Officer's Blog

Posted on Feb 24, 2023Read on Mirror.xyz

Spotter Digest №1

We will gradually expand the capabilities of our Pessimistic Spotter on-chain monitoring & defense service and provide additional details in the subsequent digest piece!

Originally posted here:

https://blog.pessimistic.io/spotter-digest-1-2f01afca88e0

Greetings dear readers!

I’m sure many people would agree with this statement — if you’re building a wall of security, you have to know it better than anyone else… With all said, this is a rather complicated subject because there are ways in which you can lessen the dangers to both yourself and the project you’re working on.

https://docs.google.com/presentation/d/1McKvyOPh7Q_alXeT1Y29yGtulKJtdFgQZXqLpsbS6Ow/edit#slide=id.gae3c258275_0_238

You might be wondering how this relates to audits at this point.

Well, what’s for audits; they are no doubt critical for the whole ecosystem and should be performed for every upgrade, no matter how many there are or how simple they appear to be.

Because of this, ever since 2022, our team has been hard at work developing such a solution, and we are hopeful that we will soon be able to deliver it!

Follow:


I - Spotter: Story

Throughout the year, we have been constantly refining our audit method and have invested up to 40% of the team’s weekly time in the research of new tools and approaches to ensure the highest quality of the delivered results!

https://blog.pessimistic.io/pessimistic-ios-year-in-review-73710c2d7a7c

Looking at this month’s never-ending hacks, we wondered why they happen so frequently. As follows, we once thought something needed to change. At that time we had already released the SmartCheck tool and had a large experience in developing EVM-compatible tools…

A few words about our tool, SmartCheck — which can serve as a reinforcement of what we will talk about next in a sort of a blue-box scanner form. Even in its raw form, it shows good results, and second place in ToB’s article is not bad for a tool we stopped supporting three years ago.

Therefore, our goal is to develop a next-generation monitoring and protection system that will significantly outperform the competition on all fronts, including response time and data collection capabilities!

https://officercia.mirror.xyz/W-SUbkTf18b3RuPL9DykXQmpexWBZxbp4P1xfCfXo4Y

It is crucial to note that we want to move away from the conventional idea of dividing tools for guarding against and reporting attacks on the project and the community, and instead we want to make the system adaptable so that it can be used for a variety of purposes.

At the same time, we’ll stick to this paradigm and make it as practical as possible for projects.

For example, here is the technology I described in 2020, and it is similar to the implementation of roughly the same web2-origin thing but in blockchain. This is exactly the idea we want to convey — there are already working bundles, you just need to properly adapt them to the data-layer.

We will collaborate with mempool and other transaction aggregators to get extra seconds for our clients. Our Spotter system is designed to respond in seconds, so we’re backtesting it on a dataset of hacks — and the results are pretty great, as we will reveal in the following articles.

Thus far, we’ve been able to significantly reduce the number of false positives and false negatives, and as backtests indicated, we could even avoid some past hacks and attacks provided projects or users had our Spotter installed!

We also aim to be compatible with other tools and services, and we prefer to collaborate rather compete because we believe that multiple monitoring solutions will complement one another, resulting in greater ecosystem security!


II - Spotter: MVP

After a few months of development, we already have a working prototype; you can evaluate the speed at which the alert is triggered by watching the video recorded by Pessimistic.io’s CEO, Alexander:

https://www.youtube.com/watch?v=uDMEb7DhbpY

This article provides additional information on the technical aspects of our superior reaction time and how it was achieved, which allows us to outperform our competitors by a significant margin, be sure to check it out!

Public Alerts Channel

Spotter is running in public mode, and you can see what transactions it outputs to the result. We believe this beta will be of interest to both protocol and security researchers!

Output example:

Link:

We’ll be glad to see you on our channel, please follow! 🙂


III - What's Next?

In the near future, we intend to pitch Spotter at a significant number of conferences and turn on protection for a couple of our cordial DeFi protocols. This year promises to be full with exciting events!

We also hope for your support because we think this market is crucial, first and foremost for the overall security of our industry!

You can subscribe to our blog to make sure you don’t miss any of the regular news and updates we plan to publish on the project in a special digest:

Additionally, Spotter now has a Twitter account, so follow it there as well:

In the following articles we will gradually expand the functionality of our service and provide an opportunity to test it on your system. We’ll let you know the release date soon, stay tuned!

https://blog.pessimistic.io/

Thank you very much for your attention!


Support is very important to me, with it I can do what I love — educating users!

If you want to support my work, you can send me a donation to the address:

https://github.com/OffcierCia/support

Stay safe!