Links

Watchdog

What is Watchdog?

Watchdog is a static EVM byte-code analyzer and an automated, continuous auditing system that analyzes selected smart contracts on Fantom. Created by Dedaub, it has already saved hundreds of millions of vulnerable funds on Ethereum and made nine notable public disclosures.
Unlike other tools, Watchdog goes beyond just analyzing the high-level Solidity code. It analyzes underlying virtual machine instructions that execute the smart contracts. This is achieved by decompiling — translating the contract bytecode to virtual machine instructions — before performing static analysis across all of the contract’s functionality.

Monitoring and Notifications

Contracts are grouped and analyzed approximately every several hours with warnings of vulnerabilities or proto-vulnerabilities displayed. These static warnings are then combined with queries on environmental conditions to produce reports that may indicate security issues.
These reports are then sent to the smart contract team who works with the Watchdog team to find solutions to any identified issues.

Getting Started

Watchdog periodically adds to its monitoring list every smart contract on Fantom with a minimum total value locked (TVL) of $5 million, as well as a variety of other projects as requested by the Fantom Foundation. This coverage is vertical agnostic, meaning that projects of any variety may qualify for coverage.
Each project will receive administrative access to see a list of vulnerabilities within their smart contracts at any time. Projects can manually query each smart contract against any exploit recognized by Watchdog.
Projects that do not meet the TVL requirements are encouraged to contact the Foundation, which has direct access to the Watchdog team. To apply for this exception, reach out to the Fantom Foundation at [email protected] with the following information:
  1. 1.
    Project name.
  2. 2.
    On-chain smart contract addresses.
  3. 3.
    Telegram IDs or e-mail addresses to give admin access.
  4. 4.
    Proof that you are the developer/owner of the smart contracts, such as signing a message with the admin key(s) of the smart contract or signing a message with the EOA that deployed the smart contracts.