storage would change based on demand. This would change the cost of things like NFTs, token accounts, and programs
3/ Recent commits include:
• New online Tracer added to banking stage for easier debugging and performance improvement
• Geysers get updates with missing fields added, enabling faster & more efficient RPC clients
Read 7 tweets
Sec3 (formerly Soteria) Profile picture
Feb 7
1/ This is a great Validator Security workshop by @TimGarcia0 !

2/ Key takeaways for best practices for hardening Ubuntu servers:
• Use SSH keys for login, avoid password login
• Disable password and challenge response authentication
• Consider setting up two-factor authentication
3/
 • Regularly update and upgrade packages
• Audit installed packages and remove unused ones
• Use intrusion detection software like fail2ban
Read 4 tweets
Sec3 (formerly Soteria) Profile picture
Feb 1
1/ What are some more common vulnerabilities that an attacker can exploit in Solana? 🧵
2/
 - Arithmetic overflow/underflows: If an arithmetic operation results in a higher or lower value, the value will wrap around with two’s complement
- Numerical precision errors: floating point can cause precision errors and those errors can accumulate
3/
 - Loss of precision in calculation: numeric calculations on integer types such as division can lose precision
- Incorrect calculation: incorrect numerical computes due to copy/paste errors
- Casting truncation
- Exponential complexity in calculation
Read 4 tweets
Sec3 (formerly Soteria) Profile picture
Jan 31
1/ What are 5 common vulnerabilities attackers can exploit in Solana?🧵Let’s dive in:
2/ Missing signer checks: if an instruction should only be available to a restricted set of entities, but the program does not verify that the call has been signed by the appropriate entity (e.g., by checking AccountInfo::is_signer ).
3/ Missing ownership checks: for accounts that are not supposed to be fully user-controlled, the program does not check the AccountInfo::owner field
Read 6 tweets
Sec3 (formerly Soteria) Profile picture
Jan 31
1/ We’re extremely excited to announce that @sec3dev has raised a $10M seed round led by @multicoincap, joined by @SanctorCapital and @EssenceVenture - this is in addition to our angel investor @aeyakovenko and @santiagoroel!
2/ Our vision from the beginning has always been to provide a suite of end-to-end solutions to help secure DApps and user experience for as many people as possible.
3/ As codebases grow much faster than human auditors, we understood early on that in order to do that we must build scalable, full-stack software solutions on top of providing top quality Manual Launch Audits.
Read 12 tweets
Sec3 (formerly Soteria) Profile picture
Jan 30
1/ In #DEFI, borrow/lending is one of the most exciting innovations. Our WatchTower system offers LiquidationMonitor that tracks real time Loan-to-Value-Ratio(LTV) for positions in platforms such as @solendprotocol @HedgeLabs and @HubbleProtocol
2/ It does this by looking directly at on-chain states of each borrowed position and comparing it with their corresponding obligation account, at the oracle refresh level
3/ It's also super easy to customize and get it up and running for other lending protocols and chains as well! We have a public dashboard at alerts.sec3.dev/liquidation for positions that are at risk of liquidation Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(