17

Oyster

Detect Web3 Threats and Anomalies in Real-Time with Machine Learning. The leading security and operational monitoring service for wallets, developers, and investors. The Oyster monitors TVM blockchains on-chain activity in real-time, detecting threats and other security-related events.

Real-time security & operational monitoring

Oyster is a community-based security platform to prevent or mitigate smart contract exploits as they occur. The goal of Oyster is to detect threats and other system-critical issues in real-time. By providing users with timely and useful information about the security and stability of their systems, they have an opportunity to react and take defensive action, preventing or minimizing losses and other issues.

Threat detection and operational monitoring

Threat detection monitoring provides alerts on transactions and events that may indicate malicious activity. One of the main challenges in threat monitoring is determining “what to look for” in transactions. Unfortunately, there are many examples of smart contract exploits from the past few years, so there is a large body of ideas to draw from.

Operational (“performance”) monitoring checks that your protocol is functioning as expected, within some predetermined bounds. These types of checks are beneficial for the protocol’s community, as they provide some assurance of the overall health of the protocol while still highlighting some of the more extraordinary transactions that occur. Beyond the financial operation, this monitoring may provide information about when implementation contracts are upgraded, admin addresses change, or critical administrative smart contract methods are called. This type of monitoring would provide alerts that may be appropriate for display in a dashboard.

Oyster alerts

Attack Detector Feed

Combines past alerts under a common address from a variety of underlying bots to emit a high precision alert. It does so by mapping each alert to the four attack stages (Funding, Preparation, Exploitation and Money Laundering) applying a variety of heuristics (e.g. an alert has to exist for each of the four stages) to emit an alert.

Suspicious Events Feed

There are currently 5 threat detection kits planned, each specifically tailored to monitor different parts of the Web3 ecosystem and detect threats.

  • Bridge Threat Detection Kit
  • DeFi Threat Detection Kit
  • Governance Threat Detection Kit
  • NFT Threat Detection Kit
  • Stablecoin Threat Detection Kit

Scam Detector

The Scam Detector is an ideal source of threat intel for Web3 wallets and dashboard tools, as well as for security and compliance solutions serving a retail or institutional audience. Use the Scam Detector to build or supplement a blacklist, or as a transaction analysis tool by querying the Scam Detector at the point of approval or transaction to determine whether they are malicious.

Attack Detector Bot

The Attack Detector bot combines past alerts under a common address from a variety of underlying base bots to emit a high-precision alert. It does so by mapping each alert to the four attack stages (Funding, Preparation, Exploitation, and Money Laundering/ Post Exploitation) utilizing an anomaly as well as a heuristic detection approach.

Individual alerts can have low precision (in other words raise false positives). This bot combines past alerts from base bots to separate the signal from the noise.

As such, this feed combines previously raised alerts under the initiating address (i.e. the attacker address/ addresses) and emits a crucial alert. As a result, the precision of this alert is quite high, but also some attacks may be missed. Note, in the case where attacks are missed, the broader set of detection bots deployed on Oyster will still raise individual alerts that users can subscribe to.