Hi RP Community, the below proposal discusses an opportunity to get involved in monitoring and securing Rocketpool with the Forta Network via an upcoming Gitcoin Grants Program.
Why is this important for RP:
Protocol security is a top priority, and real-time monitoring and alerting is part of a comprehensive approach to protocol security. Integrating with Forta will give the Rocketpool core team and the RP community better visibility into the health and security of the protocol.
Full Description:
Overview of Forta
Forta is a decentralized security network backed by a16z, Coinbase and others, and its mission is to secure Web3. The Forta Network can be used by any Web3 project or developer to monitor smart contracts in real-time for threats and other risks. Today, Forta monitors protocols with a combined TVL of $30B+, including MakerDAO, Compound, Lido, Aave, Balancer and dYdX.
The Forta Network has two primary components: bots and scan nodes. Bots are pieces of code (aka scripts) that emit public alerts based on certain conditions/parameters of transactions or state changes. You can think about each bot like a little security camera monitoring for something specific. For example, Bot A emits a public alert every time there is a transfer from the DAO multisig. Another example, Bot B emits a public alert if an admin event on a certain RP contract occurs. Scan nodes run the bots published on the network against each block of transactions.
Gitcoin Grants Opportunity
As part of Gitcoin Grants Round 15, the Forta Foundation is pledging 100,000 FORT (~$30,000) to match grants received for bot development.
We encourage any developer in the Rocketpool community to submit a grant proposal to develop RP-specific bots that monitor (1) a system-critical component of the RP protocol, (2) a protocol invariant, or (3) another operational or security risk the RP team suggests.
To help guide the RP community, we encourage the RP core team to develop a list of monitoring recommendations that would be useful for the community to develop.
Implementation:
Forta is permissionless, and free to use (more details below). Anyone can develop a bot using the SDKs and publish to the network. Once your bot is live, you (and anyone else) can subscribe and start receiving real-time alerts to an email address, Slack, Discord or Telegram channel.
If a bot is developed by an independent developer, the developer and RP should coordinate who will publish the bot, as the wallet address that publishes the bot becomes the “owner” and has the authority to update or disable the bot in the future.
How much does it cost?
Each developer submitting a grant application through Gitcoin has the flexibility to specify their own grant amount. Historically, developers base the cost of bot development on a reasonable hourly rate, multiplied by the estimated number of hours to develop and test the bot. The Forta Matching Pool is 100,000 FORT, worth approximately $30,000 today.
Ongoing Maintenance:
There is currently no cost to publish a bot on the Forta Network, with the exception of a small tx fee in MATIC to register your bot (the network uses Polygon to maintain a registry of all active bots). However by the end of September, bots will be required to have a minimum stake of 100 FORT to run on the network. This is a mechanism to discourage spam.
There is also no cost for RP or anyone in the community to subscribe to any bots on the network right now, making Forta effectively free to use for the time being.