Smart Contract Security Tool Watchdog will deploy on Fantom
Fantom is proud to announce its partnership with Dedaub, a leading blockchain security firm. This alliance will bring contract-library—a smart contract explorer— and Watchdog—a smart contract security analyzer—to Fantom mainnet, all powered through Erigon nodes.
A smart contract explorer is a tool that presents deployed smart contracts in a human-readable format.
Contract-library is a well-known smart contract explorer, used by hundreds of security researchers on Ethereum. Its full public deployment for Fantom is scheduled to take place in September 2022, and test deployments are already operational.
Watchdog is a static EVM byte-code analyzer that automatically identifies the root cause of security vulnerabilities in smart contracts. It reduces security risks in smart contracts by providing feedback for deployed contracts on the blockchain to developers and auditors.
Since deploying on Ethereum, Watchdog has saved hundreds of millions of vulnerable funds, and made nine notable public disclosures.
Unlike other tools in the market, Watchdog doesn’t stop at the higher-level solidity code itself, but instead analyzes the underlying virtual machine instructions (i.e., how smart contracts actually execute). This is achieved by decompiling—translating the contract bytecode to virtual machine instructions— before performing static analysis across all of the contract’s functionality.
Watchdog will monitor every smart contract on Fantom with a minimum total value locked (TVL) of $10 million, in addition to a multitude of projects meeting other criteria as requested by the Fantom Foundation. Coverage will be vertical agnostic, meaning qualifying projects can be DeFi applications, NFT-focused, and more.
Projects that do not meet the TVL requirements are encouraged to reach out to the Foundation, who have direct access to the Watchdog team.
The monitoring and notification will broadly work as following:
- All contracts that are part of each protocol will be grouped automatically (under human supervision).
- Watchdog will analyze these contracts on average once every several hours, and display warnings of vulnerabilities (or proto-vulnerabilities, i.e., components that when put together can make a service vulnerable).
- The static warnings are combined with queries on environmental conditions (e.g., approvals and balances in past transactions, state of initialization of a contract, storage contents) to produce reports that can point to security issues.
- These reports are sent to the team building the smart contract, and will coordinate with the Watchdog team on solutions to fix any identified issues.
We will also maintain a contract database for each protocol. If a vulnerability is detected in a live system, we will contact the associated project team. Special emphasis will be given to protocols that are strategically important for the security of the Fantom ecosystem, such as bridges.
Watchdog was created by Dedaub, a security company founded by Yannis Smaragdakis and Neville Grech. Yannis is a professor in the the Department of Informatics and Telecommunications at the University of Athens, and Neville is a lecturer at the University of Malta. Both are highly regarded experts in the fields of programming languages and static program analysis (finding vulnerabilities in programs).
“Watchdog’s continuous auditing is a powerful new tool for all builders on Fantom. It is one of the most sophisticated security tools available, finding even the most subtle exploits. This will give developers the confidence to build safe applications on Fantom, with Watchdog monitoring each and every deployment. Both Neville and Yannis are some of the smartest security professionals in this space, having previously collaborated with them at Sydney University. I am confident Watchdog will help protect many users on Fantom.” – Michael Kong, CEO, Fantom Foundation
Dedaub is a leading blockchain security company, with well-known consulting and technology services. Dedaub’s clients include some of the top DeFi protocols and infrastructure services, with billions of dollars custodied by code audited by Dedaub, as well as numerous whitehat rescues and bounties. Dedaub has been commissioned by the Ethereum Foundation for several studies of the impact of EVM additions, and the contract-library.com explorer has been serving thousands of EVM developers and security analysts since 2018.
Fantom is a fast, scalable, and secure layer-1 EVM-compatible platform built on a permissionless aBFT consensus protocol. On Fantom, transactions are confirmed in about 1 second and cost just a few cents. Speed, low transaction costs, and high throughput make Fantom ideal for DeFi applications and real-world use-cases.