The best defense is a good offense :)
Web3 is totally open and transparent for attackers to analyze and find vulnerabilities. Common attack vectors: 51% attack, front running, private key leak, weak decentralization, oracle manipulation, MITM, sybil, etc. Smart contracts specific hacks: reentrancy, access control/logic bugs, signature duplicate/replay, etc.
Static defense can’t handle 0day exploits and all possible attack vectors. Centralized services are used for monitoring and events notifications. Some tools on the market:
The idea is to use active monitoring and quick defense actions, but problem is centralization. Centralized monitoring service can be compromised itself.
What if I told you that you need one another blockchain to protect your blockchain.
Cross-chain interoperability is not standardized yet. But it’s under development:
What active defense monitoring dapp can do? Pause/unpause contract, alert, filter transactions, act as decentralized WAF or monitoring service.
Let’s make web3 more secure, to be continued…
