Watchdog: How Protocols Stay Secure on Fantom
In the ever-evolving world of blockchain technology, smart contracts have emerged as a revolutionary force, paving the way for the new base layer of the Web. However, as with any innovation, malicious actors stand ready to exploit vulnerabilities, mainly by targeting weaknesses in smart contracts, which already have led to losses amounting to billions.
To combat this, Fantom has integrated Watchdog by Dedaub, an automated auditing system that analyzes smart contracts continuously for vulnerabilities; since smart contracts are updated frequently with new code, static audits become outdated quickly. Watchdog has been responsible for hundreds of millions in rescued funds.
Several dApps on Fantom use the Watchdog service to monitor their smart contracts. Let’s explore how Watchdog works and the dApps leveraging it to ensure their users’ funds stay secure.
How does Watchdog work?
Watchdog by Dedaub detects and prevents smart contract vulnerabilities by analyzing and monitoring the smart contract code to identify potential vulnerabilities, errors, or malicious code that could be exploited by attackers.
Watchdog’s primary components and functionalities include:
- Static Analysis
Watchdog performs a comprehensive analysis of the smart contract's code without executing it. It checks for known vulnerabilities, coding errors, and adherence to best practices. This step helps identify potential issues before the smart contract is deployed on the network. - Dynamic analysis
Watchdog conducts dynamic analysis by simulating transactions and observing the smart contract's behavior during execution. It identifies any abnormal behavior, loopholes, or vulnerabilities that may not be apparent during static analysis. - Monitoring
Once the smart contract is deployed, Watchdog continuously monitors its execution and transactions. This monitoring enables early detection of potential issues or malicious activities, allowing for timely intervention. - Reporting and alerts
Watchdog generates reports on the analysis results, highlighting vulnerabilities and areas of concern. It also sends alerts to developers or contract owners in case of any suspicious activity or detected issues.
What Fantom dApps use Watchdog?
The list below includes only the top 6 projects that use Watchdog as organized by TVL as per DeFiLlama; the larger the TVL, the greater the need for a robust security system.
SpookySwap
SpookySwap is a decentralized exchange on Fantom that offers deep liquidity, limit and TWAP orders, yield farming, a built-in bridge, and more.
SpookySwap supports cross-chain swaps in collaboration with Axelar, which fills the need for secure cross-chain infrastructure in a world with a growing number of chains.
While the DEX already has been audited fully by CertiK, the audit is from 2021 and might not include the latest features that SpookySwap has implemented.
As such, it uses Watchdog to monitor its platform continuously and ensure full security for its users.
At the time of writing, SpookySwap has a TVL of around $90 million, which increases the need for an automated auditing system like Watchdog further.
Geist Finance
Geist Finance is a decentralized lending market on Fantom on which users can lend or borrow tokens.
Just like AAVE, on which Geist is based, lenders earn yield from borrowers who are charged a fee for borrowing the tokens.
Geist does not have any form of governance or VC involvement; instead, it uses revenue sharing and shares platform fees between GEIST token holders and liquidity providers.
The decentralized lending market has two audits from Solidity Finance and PeckShield, both from 2021, which solidifies the need for a continuous security monitoring system.
At the time of writing, Geist has a TVL of around $46 million. As lending markets do not pose the risk of impermanent loss to liquidity providers, the security needs to be excellent as well to provide the perfect solution for risk-averse token holders, which is achieved with Watchdog.
Beethoven X
Beethoven X is a decentralized exchange on Fantom that leverages Balancer technology to offer users programmable liquidity.
On Beethoven X, users are able to go beyond the traditional 50/50 liquidity pool and access advanced features such as weighted pools, boosted pools, liquidity bootstrapping pools, metastables, and more.
While Beethoven X has an audit from Trail of Bits from 2022, it is releasing new features continuously, such as the BEETS Reliquary, which might not be included in the audit.
As such, the need for a continuous security monitoring system is evident.
At the time of writing, Beethoven X has a TVL of around $43 million on Fantom and around $84 million across every chain it supports, which Watchdog helps to secure.
Equalizer Exchange
Equalizer Exchange is a decentralized exchange on Fantom that is based on the Solidly model by Andre Cronje.
The DEX's fee structure is based on pair stability. Volatile pairs have a 0.2% fee and stable pairs a 0.02% fee. This encourages and maintains liquidity to minimize slippage.
The EQUAL emission token is minted weekly at a rate determined by veEQUAL holders who vote on the pairings whose liquidity providers will receive it.
While the Solidly model has audits, Equalizer does not have an official audit, which increases the need for a service like Watchdog.
At the time of writing, Equalizer has a TVL of around $40 million, which makes Watchdog an important addition to its infrastructure.
Beefy Finance
Beefy Finance is a decentralized, multichain yield optimizer that lets users earn yield on their tokens.
Beefy optimizes rewards by using liquidity pools, automated market-makers, and other yield opportunities across over a dozen chains.
Vaults are the main place users deposit tokens and each has a safety score and a strategy description with an APY breakdown, which gives users a complete overview of their yield strategy.
Even though Beefy has several audits, it is deployed on a variety of chains and requires continuous security monitoring to ensure the users’ funds stay safe.
At the time of writing, Beefy has a TVL of around $39 million on Fantom and around $370 million across every chain it supports, which Watchdog helps to secure.
Curve Finance
Curve Finance is a decentralized exchange primarily focusing on providing low fees and low slippage to stablecoins and wrapped assets.
The platform mainly is used for trading different stablecoins, such as DAI, USDC, and USDT, and other wrapped assets like wrapped Bitcoin (wBTC) and wrapped Ethereum (wETH).
Users can stake their assets in liquidity pools to earn fees from trades and additional rewards in the form of CRV tokens, the platform's native governance token.
While Curve does have several audits, they mainly are from 2020 and might not include the most recent smart contract updates.
At the time of writing, Curve has a TVL of around $24 million on Fantom and around $5 billion across every chain it supports, which makes the need for Watchdog clear.
Other dApps on Fantom that leverage Watchdog to achieve security include:
8PLAY.GAMES | Comb Financial | Curve |
Fantohm | Granary Finance | Hector Network |
Liquid Driver | Multichain | Mummy Finance |
QiDao | Reaper Farm | Scream |
SpiritSwap | Stargate | Synapse |
Tarot | Tomb Finance | Yearn |
Stader | Yoshi Exchange |
How can my dApp use Watchdog?
Watchdog periodically adds to its monitoring list every smart contract on Fantom with a minimum total value locked (TVL) of $5 million, as well as a variety of other projects as requested by the Fantom Foundation. This coverage is vertical agnostic, meaning that projects of any variety may qualify for coverage.
Each project will receive administrative access to see a list of vulnerabilities within their smart contracts at any time. Projects can manually query each smart contract against any exploit recognized by Watchdog.
Projects that do not meet the TVL requirements are encouraged to contact the Foundation, which has direct access to the Watchdog team. To apply for this exception, reach out to the Fantom Foundation at watchdog@fantom.foundation with the following information:
- Project name.
- On-chain smart contract addresses.
- Telegram IDs or e-mail addresses to give admin access.
- Proof that you are the developer/owner of the smart contracts, such as signing a message with the admin key(s) of the smart contract or signing a message with the EOA that deployed the smart contracts.