Cyvers Alerts

Cyvers security alerts users to any events or incidents that may pose a security risk within the protocol or chain.

How to setup Cyvers Security Alerts.

  1. Under Signals section click on Add Subscription button under Security-Cyvers. The button is highlighted in black box in screenshot below.

  1. Clicking on Add Subscription button will prompt you to fill in essential fields to create a Security-Cyvers alert subscription. Fill in the fields and click on Add button (located below the input fields). Please refer to the screenshot below. Note: Description regarding the fields is provided below the screenshot.

Fields Description

  • Name: Name for the Alert.

  • Username: The username is a unique identifier displayed when alert is received.

  • Delivery Channel: This field outlines the chosen communication platform for receiving cyvers alerts. Currently Discord and Slack is supported.

  • Webhook: A webhook is a mechanism that allows automated messages to be sent from one system to another. Currently the discord and slack webhook is supported to receive notifications. You can find instructions on how to create a discord webhook here and slack webhook here.

  • Token Address: This refers to the address of the specific token for which you would like to receive the Security Alerts.

  • Protocol: Users can specify a protocol for monitoring.Currently AAVE is supported.

  • Chain: Users can select from a range of supported blockchain networks for monitoring, which currently include:

    • Ethereum

    • Optimism

    • Binance Smart Chain (BSC)

    • Polygon

    • Fantom

    • Arbitrum

    • Avalanche

  • Attack Stage: There are four distinct phases available for subscription:

    • Funding Phase: This phase includes activities like providing funding to contracts, such as in the case of tornado cash funding.

    • Preparation Phase: Users can opt to track the preparation phase, which involves the creation of attacker contracts.

    • Exploitation Phase: This phase covers actions like draining funds from contracts, which can have significant security implications.

    • Money Laundering/Post Exploitation Phase: Here, users can monitor activities like sending funds to tornado cash or on-chain text messages following an attack.

  • Severity: Specify how severe the alert is. ("Low", "Medium" and "High") .

  1. Upon clicking on the Add button, a subscription notification popup will be displayed on the lower left. See the snapshot below for reference.

  1. An example of Cyvers security alert received on Discord is provided below for your reference.

The information provided in the screenshot above consist of the following fields:

  • Time of the Attack

  • Network of the Attack ("Ethereum Mainnet" or "Binance Smart Chain" for now but there are more to come)

  • Severity ("Low", "Medium" and "Critical") - show how severe the attack is.

  • Alert ID - What kind of vulnerability was used for the attack.

  • Attacker Address - what is the address of the human attacker behind the attack. For the most part it is a blank address because they are using mixers so that they cannot be traced.

  • Exploit Address - because the attacks are fairly sophisticated and involve a lot of steps and logic which has to happen in a quick succession they are done through an exploit smart contract which contains the logic behind the attack. This field contains the smart contact behind the attack.

  • Victim Address - This is the smart contact address of the victim of the attack.

  • Transaction Hash - This is the transaction hash which initiated the attack.

  • Block Number - This is the Block number in which the attack has been verified.

  • Block Timestamp - This is the Unix timestamp in which the block of the attack has been verified.

  • Chain Name: Name of the blockchain network's name.

  • Block Number: This heading provides the block number (19015020) on the Ethereum blockchain, suggesting that the security alert is associated with this particular block.

  • Transaction : This implies a transaction hash that provide details related to a specific transaction.

  • Risk Type: This heading specifies the type of risk involved, indicating that the incident is related to a "Smart Contract Exploit."

  • Attack Stage: This heading specifies the current stage of the attack, indicating that the exploitation phase is underway or has occurred.

  • Alert Severity: This heading communicates the severity level of the alert, classifying it as "Low."

  • Involved Addresses: This heading indicates that there are addresses associated with the security alert.

  • Address: Similar to the previous "Address" headings, this implies a field for an address, possibly for further details or context.

  • Value Lost: This heading indicates the amount of value lost in the incident, with the value specified as 0 dollars, suggesting that no monetary loss occurred in this particular case.

Last updated