Introduction:

In the ever-evolving landscape of blockchain technology, security remains a paramount concern. Forta Network, a pioneering platform, has emerged as a robust solution to address the vulnerabilities and threats faced by blockchain businesses. Founded by visionary entrepreneurs, Forta Network combines advanced technologies and incentivized participation to enhance the security and integrity of blockchain networks. In this article, we delve into the fascinating world of Forta Network, exploring its origins, functionalities, and the incentives it offers to developers and participants.

Overview:

Forta Network revolutionises blockchain security and monitoring by offering a decentralised, real-time system. Its primary purpose is to detect and address threats and abnormalities across various Web3 systems, including DeFi, NFT, governance, and cross-chain bridges. By promptly delivering valuable information about system security and stability, Forta Network enables contract owners to take immediate defensive and remedial actions, minimizing potential losses.

One of the key features of Forta Network is its permissionless and decentralized incentivization model. It introduces the $FORT token to attract node providers and detection bot developers. Their contributions play a crucial role in building an extensive and user-friendly monitoring system that operates in real-time. Using the provided detection bot templates, contract developers can effortlessly monitor abnormalities without the need to write code. Alternatively, they can leverage the Forta SDK to create customized detection bots for monitoring purposes. Forta Network also supports notification webhooks, empowering contract developers to automate abnormality defense measures.

Forta Network stands out due to its modularized, standardized, and no-code monitoring approach for smart contracts. Contract developers are relieved from the burden of building a standalone monitoring system, allowing them to concentrate on deploying robust defense measures. This emphasis on security contributes to creating a safer Web3 ecosystem, safeguarding the assets of numerous users.

At present, Forta Network actively monitors multiple blockchains, including Ethereum, Avalanche, and Polygon. Additionally, it collaborates with prominent Dapps such as Lido, Compound, MakerDAO, dYdX, and Balancer to protect the assets of their respective user bases.

History (Forta’s Founders)


Forta Network was developed by an innovation subdivision of OpenZeppelin. So far they haven’t revealed too much information on its team members, but from its core GitHub projects, forta-core-go and forta-node, we can see that most of the commits are from members of OpenZeppelin or previous contributors of OpenZeppelin. So we can assume that Forta is a spin-off team of OpenZeppelin; its members actually work for OpenZeppelin. A piece of publicly available information is that the CTO of OpenZeppelin, Jonathan Alexander, is a co-founder of Forta.

OpenZeppelin built one of the most widespread contract codebases on EVM. Most ERC-20, ERC-721, and ERC-1155 tokens are created with OpenZeppelin’s no-code or low-code development tools. OpenZeppelin is also in close partnership with famous projects and companies including AAVE, Ethereum Foundation, Coinbase, and The Graph.

Jonathan Alexander, the co-founder of Forta Network, is also the CTO of OpenZeppelin. He graduated from UCLA in 1984. From April 2010 to March 2016, he served Vonage (the largest VoIP provider in the US) as its CTO, mainly responsible for its cloud communication infrastructure. From March 2016 to March 2020, he became the CTO of QASymphony/Tricentis (the two software testing companies merged in 2018). In April 2020, he joined OpenZeppelin as its CTO.

According to the resume of Jonathan Alexander, we can see he is experienced with software management and infrastructure building, which align with the technical product positioning of Forta. And under his leadership, both of his ex-employers had gained rapid growth from under $5 million to over $100 million.

Backed by the industry leader OpenZeppelin and an outstanding seed round, Forta has built its own presence in the Web3 world. As the standard setter and auditor for Ethereum codebases, OpenZeppelin has demonstrated its development prowess. We believe Forta will bring an even better experience to its users in the future.

How Forta Network works

Forta Network operates through the utilization of two modules and three distinct roles. In order to comprehend the functioning of the network, it is essential to familiarize oneself with these modules and roles.

The Two Modules:

There are two modules in Forta Network: detection bots and scan nodes:


  • Detection bots

    • Detection bots play a vital role in Forta Network, functioning as logical scripts designed to analyze specific transaction characteristics or monitor changes in status within supported smart contracts on various blockchain networks. To simplify their purpose, detection bots act as security cameras overseeing blockchain activities. Developers have the ability to program these bots with predefined conditions, allowing them to monitor specific content such as alterations in contract governance, updates to essential contract configurations, anomalous operations during an API call to a contract, and more. Furthermore, detection bots can also be employed to track specific blockchain statuses, such as fluctuations in token prices from oracles, unusual transaction volumes of a token, or significant decreases or increases in network-wide account balances. Developers can even leverage machine learning models to predict and proactively mitigate potential attack behaviors. Notably, Forta Network already facilitates the creation of detection bots without the need for coding, empowering users to establish monitoring conditions for most smart contracts effortlessly.

  • Scan nodes:

    • These entities are responsible for scanning the transaction data of every block within a specific blockchain. They can be likened to operators of detection bots who retrieve data from a targeted blockchain. Whenever the detection bots within a scanning node identify specific patterns or events that meet certain conditions, they will transmit alerts to the network. These alerts are then stored in IPFS (InterPlanetary File System), and anyone can subscribe to them using Forta Explorer or API.

The Three Roles:

The Forta Network consists of three main roles: alert subscribers, detection bot developers, and scan node providers.

