en
Back to the list

Smart contract audit firm OpenZeppelin launches new app to help prevent DeFi attacks

DeFi

www.theblock.co 11 March 2021 15:12, UTC
  
Reading time: ~3 m

Quick Take

  • Smart contract security and audit firm OpenZeppelin has launched a new app to help prevent DeFi attacks.
  • The app, called Sentinels, helps DeFi projects detect abnormal behavior and automatically respond to mitigate it. 

Smart contract security and audit firm OpenZeppelin has launched a new app to help prevent exploits in the decentralized finance (DeFi) space.

Dubbed OpenZeppelin Sentinels, the app helps DeFi projects detect abnormal behavior and automatically respond to mitigate it. Sentinels is part of OpenZeppelin's Defender platform that was launched late last year and is already used by several projects, including Compound and Aave.

The Defender platform helps manage smart contract operations. As for the new Sentinels app, it is specifically aimed at reducing DeFi attacks and increase its mainstream adoption.

Last year alone, nearly $130 million was lost to such attacks, according to blockchain analytics firm CipherTrace. This year, several projects have seen multi-millions getting drained from their vaults, including Yearn.Finance.

Yearn lost $11 million in an attack last month. OpenZeppelin CTO Jonathan Alexander told The Block that Yearn, which is already a Defender user, could have prevented the attack if Sentinels was live at the time.

"The Yearn.Finance exploit was composed of 11 transactions (so very large gas fees)," said Alexander, adding that Sentinels helps detect transactions that involve large flash loans or large gas fee payments.

"Projects may take hours to notice or react to incidents, and they often find out via social media or side channels, by the time it's too late," said Alexander. "With Defender Sentinels, teams will be alerted in seconds."

Besides flash loans, price oracles are a common cause for DeFi attacks. Alexander said the Sentinels app, combined with the Autotasks app, also helps monitor price oracles. "Every time an oracle posts a price update on-chain, a Defender Sentinel can detect the update and fire a Defender Autotasks to confirm the price data accuracy vs. other data sources," he said.

The Defender platform consists of several apps — Sentinel, Autotasks, Admin, Relay, and Advisor — to help projects manage smart contract operations. Defender currently supports the Ethereum blockchain. The support for sidechains such as Binance Smart Chain, Fantom, Fuse, and xDai is coming later this month, Alexander told The Block, adding that Layer-2 blockchain networks will also be supported "soon."

OpenZeppelin is also discussing a partnership with mempool explorer Blocknative for mempool monitoring, Alexander told The Block. This would help DeFi protocols to detect a malicious or suspicious transaction in the mempool and pause the smart contract before the malicious transaction is executed, said Alexander. Mempool is like a waiting room for transactions that have not yet been included in a block.


© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.


   Source
Back to the list