Attack Detector Premium Feed Proposal

Name of Premium Feed Attack Detector
Forta Network Bot ID 0x80ed808b586aeebe9cdd4088ea4dea0a8e322909c0e4493c993e060e89c09ed1
About Bot Owner Forta Foundation, Blocksec, Nethermind + community contributors

The Forta Foundation is a non-profit entity that stewards the Forta Network, which includes holding certain off-chain intellectual property on behalf of the Forta community.

BlockSec is a leading provider of blockchain security infrastructure. The team is founded by top-notch security researchers and experienced experts from both academia and industry. They have published multiple blockchain security papers in prestigious conferences, reported several zero-day attacks of DeFi applications, and successfully protected digital assets worth more than $14 million by blocking multiple attacks.

Nethermind is an Ethereum research and software engineering company enabling enterprises and developers worldwide to build on the decentralized web. Their work touches every part of the ecosystem, from its Nethermind node to fundamental cryptography research and application-layer protocol development.
How the Premium Feed works The Attack Detector is an ideal source of early alerts on protocol attacks; it could be consumed by protocols directly or by managed security service providers (MSSP) or incident response groups (like seal911).

The Attack Detector provides early alerts on protocol attacks. The Attack Detector’s alert contains information about the attacker’s EOA, smart contracts, as well as a list of corresponding base bots alerts that describe the alert in detail (e.g. tornado cash funding, contract creation, flash loan with large profit, and money laundering via changenow exchange). Further, the alerts contain victim/target addresses - in some cases - name of the victim/target.

The Attack Detector and its underlying bots are collectively maintained by the Forta community, including the Forta Foundation, Blocksec, Nethermind, and over a dozen individual security researchers and developers.

Supported chains (Chain ID):

* Ethereum (1)
* BSC (56)
* Polygon (137)
* Arbitrum (42161)
* Optimism (10)
* Fantom (250)
* Avalanche (43114)
Anticipated target market * Protocols
* Investors
* MSSPs/ IR Teams
* Auditors
* Others
Maintenance/Support Facilitated by the Forta Foundation, Blocksec, Nethermind and various individual community contributors will be actively maintaining the Attack Detector and its dependent bots, testing performance, receiving feedback from the Forta community and making the appropriate upgrades on a regular basis.

The teams are committed to provide technical support to all subscribers and prospective subscribers via the Feed’s dedicated Discord channel, as well as through direct communication channels.
Polygon Address for receiving fee revenue 0xC99884BE6eEE5533Be08152C40DF0464B3FAE877
Price 399 USDC/month
Performance information The performance of the Attack Detector can be monitored on the bot’s health page.

The Attack Detector reliably processes incoming alerts as shown on its bot health page even for fast chains, like BSC as shown on the bot health page.

The bot is sharding capable and currently utilizes a sharding configuration of eight shards and three targets (config) resulting in a reliable deployment of this bot.

Also, the Attack Detector September 2023 protocol precision is 83%; its protocol recall is 40%.

* Precision is how the quality of a feed is quantified. It represents the percentage of alerts that are correctly identifying an attack (aka a true positive) from 0-100, and calculated on a monthly basis for protocol attacks covered by the Attack Detector. Protocol precision is looking at the precision in context of the protocols that were attacked in the given month and asks the question on whether those protocols received false positive alerts prior to the attack.

* Precision is calculated by analyzing all alerts a protocol would have received if they would have subscribed to the Attack Detector with their contract addresses as a filter. Using block explorers like Etherscan, the Foundation then manually reviews the underlying transaction activity that triggered the alert and corresponding attacker label. The person conducting the review has specific grading guidelines and is trained to identify threat patterns. While the reviewer may cross-reference other public data sources for additional evidence of true and false positives, the Attack Detector relies exclusively on its own logic for flagging attacks. After the review is complete, a true or false positive determination is made.

* Recall is how the quality of a feed is quantified. It represents the percentage of attacks the Attack Detector is correctly identifying through an alert and emits the proper contract addresses that pertain to the attacked protocol.

* Recall is calculated by analyzing all publicly disclosed attacks (utilizing sources like blockthreat newsletter, twitter, and For each attack, the attacker EOA is extracted and queried against the alerts raised by the Attack Detector. If an alert has been raised and emits the protocol’s contract addresses, it is deemed a true positive; if no alert was raised, it is deemed a false negative.
Documentation Documentation
Compatible licensing Forta Bot License 1.0

This Attack Detector Premium Feed proposal submitted by Christian Seifert was approved async by half of the active Council members in accordance with the Bylaws.