Should GnosisDAO fund Hypernative as the chain real-time security and risk prevention partner?

About Hypernative

Hypernative actively detects and responds to zero-day cyber attacks, financial risks, on-chain anomalies, and safeguards digital assets, protocols, and Web3 applications from significant threats and losses.

With the power of our “pre-cog” platform, Hypernative employs proprietary machine learning models to monitor both on-chain and off-chain data sources to accurately predict cyber, economic, and governance threats before they materialize. Detected threats are then linked to automated playbooks that promptly prevent and mitigate risks in real time.

Since its launch, Hypernative has successfully alerted numerous protocols and projects about potential hacks and exploits, even before they occurred. This proven track record in risk mitigation has garnered recognition through post-mortems and recommendations from protocols.

Today, the platform is already being utilized by several L1/L2 chains, bridge providers, protocols, and institutions, focusing on security and on-chain risk anomaly detection. Among our customers are karpatkey, which manages the Gnosis chain DAO treasury [Hypernative | Hypernative + karpatkey] OlympusDAO [Boardroom] ,Polygon, Quantstamp, Chainproof, zkLend and many others.

https://twitter.com/HypernativeLabs

https://www.hypernative.io

The Proposal Summary

Hypernative would like to offer the Gnosis chain community access to a set of chain-wide alerts and insights covering a wide range of risks which can be leveraged to mitigate hacks and exploits, fraudulent/scamming/phishing contract addresses, suspicious and malicious governance proposals, oracle deviations, anomalous money movements and more, as described below.

The relevant community members in addition to Hypernative security research team will be able to consume the alerts through dedicated Discord channels and, optionally, a risk dashboard dedicated to Gnosis Chain made available by Hypernative.

Hypernative security team will help investigate critical and high alerts with the appointed community members, Gnosis security and operations team and the teams of the largest TVL projects on Gnosis Chain

The offer also includes customized alerts based on Hypernative security research team and feedback from the community/governance members regarding most critical and relevant possible exposures as described below.

The Proposal Motivation for Gnosis Chain

The overall motivation is to augment security and risk operations and help Gnosis chain team and the high TVL protocols on Gnosis chain both with our team security and data expertise and with using the Hypernative platform.

It’s hard to keep track of all various different security risks and exposures in crypto and Web3, having a dedicated team and a real time platform to detect these risks for the community, is of first priority in our vision.

The result of implementing this offer will be to provide real time detection of various security attack vectors on projects in Gnosis Chain and its participants.

A security and solidity expert contact in Hypernative which will provide its expertise and help regarding security incidents.

Real time detection and warning the community/DAO of anomalies and risks in smart contracts, governance proposals, oracles, participants, phishing or scamming campaigns affecting Gnosis chain or projects built on top of it

The Proposal Details

The following alerts will be configured on Gnosis chain projects

Categories of Alerts

Security, Compliance and Fraud/Scamming Alerts Channel

1. Illicit funds movement

2. Interaction with an OFAC-sanctioned address

3. Suspicious or Malicious contracts deployed including a severity score of MEDIUM or HIGH

   • Phishing contracts
   • Attacker/Hacker contracts

4. Hacks and exploits warnings in various vectors and for various vulnerabilities

5. Chain addresses suspicious in scamming/fraud/phishing attempts or smart contracts suspicious of such (Help the community avoid frauds on-chain)

Operational Alerts Channel

1. Multi sig ownership changes
2. Contract ownership change
3. Contract Pauses

Financial Alerts Channel

1. Abnormal large withdrawals

2. Abnormal large transfers

3. High value token transfer

4. Governance Alerts Channel

5. Suspicious and Malicious proposals

6. On-chain governance proposal simulations

Customized Alerts:

Hypernative security research team will propose to the Gnosis chain team and community a set of 10 customized alerts in addition to the above out of the box detections to be configured and monitored for abnormal specific behaviors.

Custom agent is a template mechanism Hypernative offer today to its customers to create specific threshold/dynamic based detections.

Alert channels with vetted access

It is recommended due to the problematic nature of security alerts that only vetted users from the Gnosis community will be able to join the relevant channels.

This can include teams from the 6 largest TVL projects in the Gnosis chain, Gnosis chain team members and security advisors or any other vetted person.

Hypernative security research team will also have a dedicated security researcher ready to root cause and investigate any critical alerts and work with the relevant projects or partners of Hypernative to mitigate and limit exposure.

Protocols discount

As part of this offer any protocol building on Gnosis chain and want to directly integrate with Hypernative alerts and have access to the platform automated prevention playbooks

Will receive a 15% discount for the first year

Offer Grant Requested

$50K USDC paid yearly
$18K xDAI paid yearly

why not make this (read only) accessible to every community member? Maybe a subset of alerts, were it isn’t prudent to make it public right away, can be defined. But imo in general all DAO members should have access to this information.

In our opinion some alerts are too sensitive to be shared un-controlled, think for example that we have an alert about a hack about to happen or vulnerability that is found, a malicious actor might abuse this alert to perform\hijack the attack.
We are open to any model of vetting to allow more users to participate in these channels, the goal in the end is to prevent and mitigate exposure of security incidents across entire Gnosis Chain

Want to emphasize the objective of this proposal:

a. Augment and help the community with investigating and handling security incidents chain wide and helping any Gnosis chain project investigate security concerns / disclosures with the team if needed upon a report/flagging of suspicous behaivour by our platform

b. Help the projects built on Gnosis chain to get partial real time security offering and help them handle security incidents with an experience team and partners and hopefully also prevent them (And detect anomalies and suspicious activity targeted at their protocols in real time)

c. Help fight and detect chain wide phishing/scamming and fraud campaigns, this data can be integrated into wallet providers or shown globally to the community to help make Gnosis chain the safest chain

Fully understand that some alerts shouldn’t be made public (e.g. Hacks and exploits warnings in various vectors and for various vulnerabilities) until they are fixed, but also you mention alerts that imo should be brought to attention to the whole crowd asap (e.g. Suspicious or Malicious contracts deployed) and others where I don’t see a need to keep it hidden (e.g. Illicit funds movement and all you mention at operational allert channel and financal alert channel).

Yes, the non sensitive alerts will be open for everyone to consume

Agree with this point.
And for those items that should not be 100% public, I wonder if #circles could be used as a tool to manage that access.