Starter Kit Bot Details
Frequent Doc Updates
Forta will continue to add more curated security bots in the coming months, so stay tuned and come check this page frequently for new updates!
Anomalous Token Transfers Detection Machine Learning Bot
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Anomalous Token Transfers Detection Machine Learning Bot | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot utilizes the Isolation Forest machine learning technique to detect anomalous transactions with ERC20 token transfers.
Anomalous Transaction Volume
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Successful txn | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Polygon, Optimism, Fantom, Arbitrum, Avalanche |
This bot detects successful transactions that have one or more failed internal transactions.
Asset Drained
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Asset Drained Bot | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Fantom, Avalanche |
This bot detects when digital assets are fully drained from a contract.
Attack Detector Feed (aka Alert Combiner)
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Attack Detector Feed | Stats URL | Github Repo URL | All |
The attack detector takes past alerts under a common address from a variety of underlying bots to emit a high precision alert for protocol attacks. It does so by mapping each alert to the four attack stages (Funding, Preparation, Exploitation and Money Laundering) and applying a variety of heuristics (e.g. an alert has to exist for each of the four stages) to emit an alert.
Chainalysis Sanctioned Addresses
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Chainalysis Sanctioned Addresses | Stats URL | Github Repo URL | All |
This bot detects transactions that involve Chainalysis sanctioned addresses.
The bot listens to the Chainalysis Sanction Oracle Contract's sanctioned events and maintains a local list of sanctioned addresses.
Evidence of Phishing Bot
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Evidence of Phishing Agent | Stats URL | Github Repo URL | Ethereum Mainnet |
Users approving token transfers to an address or contract may be a behavior indicative of an ice phishing attack.
This bot detects when a high number of EOAs call the approve() or increaseAllowance() methods for the same target EOA/ contract over an extended period of time. This bot emits two types of alerts: first for the approvals that occurred and another when the attacker is making the transfers.
Exploiter Addresses
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Exploiter Addresses | Stats URL | Github Repo URL | All |
This bot detects transactions that involve known exploiter addresses.
Flashbot Detection Bot
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Flashbots Detection Bot | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot detects if a transaction was made using Flashbots bypassing the mempool.
Flashloan Detection Bot
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Flashloan Detection Bot | Stats URL | Github Repo URL | Ethereum Mainnet, Optimism, BNB Chain, Polygon, Fantom, Arbitrum, Avalanche |
This bot detects if a transaction contains a flashloan and the borrower made a significant profit.
Mint/Borrow Anomaly Detection Bot
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Large Mint Borrow Volume Anomaly Detection | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot detects if an anomalous volume of mints and/or borrows occurs.
NFT Sleep Minting Detection
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| NFT Sleep Minting Detection | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot detects transactions that may indicate NFT Sleep Minting.
Sleep Minting is when an attacker mints an NFT directly to a famous creator's wallet with permission to reclaim or pull the NFT back out of the creator's wallet. This creates the appearance that (1) a famous creator minted an NFT to themselves, and (2) the creator sent that NFT to an attacker. Based on on-chain provenance, the attacker can claim they own an NFT created by a famous artist and sell it for a high value.
You can read more about what this is and why it matters here
OpenZeppelin-Gnosis Safe Contract Events
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| oz-gnosis-events | Stats URL | Github Repo URL | Ethereum Mainnet, Polygon, Avalanche, Arbitrum, Optimism |
This bot detects ALL events from smart contracts defined in the openzeppelin-contracts and gnosis-safe Github repositories
Price Change Anomaly
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Smart Price Changes Agent | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot detects when there are drastic price change anomalies based on on-chain price oracles (i.e. Uniswap and Uniswap derivatives.)
Reentrancy Counter
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Reentrancy Calls Detection Bot | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Polygon |
This bot detects reentrancy based on the call stack provided in the transaction traces. The bot reports the number of repeated calls with different severity levels.
Scam Detector Feed (aka Alert Combiner)
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Scam Detector Feed | Stats URL | Github Repo URL | All |
The attack detector takes past alerts under a common address from a variety of underlying bots to emit a high precision alert related to scams (ice phishing, rug pulls, scams). It does so by combining alerts applying a variety of heuristics (e.g. ice phishing and tornado cash funding alert fired) to emit an alert.
Suspicious Contract Creation
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Suspicious Contract Creation | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Polygon |
This bot detects when a suspicious contract is created. A suspicious contract can take many forms; initially, this bot will alert on contracts that were created from Tornado cash funded accounts.
Token Impersonation
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Token Impersonation | Stats URL | Github Repo URL | Ethereum Mainnet |
This bot detects if an ERC-20/ ERC-721/ ERC-1155 contract gets deployed with the same symbol of an existing deployed contract. This may be indicative of a scam or phishing attack.
Tornado Cash Funded Account Interaction
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Tornado Cash Funded Account Interaction | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Polygon, Arbitrum, Optimism |
This bot detects when an account that was funded by Tornado Cash interacts with any contract.
Unverified Contract Creation
| Bot Name | Bot Stats | Bot Source Code | Supported Chains |
|---|---|---|---|
| Unverified Contract Creation | Stats URL | Github Repo URL | Ethereum Mainnet, BNB Chain, Polygon |
This bot detects when a contract is created that isn't verified on Etherscan within 30 min of creation.