Skip to content

Starter Kit Bot Details

Frequent Doc Updates

Forta will continue to add more curated security bots in the coming months, so stay tuned and come check this page frequently for new updates!

Alert Combiner

Bot Name Bot Stats Bot Source Code
alert-combiner Stats URL Github Repo URL

Individual alerts can have low precision (in other words raise false positives). This agent combines past alerts to separate the signal from noise.

It does so with the realization that an attack usually consists of 4 distinct phases:

  • funding (e.g. tornado cash funding)
  • preparation (e.g. creation of an attacker contract)
  • exploitation (e.g. draining funds from a contract)
  • money laundering (e.g. sending funds to tornado cash)

As such, this detection bot combines previously raised alerts under the initiating address (i.e. the attacker address) for a given time window (2 calendar days, so between 24-48h) and emits a cricial alert when alerts from all four phases have been observed.

As a result, the precision of this alert is quite high, but also some attacks may be missed. Note, in the case where attacks are missed, the broader set of detection bots deployed on Forta will still raise individual alerts that users can subscribe to.

Blocklisted Addresses Transaction Detection

Bot Name Bot Stats Bot Source Code
Blocklisted Addresses Transaction Detection Stats URL Github Repo URL

This bot detects transactions that involve blocklisted addresses. The blocklist is generated and updated from 4 data sources listed below.

Blocklist source:

Evidence of Phishing Bot

Bot Name Bot Stats Bot Source Code
Evidence of Phishing Agent Stats URL Github Repo URL

Users approving token transfers to an externally owned address (EOA) may be a behavior indicative of a phishing attack.

This bot detects when a high number (e.g. 10 or more) of EOAs call the approve() or increaseAllowance() methods for the same target EOA over an extend period of time (e.g. 6 hours ~ 1600 blocks). The finding should include the affected addresses, the alleged attacker's address, and the addresses and amounts of tokens involved. It also doesn't include smart contracts (i.e. approve() called by a smart contract or a smart contract that is the designated spender for an approve() call) and EOAs for any centralized exchanges (e.g. FTX exchange: 0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2).

NFT Sleep Minting Detection

Bot Name Bot Stats Bot Source Code
NFT Sleep Minting Detection Stats URL Github Repo URL

This bot detects transactions that may indicate NFT Sleep Minting.

Sleep Minting is when an attacker mints an NFT directly to a famous creator's wallet with permissions to reclaim or pull the NFT back out of the creator's wallet. This creates the appearance that (1) a famous creator minted an NFT to themselves, and (2) the creator sent that NFT to an attacker. Based on “on-chain” provenance, the attacker can claim they own an NFT created by a famous artist and sell it for a high value.

You can read more about what this is and why it matters here

OpenZeppelin-Gnosis Safe Contract Events

Bot Name Bot Stats Bot Source Code
oz-gnosis-events Stats URL Github Repo URL

This bot detects ALL events from smart contracts defined in the openzeppelin-contracts and gnosis-safe Github repositories

Reentrancy Counter

Bot Name Bot Stats Bot Source Code
nethforta-25 Stats URL Github Repo URL

This bot detects reentrancy based on the call stack provided in the transaction traces. The bot reports the number of repeated calls with different severities levels.

Successful Transactions with Internal Failures

Bot Name Bot Stats Bot Source Code
Successful txn Stats URL Github Repo URL

This bot detects successful transactions that have one or more failed internal transactions.

Suspicious Contract Creation

Bot Name Bot Stats Bot Source Code
Suspicious Contract Creation Stats URL Github Repo URL

This bot detects when a suspicious contract is created. A suspicious contract can take many forms; initially, this bot will alert on contracts that were created from Tornado cash funded accounts.

Tornado Cash Funded Account Interaction

Bot Name Bot Stats Bot Source Code
Tornado Cash Funded Account Interaction Stats URL Github Repo URL

This bot detects when an account that was funded by Tornado Cash interacts with any contract.

Unverified Contract Creation

Bot Name Bot Stats Bot Source Code
Unverified Contract Creation Stats URL Github Repo URL

This bot detects when a contracr is created that isnt verified on Etherscan within 30min of creation.

Back to top