Deployment

Security - Deployment

The Foundation has required deployment through GitHub CI and OpenZeppelin's Defender product. For off-chain assets, critical pull requests must go through a required review that upon the merge are gated by successful tests, node scanner software is gated through an state update in the ScannerNodeVersion contract, and smart contract deployments/changes are handled through OpenZeppelin’s Defender product and relayers and are controlled by multisigs. This process ensures that the Forta Network cannot be changed, even in the event of a security breach by an individual involved in any development processes.

Multi-Sig

Forta is managed through three main Gnosis Safe Multi Sig contracts:

• 0xC0eb11fBC755D31c6FECEaAc8760ddCb88C64fE1 (Ethereum mainnet). 4/7 controlled by the Council members
• 0x30ceaeC1d8Ed347B91d45077721c309242db3D6d (Polygon mainnet). 4/7 controlled by the Council members
• 0xd1d4FaFd400fCD643132bb7eAF7682eE97E09C3e (Polygon mainnet). The Council members may delegate certain roles and corresponding signing authority. Currently, administrative roles have been delegated to a 4/6 multisig with members of the Foundation staff and certain members of the original core development team.

The Council multisigs have the following roles:

Ethereum Mainnet

• Forta Token (0x41545f8b9472D758bB669ed8EaEEEcD7a9C4Ec29): ADMIN_ROLE, MINTER_ROLE, WHITELISTER_ROLE
• Airdrop (0x988a7Bc24A9D0fa49989FB9734bDa30f55760cEb): DEFAULT_ADMIN_ROLE, AIRDROP_MANAGER_ROLE, ADDITIONAL_CLAIM_MANAGER_ROLE, UPGRADER_ROLE

Polygon Mainnet

• Forta Token (Bridged) (0x9ff62d1FC52A907B6DCbA8077c2DDCA6E6a9d3e1): ADMIN_ROLE, WHITELISTER_ROLE, MINTER_ROLE
• Access (0x107Ac13567b1b5D84691f890A5bA07EdaE1a11c3): SLASHER_ROLE, UPGRADER_ROLE, AGENT_ADMIN_ROLE, ROUTER_ADMIN_ROLE, ENS_MANAGER_ROLE, SCANNER_VERSION_ROLE

The administrative multisig has the following roles:

Polygon Mainnet

• Access (0x107Ac13567b1b5D84691f890A5bA07EdaE1a11c3): SLASHER_ROLE, UPGRADER_ROLE, AGENT_ADMIN_ROLE, ROUTER_ADMIN_ROLE, ENS_MANAGER_ROLE, SWEEPER_ROLE, SCANNER_VERSION_ROLE, DISPATCHER_ROLE The council member multisigs have the following roles:

Contract Administration

Forta contracts are managed through OpenZeppelin's Defender product utilizing relays to manage smart contract deployment and maintenance.

Forta On-Chain Monitoring

Forta on-chain activity is monitored by Forta Detection Bots and feeds into Forta Network's incident response process. The following detection bots were developed specifically for the Forta smart contracts. The code is available on GitHub.

• Forta Access Control Role Changed
• Forta Access Manager - Router Updated
• Forta Admin Bot Scanner Disable
• Forta Agent Updated
• Forta Agents Linked
• Forta Core Monitoring
• Forta Emitting Upgraded
• Forta Mint Mainnet
• Forta Scanner Node Software Updated
• Forta Staking Events
• Forta Staking Parameters
• Forta High Number Of Bot Deployments
• Forta Routing Updated
• Forta Stake Controller Changed
• Forta Stake Threshold Changed
• Forta Token Role Changes
• Forta Whitelist Disabling

Forta is also monitored by the bots in the Threat Detection Kits.

Forta Off-Chain Monitoring

Lastly, several operational monitors exist around the performance of the network, such as latency, API usage, deployments, etc.