  • Alert subscribers:

    • Forta allows anyone to monitor transaction activities and receive alerts regarding security, finance, operation, and governance events on a specific blockchain. Public detection bots on the Forta Network are typically open source, enabling anyone to subscribe to these bots and receive alerts. Subscribers can choose to receive alerts through various channels such as email, Slack, Discord, Telegram, or customized webhooks. They can also utilize customized webhooks for automated defense actions when an alert is triggered, helping to mitigate potential losses. For subscribers who wish to keep their bot strategies hidden from potential attackers who may exploit their auto-defense measures, they can create a private network to host their bots. Private networks operate independently of the Forta mainnet and are not involved in the allocation of public detection bots.

  • Detection bot developers:

    • Developers have the ability to program detection bots on the Forta Network by staking a certain amount of $FORT to publish them. In the early stages, the development of basic public detection bots was incentivized by rewards from the Forta Foundation. As the network’s collection of basic bot templates became more comprehensive, developers began publishing bots with specific detection requirements from protocols, DAOs, or organizations. To prevent malicious usage, such as creating bots for spamming or abusing network resources, developers are required to stake a minimum of 100 $FORT when launching a detection bot.

  • Scan node providers:

    • Scan node providers offer scan nodes that execute detection bot scripts to scan the data of each block. To ensure node stability and proper functioning of the detection bots, node providers are currently required to stake a minimum of 500 $FORT for each node. However, due to an oversupply of nodes in the network, the Forta Foundation has passed a proposal to increase the stake for each node to a minimum of 2,500 $FORT starting from September 30th, 2022. Additionally, the foundation has proposed including the number of detection bots running on each node as a metric for node reward allocation to enhance network utilization.

Since its launch in September 2021, the Forta community has deployed over 650 detection bots and 2,000 scan nodes on the network, ensuring continuous scanning of Dapps across seven Layer1 and Layer2 blockchains. By August 2022, the network has witnessed significant growth with over 1,200 detection bots and 9,000 scan nodes, marking an impressive expansion.

Mechanisms for Operation and Token Economics


We will elaborate on the complete workflow and tokenomics of Forta from the perspective of a detection bot:

  1. Before a detection bot is published, the Forta network would have a series of preexisting scan nodes, which will run the published bots. Creating a scan node needs a stake of at least 500 $FORT (the stake threshold will be increased to 2,500 $FORT after September 30, 2022).

  2. Bot developers will stake 100 $FORT to publish a new detection bot, which will be packed as a docker mirror and sent to one or more good nodes in the network. The quality of a node is measured by its SLA score. Normally, a node with a score higher than 0.9 can be considered a good node. SLA is a minimum between the Resource Score and a weighted average of the Data Quality Score and the Uptime Score.

  3. The detection bot will check the data on each block of the chain registered by a scan node. When a strategy of the bot matches the data on the block, it will send an alert to a Forta Network server via Graphql.

  4. After receiving the alert, the Forta network server will store it in IPFS, then send out notifications to subscribers via their preset channels (email, Telegram bot, webhook, etc.).

  5. Forta Network will issue 400,000 $FORT per week to reward qualified scan nodes. This is also the main source of production of the token.

  6. Besides scan nodes and detection bots staking, the $FORT tokens can be used as votes in the project governance to decide its future path.

Here is the current distribution of $FORT tokens (2022 SEP):


There are two streams of distribution of the token: community and early contributor.

  • Community allocation:

    • refers to the allocation of tokens held by the Forta Foundation, which encompasses rewards during the Fortification Phase, airdrops, and future rewards. Generally, tokens from the community allocation are not subject to lock-ups or transfer restrictions. However, to ensure alignment with the long-term interests of the community, certain recipients of the community allocation may agree to specific restrictions.
      For instance, approximately 2.2% of the allocated tokens are subject to restrictions ranging from 2 to 4 years. These restrictions aim to maintain fairness and safeguard the community’s best interests. It’s important to note that community allocation is separate from early contributors, meaning that early contributors are not eligible to participate in the community allocation. This demarcation ensures a clear distinction and equitable distribution within the Forta ecosystem.


  • Early contributors to the Forta Network:

    • consist of three main groups: backers, initial core contributors, and OpenZeppelin. Backers are community members who provided early support in various aspects such as funding, network development, and node contributions. Initial core contributors are the earliest developers of the Forta Network from OpenZeppelin. A total of 20% of the token supply has been allocated to these individuals.
      In their role as the incubator of the Forta Network, OpenZeppelin has been granted 10% of the token supply. All early contributors, including backers, initial core contributors, and OpenZeppelin, are subject to a 4-year linear vesting period, which includes a 1-year cliff. The vesting period commenced on September 1st, 2021, and will continue until September 1st, 2025. Once this period is completed, all the tokens allocated to the early contributors will be fully unlocked.

Conclusion:

The topic of Web3 security has garnered significant attention over the years. Users are increasingly concerned about the security of their crypto assets and place importance on aspects such as contract auditing and open-sourcing of code. However, it is worth noting that the Web3 security industry is still in its early stages. Forta has gained adoption from prominent projects like dYdX and Lido, indicating the crucial role that Web3 security defense will play in the future of blockchain compliance.

While many Web3 projects have yet to implement monitoring measures to ensure the security of their contracts, the potential for growth in the Web3 security market is immense. Since its launch in 2021, Forta, led by OpenZeppelin, has emerged as an early player in this field, targeting a relatively unexplored market. Just as OpenZeppelin set the standard for EVM contract development four years ago, we have confidence that they will continue to lead and establish themselves as the frontrunner in shaping future Web3 security standards.