https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system

The Upgradeable Smart Contract Security System is a comprehensive solution designed to address and manage vulnerabilities in upgradeable smart contracts. This project leverages a monorepo approach using NestJS to develop microservices, ensuring a scalable and maintainable architecture.
https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system

ethereum ethers etherscan foundry mongodb mongoose monorepo nestjs sepolia smart-contracts typescript upgradeable-smart-contract winston-logger

Last synced: 14 days ago
JSON representation

The Upgradeable Smart Contract Security System is a comprehensive solution designed to address and manage vulnerabilities in upgradeable smart contracts. This project leverages a monorepo approach using NestJS to develop microservices, ensuring a scalable and maintainable architecture.

• Host: GitHub
• URL: https://github.com/arrjunpradeep/upgradeable-smart-contract-security-system
• Owner: ArrjunPradeep
• Created: 2024-08-11T15:29:05.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2024-08-14T13:44:16.000Z (3 months ago)
• Last Synced: 2024-09-23T07:04:09.527Z (about 2 months ago)
• Topics: ethereum, ethers, etherscan, foundry, mongodb, mongoose, monorepo, nestjs, sepolia, smart-contracts, typescript, upgradeable-smart-contract, winston-logger
• Language: TypeScript
• Homepage:
• Size: 212 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Security: security-microservices/.eslintrc.js

Awesome Lists containing this project

README

        
# Upgradeable Smart Contract Security System

## Overview

The `Upgradeable Smart Contract Security System` is a comprehensive solution designed to address and manage `vulnerabilities` in upgradeable smart contracts. This project leverages a `monorepo` approach using `NestJS` to develop `microservices`, ensuring a scalable and maintainable architecture. The system includes a vulnerable Solidity smart contract, a suite of microservices for exploit detection and prevention, and a robust reporting mechanism. The key components of the system are outlined below:

### Smart Contract Development

A Solidity smart contract has been developed with known vulnerabilities to reentrancy attack. This upgradeable contract incorporates the following functionalities using OpenZeppelin libraries:

- `Ownable`: Provides ownership management.

- `Pausable`: Allows pausing of the contract in emergencies.

### Front-Running Microservice

A microservice is implemented to `detect exploit attempts` and send `notifications` : 

- Monitors for exploit attempts on the smart contract.

- Sends email notifications when a potential exploit is detected.

### Detailed Reporting and Analytics

A reporting system is integrated to provide detailed analytics and performance metrics:

- Slither Integration: Utilizes `Slither` for vulnerability analysis and storing it to database

- Database Storage: Stores detailed reports and analytics in a MongoDB `database`, tracking system performance and the effectiveness of the pausing mechanism.

### Manual Upgrade Functionality

The system includes functionality for `manually upgrading` the smart contract to address vulnerabilities. An upgraded version of the contract has been created, which can be manually deployed to fix the vulnerabilities identified through notifications and reporting.

## Documentation 

[`Vulnerable Upgradeable Contracts README`](https://github.com/ArrjunPradeep/upgradeable-smart-contract-security-system/tree/main/vulnerable-upgradeable-contracts): Detailed documentation on the smart contract, including development, deployment, and upgrade scripts.

[`Security Microservices README`](https://github.com/ArrjunPradeep/upgradeable-smart-contract-security-system/tree/main/security-microservices): Comprehensive guide for the microservices, covering exploit detection, notification, front-running prevention, and reporting.