Skip to content

Deployment

Security - Deployment

The Foundation has required deployment through GitHub CI and OpenZeppelin's Defender product. For off-chain assets, critical pull requests must go through a required review that upon the merge are gated by successful tests, node scanner software is gated through an state update in the ScannerNodeVersion contract, and smart contract deployments/changes are handled through OpenZeppelin’s Defender product and relayers and are controlled by multisigs. This process ensures that the Forta Network cannot be changed, even in the event of a security breach by an individual involved in any development processes.

Multi-Sig

Forta is managed through three main Gnosis Safe Multi Sig contracts:

The Council multisigs have the following roles:

Ethereum Mainnet

  • Forta Token (0x41545f8b9472D758bB669ed8EaEEEcD7a9C4Ec29): ADMIN_ROLE, MINTER_ROLE, WHITELISTER_ROLE
  • Airdrop (0x988a7Bc24A9D0fa49989FB9734bDa30f55760cEb): DEFAULT_ADMIN_ROLE, AIRDROP_MANAGER_ROLE, ADDITIONAL_CLAIM_MANAGER_ROLE, UPGRADER_ROLE

Polygon Mainnet

  • Forta Token (Bridged) (0x9ff62d1FC52A907B6DCbA8077c2DDCA6E6a9d3e1): ADMIN_ROLE, WHITELISTER_ROLE, MINTER_ROLE
  • Access (0x107Ac13567b1b5D84691f890A5bA07EdaE1a11c3): SLASHER_ROLE, UPGRADER_ROLE, AGENT_ADMIN_ROLE, ROUTER_ADMIN_ROLE, ENS_MANAGER_ROLE, SCANNER_VERSION_ROLE

The administrative multisig has the following roles:

Polygon Mainnet

  • Access (0x107Ac13567b1b5D84691f890A5bA07EdaE1a11c3): SLASHER_ROLE, UPGRADER_ROLE, AGENT_ADMIN_ROLE, ROUTER_ADMIN_ROLE, ENS_MANAGER_ROLE, SWEEPER_ROLE, SCANNER_VERSION_ROLE, DISPATCHER_ROLE The council member multisigs have the following roles:

Contract Administration

Forta contracts are managed through OpenZeppelin's Defender product utilizing relays to manage smart contract deployment and maintenance.

Forta On-Chain Monitoring

Forta on-chain activity is monitored by Forta Detection Bots and feeds into Forta Network's incident response process. The following detection bots were developed specifically for the Forta smart contracts. The code is available on GitHub.

Forta is also monitored by the bots in the Threat Detection Kits.

Forta Off-Chain Monitoring

Lastly, several operational monitors exist around the performance of the network, such as latency, API usage, deployments, etc.