Originally published at: https://blog.openzeppelin.com/introducing-sentinels/
$120+ million* was lost to hacks over the last year, posing a serious threat to mainstream DeFi adoption. Defender Sentinels is being integrated by teams like Synthetix, Yearn.Finance, and Opyn to protect users from these types of attacks.
*data from The Block
Today we are announcing the release of a new app, called Sentinels, to help prevent ongoing attacks and exploits in the DeFi space. Sentinels is part of the OpenZeppelin Defender platform, a security operations suite for Ethereum already being used by leading DeFi and NFT teams such as Opyn, Synthetix, TheGraph, PoolTogether, Yearn.Finance, Foundation Labs, and dYdX. The DeFi space, and recently the NFT space, have continued to see a variety of exploits and even insider attacks resulting in vault losses, unexpected liquidations, and fraudulent token mints. With the latest release, OpenZeppelin Defender can now help teams detect these types of attacks and abnormal behavior and automatically respond to quickly mitigate the attack.
“We are still very early in the process of mainstream adoption for the DeFi space,” said Jonathan Alexander, CTO at OpenZeppelin. “We often talk about how the next phase of growth will require greater scalability and throughput, but we need to realize that security and reliability are equally as important. Users need to know that DeFi is reliable and that all possible precautions have been taken to mitigate attacks and exploits that will inevitably occur as the industry grows and matures. OpenZeppelin Defender was developed to get us to the next phase of adoption faster by making it as easy as possible for teams to build and run secure, decentralized applications.”
One of the largest factors contributing to slow response times to exploits in smart contracts is the fragmentation of tools available to developers. Detection of exploits and abnormal activities is often delayed, many times coming through social media channels rather than automated detection. This means that it can take the team a significant amount of time to respond with admin actions to pause contracts or perform other admin functions that can be difficult to execute quickly under pressure. OpenZeppelin Defender introduces automation into this process to enable rapid response that can have a major impact on saving user funds.
“We’ve been watching the development of OpenZeppelin Defender closely,” said Alejandro Santander, Developer at Synthetix. “All I can say for now is – WOW! With this platform, working in the industry is going to be like a weekend in Club Med compared to how we did things in the past. Having the ability to quickly respond to attacks and make fast team decisions will bring an extra layer of security to our users.”
With the latest updates, the platform now allows for full automation between all of the platform features:
- Multi-sig contract upgrades and pausing (Defender Admin)
- Reliable transaction delivery with gas payments (Defender Relay)
- Scripts to call smart contracts in a serverless environment (Defender Autotasks)
- Blockchain monitoring and notifications (Defender Sentinels).
This means that a team can, for example, create an automated response to a potential attack that automatically pauses the system, giving time to the development team to push a proposed upgrade with a fix, which can be easily reviewed and approved by the project owners in no time – significantly mitigating the exploit.
To get started, just sign up for a free Defender account. You can easily change between account plans within the Defender app, with a new free mainnet account option available for individuals.