Professional Documents
Culture Documents
Workshop - Monitor A Contract and Stop An Attack
Workshop - Monitor A Contract and Stop An Attack
Objectives
• In this lab, you will deploy a contract and set up alerts for monitoring it
• See how to defend against attacks using front running such as flash bots
Lab Preparation
• LOGIN = ziion
• PASSWORD = ziion
Lab Walkthrough
• Go to LocalXpose
• Click on Sing Up
• Put your email and password and click on Create Account
• Verify the account in your email and then Log In the app
• Into the app, click on Access and you will have access to the token for starting the app
The idea is expose a port for forwarding events to Blocknative. Here LocalXpose is used, but you can use others such as Ngrok
Click on Sign up
You can register with your google account, Github account or a new one.
Activate an account.
Note
If you receive the image below, it is an internal Tenderly issue, but your email was successfully verified
• Click on MAINNET and you will have access to Etherem mainnet endpoint and Rinkeby tesnet
• Copy the API KEY from the Infura Project
• Open a terminal, go to the lab folder and load the environment variable for Rinkeby network. Replace
INFURA_RINKEBY_API_KEY for your API KEY.
cd ~/workshop_defenses
export WEB3_INFURA_PROJECT_ID=INFURA_RINKEBY_API_KEY
• Launch Brownie console for Rinkeby in the root folder of the project
cd ~/workshop_defenses
brownie console --network rinkeby
accounts.load('admin')
Note
Copy and paste your new address account and request some faucet to the account Rinkeby Faucet
accounts[0].balance()
Test.deploy({'from': accounts[0]})
Go to Rinkeby Explorer
Paste the address of your Test contract
Then, in the browser, click on Contract and then Verify and Publish
For verifying the contract, enter the contract address, Solidity (Single File) because you flattened it before, highest pragma (0.6.4)
and No License (None):
Then, paste the code:
Note
Before testing, you can set up the Forta agent for checking both alerts at the same time
contract Test{
• In the compiler tab, change the compiler version to 0.8.4 and then click on Compile Test.sol
Connect your Metamask Wallet in Rinkeby with funds clicking the dropdown below Environment and selecting Injected
Provider - Metamask
Make sure your Metamask account is on Rinkeby and check it on Remix as well
In "At Address", paste the contract address and click on "At Address"
Now you can interact with the contract
Note
cd ~/workshop_defenses/blacklisted-address-ts
nano forta.config.json
• Uncomment and add the jsonRpcUrl for Rinkeby RPC from Infura.
Attention
cd src/
nano agent.ts
import {
Finding,
HandleTransaction,
TransactionEvent,
FindingSeverity,
FindingType
} from 'forta-agent'
cd ..
npm start
Test the agent
Repeat the step for triggering the alert on Tenderly and wait for the alert on the Forta agent.
• Go to BlockNative in your browser and paste the address of the contract for creating a subscription
• Click on "Create"
• Switch the network to Rinkeby clicking on ethereum : mainnet and selecting ethereum : rinkeby
• Then, click on "Save" and the "Save" again for the default key
cd ~/workshop_defenses
nano app.py
os.environ['WEB3_INFURA_PROJECT_ID']='INFURA_RINKEBY_API_KEY'
network.connect('rinkeby')
admin_account = accounts.load('admin')
print('Admin account:', admin_account)
app = Flask(__name__)
@app.route('/', methods= ['POST'])
def listen():
tx = request.json
event_address = tx['to']
return ""
• In the terminal run the app for front run transactions. Replace the INFURA API KEY when you export the environment variable.
export WEB3_INFURA_PROJECT_ID=INFURA_RINKEBY_API_KEY
flask run --host=0.0.0.0 --port=8080
Note
localxpose.loclx t http
Note
If this error is shown, launch the command again and create a new webhook in Blocknative.
Click on New Configuration
Suscribe the contract address as you did before. But when save, click on Create new API key.
Give it a name and generate a new Configuration.
• In the browser, go to blocknative, click on the three points and "Add Webhook"
• Click on Deployed Contracts to access to the functions with which you can interact:
• Check that the value is 0 clicking on Value
• Connect your Rinkeby Metamask account to Remix clicking on "Injected Provider - Metamask"
In the terminal where the app is running, transaction pending was catched and a new transaction was launched to front-run
the original transaction