Sec3 logo — Solana smart contract security firm
Back to Blog
Tools

Announcing sec3 WatchTower

Sec3 Research Team

We are glad to announce the first release of sec3 WatchTower: an in-situ threat monitoring service for Solana smart contracts to detect, prevent and stop security attacks in real time.

sec3 WatchTower has three features:

  1. Pro-active monitoring: it alerts suspicious attacks even before they actually happen. This capability is uniquely powered by sec3’s smart monitor engine based on the Solana programming model. More technical details can be found in this article.

  2. Customized monitoring: it monitors customized security policies including protocol-specific cross-transaction rules and cross-chain invariants.

  3. Anomaly monitoring: it detects abnormal transactions through continuously-learned and auto-tuned invariants in sec3’s smart monitor engine.

In addition, WatchTower provides a list of built-in default monitors for common attacks, such as:

  • abnormal token transfers
  • rug pulls
  • flash loans
  • fake input accounts
  • round-trip-trades
  • cross-chain bridge attacks

A dashboard of sec3 WatchTower is shown below:

[Screenshot: WatchTower dashboard showing the Projects & Bots sidebar with "demo" and "babyshark" projects, 29 Critical alerts of type AbnormalTransferToken listed in the main panel] The following screenshot shows WatchTower alerts on the wormhole attack (reproduced in sec3’s testing environment):

The reproduced wormhole attack, detected by sec3 WatchTower

[Screenshot: WatchTower alerts for the reproduced wormhole attack showing 2 Critical WormholeBot_VIP-hack alerts -- one warning "the bridge contract may transfer out 12000000000000 tokens in the next few transactions" and another warning "the input sysvar account is faked"] The reproduced wormhole attack, detected by sec3 WatchTower

How To Use sec3 WatchTower

WatchTower is currently open to a few selected pilot users only. If you are interested, please sign up here.

After creating an account, follow the steps below to use the service:

1. Add a new project:

[Screenshot: WatchTower Monitor empty state with "Add projects to monitor your contracts" prompt and an "Add a new project" button] Step 1: “add a new project”

[Screenshot: “New Project” dialog with a text field prompting “Please enter a name for your project” filled with “babyshark-smart-contract” and a “Create Project” button] Step 1: “add a new project”

2. Add your smart contract addresses and aliases:

[Screenshot: "Add target addresses to your project" prompt with an "Add an address" button] Step 2: “add smart contract addresses”

[Screenshot: “Manage Project - babyshark-smart-contract” page showing an Address Book table with four smart contract addresses and their aliases (shark, whale, seabass, nemo), plus an “Add new address” button] Step 2: “add smart contract addresses”

3. Add new bots:

[Screenshot: Bot List section with “Add bot to monitor your project” prompt and an “Add a bot” button] Step 3: “add and configure new bots”

[Screenshot: "New bot" configuration form for an AbnormalTransferSol bot named "AbnormalTransferSol-shark-whale" with target addresses "shark" and "whale" selected, severity set to Critical, a notification email field, and a threshold parameter (default: 100)]

[Screenshot: "Choose a Bot Type" page showing nine available bot types: AbnormalTransferSol, AbnormalTransferToken, ContractUpdate, MultiCall, FlashLoan, RoundTripTrade_VIP, RepeatedSameSigner_VIP, FakeInputAccount_VIP, and CrossChainTransferAnomaly_VIP, each with a description and "Choose This Bot" button] Step 3: “add and configure new bots”

4. View alerts:

[Screenshot: WatchTower alerts view showing 1 Critical alert for "AbnormalTransferSol-shark-whale" under the "babyshark" project, with details including bot type, transaction link, target addresses, threshold, and the message "The smart contract is transferring SOL"]

About sec3 (Formerly Soteria)

sec3 is a security research firm that prepares Solana projects for millions of users. sec3’s Launch Audit is a rigorous, researcher-led code examination that investigates and certifies mainnet-grade smart contracts; sec3’s continuous auditing software platform, X-ray, integrates with GitHub to progressively scan pull requests, helping projects fortify code before deployment; and sec3’s post-deployment security solution, WatchTower, ensures funds stay safe. sec3 is building technology-based scalable solutions for Web3 projects to ensure protocols stay safe as they scale.

To learn more about sec3, please visit https://www.sec3.dev

Related Posts

Tools

Announcing sec3 X-ray Security Scanner

sec3 X-ray scanner software is a security scanner specifically designed for Solana smart contracts. sec3 X-ray can detect more than 50 types of security vulnerabilities and can be integrated into the GitHub CI development process. Integrating sec3 X-ray into your protocol's development process can shift security practices left, reduce costly security issues, and speed up time-to-market. sec3 Xray has been adopted at leading Solana Protocols; try it out today!

Read more
Tools

CashioApp Attack - What’s the Vulnerability and How Soteria Detects It

The Cashio stablecoin (CASH) protocol recently lost $50M in an attack. The attacker was able to mint 2,000,000,000 CASH tokens for almost free. The root cause is a vulnerability in the Cashio’s brrr smart contract. Soteria team conducted an in-depth analysis of the attack. Importantly, the vulnerability can be automatically detected by Soteria’s Premium Auto Auditor. This article elaborates on the details.

Read more
Tools

Announcing sec3 X-Ray Premium

We are glad to announce the first release of Sec3 Premium: an auto-auditing service offered by Sec3 team to scan a large list of security vulnerabilities in Solana smart contracts.

Read more