Evasion is a serious problem for users and security tools alike. The recently published research report presents a taxonomy for a broad range of employed evasion techniques.
Scammers are able to trick reviewers of code (both humans as well as ML models) into overlooking malicious functions. This can be accomplished by expanding the code of the contract; usually copying standard implementations, while sneaking in small snippets of malicious code.
Each evasion technique, however, provides an opportunity for specific detection as well. This bounty is going to focus on creating a detection bot that identifies contracts that stuff their code to hide malicious functions.
The bot should monitor all new large contract creations and assess whether the contract may utilize the hiding in plain sight technique. This should be done statically (e.g. looking at building a library of standard function implementations) and assessing the percentage of contract code that utilizes standard implementation as well as dynamically looking at replaying past transactions locally to assess code coverage.
Some legitimate contracts have functionalities that they rarely use too: governance and upgrading functions for example. The bot should distinguish code that is expected not to be run often from code stuffing. As part of this bounty, the bounty hunter needs to conduct some tests to find good thresholds for the size of contracts to be monitored along with the thresholds for the percentages of the static and dynamic assessment. These stats should be created in context of a protocol, but also globally (e.g. is governance function called foo() used globally a lot?)
In return for developing a functional Forta detection bot that alerts on the above instance, the Forta Foundation is offering $1200 in FORT, the native utility token of the Forta Network. The Forta Foundation team will review the final results and assign the rewards accordingly. The Forta Foundation will cover initial Bot deployment costs (including staking).
In order to ensure that all the work funded by the Forta Foundation under the Threat Research Initiative is made available for the benefit of Forta users, ownership over any bot that receives rewards will be assigned to the Foundation, which will be made available to the public under the "Forta Bot License”. Participants should also commit to making suggested improvements during the first 2 months after deployment.
You are a data scientist who is familiar with or experienced in bot development in the Forta Network. You can communicate effectively with the team, provide updates, and support precision and recall testing of the bot.
*Forta is a real-time detection network for security & operational monitoring of blockchain activity secured by FORT token. Billions of dollars in Web3 monitored by Forta. Underlying Forta is a decentralized network of independent node operators that scan all transactions and block-by-block state changes for outlier transactions and threats. When an issue is detected, node operators send alerts to subscribers of potential risks, which enables them to take action.*
*Forta Detection Bots are a set of code scripts within a Docker container that process some blockchain data (i.e. a block or transaction) and detect specific threat conditions (e.g. whether a flash loan attack occurred, or whether a particular account balance fell below some threshold). Bots emit alerts for their findings. Bots are executed by scan nodes.*