Crypto networks have proven that they have the potential to become the de-facto backbone for a more open, accessible and free economy — with potentially similar positive effects on society itself. The growth in value and usage of crypto networks over the last few years has been breathtaking — with no signs of slowing down; especially considering the cultural relevance of crypto and the enormous and rapidly growing talent pool working on crypto.
However it is not controversial to say that crypto still has a long way to go: Crypto applications’ user experiences are frequently poor. Programming against new evolving frameworks and paradigms is difficult. This complexity leads to mistakes, some of which come with grave security consequences. For an open crypto economy to continue to thrive, it has to be safe. Safe for programmers, safe for users — building trust with a broad range of actors from consumers, organisations / institutions and regulators. Due to their inherent transparency, permissionless scrutiny, and the monitoring these attributes enable — unlike many of our “black box” systems today — it is not hard to imagine that crypto networks will eventually be the safest way to run any economic, legal, or societal system.
This is why we originally backed OpenZeppelin in 2017. The company today not only maintains OpenZeppelin Contracts, the premier open source library for creating protocols and tokens — but is also the leading provider of smart contract security audits — building a feedback loop between audits and software development (working with companies and networks such as Coinbase, Compound, Yearn, Aave, Balancer, Synthetix, SushiSwap, The Graph and many more).
The next evolution was to launch OpenZeppelin Defender (late last year), a novel security platform designed to automate the highest risk activities related to protocol administration . There was also a realization that measures taken prior to code release, such as security testing and audits, are important but insufficient to identify all risks and potential exploits. Further, slow or delayed response to attacks and zero-day vulnerabilities has led to larger losses that could have been mitigated. It increasingly became clear to the team that thorough system scanning for threat detection and prevention — i.e. runtime security — must also be implemented on smart contracts to mitigate risks and losses.
So, in early 2021, OpenZeppelin began investigating the potential to create a fully permissionless decentralized protocolof threat detection agents, scanner nodes and analyzer nodes working together through multi-chain smart contracts: Forta. The protocol is designed for scalability and is capable of providing threat detection and risk mitigation for all L1s and L2s. A demonstration of how Forta agents could have been used to prevent or minimize the $600m Poly Network hack can be seen here. Read more about Forta and how to get involved here.
For the open crypto economy to continue to thrive, it needs its own native security layer — that is itself permissionless and open. If successful, Forta has the potential to become the de-facto security fabric for the crypto industry. It is within this context that we are happy not only to announce our original involvement in OpenZeppelin, but also that we are backing Forta and participating in the ecosystem.