Security Overview

As a decentralized monitoring network to detect threats and anomalies on Web3 systems, the Forta Network’s security is of utmost importance. The Forta Network protects billions of dollars of value in the Web3 ecosystem, so Forta itself needs to be reliable and follow best security practices. In June 2022, a16z and other Forta community members published a guide called Smart Contract Security: A Simple Checklist for Web3 Development. It describes five critical phases of the Development Lifecycle for Smart Contract Security, which were followed when the Forta Network was developed and the Forta community should adhere to in the future:

This section shares how each of these 5 phases was contemplated in the original design and development of the Forta Network. However, the Forta Foundation and the community should continue to approach security comprehensively, including contemplating network infrastructure and Web2-dependent components (e.g. the Forta API and Dapp) and associated processes as the protocol evolves.

Security of a protocol is not static. A protocol continues to evolve and security issues can be introduced with any changes. Attackers also evolve and may adopt techniques that present new threats. The Forta community’s stance towards security therefore should not be static. Security should not degrade, but rather strengthen over time. This section also highlights the continued investments the Forta community can make over time to strengthen Forta's security, such as auditing any changes to existing smart contracts, ongoing monitoring and detection bot development, and periodic security assessments.