Evasion is a serious problem for users and security tools alike. The recently published research report presents a taxonomy for a broad range of employed evasion techniques.
Fake standard implementation - more specifically focusing on ERC-1967, the proxy standard - allow scammers to trick block explorers to point to a proxy implementation that is not used by the proxy contract. An unsuspecting user may review the block explorer’s displayed proxy implementation essentially receiving incorrect information.
Each evasion technique, however, provides an opportunity for specific detection as well. This bounty is going to focus on creating a detection bot that identifies fake standards with a focus on proxies.
The bot should monitor all new contract creations and assess whether the created contract is a proxy contact implementing the ERC-1967 standard. For identified proxy contracts, the implementation storage address should be extracted. It should then be compared to the address the proxy contract actually invokes when executing its proxied functions (this could be accomplished by forking and executing the contact (see attack simulation bot for an example) or via invariant testing (see hard rug pull bot for an example).
In return for developing a functional Forta detection bot that alerts on the above instance, the Forta Foundation is offering $1200 in FORT, the native utility token of the Forta Network. The Forta Foundation team will review the final results and assign the rewards accordingly. The Forta Foundation will cover initial Bot deployment costs (including staking).
In order to ensure that all the work funded by the Forta Foundation under the Threat Research Initiative is made available for the benefit of Forta users, ownership over any bot that receives rewards will be assigned to the Foundation, which will be made available to the public under the "Forta Bot License”. Participants should also commit to making suggested improvements during the first 2 months after deployment.
You are a data scientist who is familiar with or experienced in bot development in the Forta Network. You can communicate effectively with the team, provide updates, and support precision and recall testing of the bot.
Forta is a real-time detection network for security & operational monitoring of blockchain activity secured by FORT token. Billions of dollars in Web3 monitored by Forta. Underlying Forta is a decentralized network of independent node operators that scan all transactions and block-by-block state changes for outlier transactions and threats. When an issue is detected, node operators send alerts to subscribers of potential risks, which enables them to take action.
Forta Detection Bots are a set of code scripts within a Docker container that process some blockchain data (i.e. a block or transaction) and detect specific threat conditions (e.g. whether a flash loan attack occurred, or whether a particular account balance fell below some threshold). Bots emit alerts for their findings. Bots are executed by scan nodes.