Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system
The Upgradeable Smart Contract Security System is a comprehensive solution designed to address and manage vulnerabilities in upgradeable smart contracts. This project leverages a monorepo approach using NestJS to develop microservices, ensuring a scalable and maintainable architecture.
https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system
blockchain ethereum ethers etherscan foundry mongodb mongodb-compass mongoose monorepo nestjs sepolia smart-contracts typescript upgradeable-contracts upgradeable-smart-contract winston-logger
Last synced: 1 day ago
JSON representation
The Upgradeable Smart Contract Security System is a comprehensive solution designed to address and manage vulnerabilities in upgradeable smart contracts. This project leverages a monorepo approach using NestJS to develop microservices, ensuring a scalable and maintainable architecture.
- Host: GitHub
- URL: https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system
- Owner: ArrjunPradeep
- Created: 2024-08-11T15:29:05.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2024-08-14T13:44:16.000Z (4 months ago)
- Last Synced: 2024-11-10T06:05:15.416Z (about 1 month ago)
- Topics: blockchain, ethereum, ethers, etherscan, foundry, mongodb, mongodb-compass, mongoose, monorepo, nestjs, sepolia, smart-contracts, typescript, upgradeable-contracts, upgradeable-smart-contract, winston-logger
- Language: TypeScript
- Homepage:
- Size: 212 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Security: security-microservices/.eslintrc.js
Awesome Lists containing this project
README
# Upgradeable Smart Contract Security System
## Overview
The `Upgradeable Smart Contract Security System` is a comprehensive solution designed to address and manage `vulnerabilities` in upgradeable smart contracts. This project leverages a `monorepo` approach using `NestJS` to develop `microservices`, ensuring a scalable and maintainable architecture. The system includes a vulnerable Solidity smart contract, a suite of microservices for exploit detection and prevention, and a robust reporting mechanism. The key components of the system are outlined below:
### Smart Contract Development
A Solidity smart contract has been developed with known vulnerabilities to reentrancy attack. This upgradeable contract incorporates the following functionalities using OpenZeppelin libraries:- `Ownable`: Provides ownership management.
- `Pausable`: Allows pausing of the contract in emergencies.### Front-Running Microservice
A microservice is implemented to `detect exploit attempts` and send `notifications` :- Monitors for exploit attempts on the smart contract.
- Sends email notifications when a potential exploit is detected.### Detailed Reporting and Analytics
A reporting system is integrated to provide detailed analytics and performance metrics:- Slither Integration: Utilizes `Slither` for vulnerability analysis and storing it to database
- Database Storage: Stores detailed reports and analytics in a MongoDB `database`, tracking system performance and the effectiveness of the pausing mechanism.### Manual Upgrade Functionality
The system includes functionality for `manually upgrading` the smart contract to address vulnerabilities. An upgraded version of the contract has been created, which can be manually deployed to fix the vulnerabilities identified through notifications and reporting.## Documentation
[`Vulnerable Upgradeable Contracts README`](https://github.com/ArrjunPradeep/upgradeable-smart-contract-security-system/tree/main/vulnerable-upgradeable-contracts): Detailed documentation on the smart contract, including development, deployment, and upgrade scripts.[`Security Microservices README`](https://github.com/ArrjunPradeep/upgradeable-smart-contract-security-system/tree/main/security-microservices): Comprehensive guide for the microservices, covering exploit detection, notification, front-running prevention, and reporting.