By Demian Brener, CEO, and Roy Zanbel, Head of Product
What is Defender?
OpenZeppelin Defender is a mission-critical developer security platform to code, audit, deploy, monitor, and operate blockchain applications with confidence. Integrating directly into the developer workflow, Defender makes it easy and fast for developers and operators to prevent and fix security issues pre and post deployment. Built as the result of 7 years developing and auditing the world’s most popular smart contracts, Defender embeds OpenZeppelin’s industry-leading expertise and world-class intelligence across all stages of your project’s lifecycle.
Security as a first principle
From price oracle and reward manipulations, to stolen private keys, access control and governance attacks, billions of dollars are lost every year due to hacks arising from the lack or ineffective implementation of security measures.
In our experience developing the OpenZeppelin Contracts library and performing 370+ security audits, it became clear that exploited projects could have dramatically reduced losses by implementing secure development processes, robust operational security, and instant detection and response to incidents.
Since launching Defender 1.0 in October 2020, we’ve seen 15,000+ blockchain developers adopt the platform to secure and automate their smart contract operations. Developers from top protocols like Compound and Matter Labs are using Defender to monitor threats and automate the execution of governance proposals. We’ve also seen institutions like ANZ bank using Defender to launch the first bank-issued stablecoin in compliance with evolving regulations.
Now, we are excited to announce Defender 2.0, a significant leap forward for the platform.
What’s new?
Today, we are introducing four major developments for Defender 2.0, as well as a new, deeply integrated user experience:
- Secure Code: automatic code analysis on every PR
- Secure Audit: a streamlined workflow for audits to track issues and resolutions
- Secure Deploy: automated security features for successful deployments and upgrades
- Monitor, Respond, and Operate: tools for instant detection and response to incidents
1. Secure Code
Developing secure smart contracts is a daunting task. Therefore, security must be baked in from your first line of code.
The OpenZeppelin Contracts Library already provides security best practices, community-vetted code, and the most commonly adopted ERC standards. However, starting with secure building blocks is just the first of many layers of security when writing code.
Surfacing issues early in development is a key practice for healthy, fast-moving projects. Existing static analyzers and fuzzers have become popular tools among security researchers, but high false-positive rates and complex outcomes make them hard and time-consuming for non-security experts to use.
Defender 2.0’s Code module provides developer-friendly automatic code analysis powered by our machine learning models and state-of-the-art tools. For every push to your code on GitHub, the Code module identifies potential vulnerabilities and suggests improvements to enhance your code quality, including:
- Dependency Scan: Minimize existing vulnerabilities in your imported libraries and dependencies based on our large database of known vulnerabilities and contracts.
- Test Suggestions: Identify opportunities to apply fuzzing tests to functions, providing you with areas where further testing could prove beneficial.
- External Call Safety: Safety of external calls, highlighting any instances that might pose a severity concern.
- Standard Compatibility: Check the compatibility of your contracts with established standards, such as ERC20, ERC721, ERC1967, and ERC4626, flagging potential compatibility issues.
- Reentrancy Attack Vectors: Identify potential reentrancy attack vectors at both the file and function level, enhanced by our machine learning models.
- Efficiency and Security Practices: Highlight areas in your code where improvements can be made for better performance and flag potential security risks, enabling you to optimize and secure your contracts more effectively.
Thanks to its native GitHub integration, the Code module fits naturally in the CI/CD pipeline of your public and private repositories, enabling all developers to strengthen their code’s security without slowing down the team.
2. Secure Audit
The code phase is wrapping up and it’s time for a security audit.
Since OpenZeppelin’s first audit in 2016, security audits have become a mandatory requirement before deploying or upgrading smart contracts. However, managing audits and review processes remains a cumbersome experience, forcing you to sort through multiple Slack messages, emails, PDF versions, and spreadsheets.
With the new Audit module, you can now easily track audit issues and resolutions, and iterate directly with auditors for faster and more efficient communication. By streamlining the process, auditors can focus their time on finding the most critical bugs, yielding better results for your project, reducing time, cost and complexity.
The Defender 2.0 Audit module also adds efficiencies before an audit even starts through the Code module’s analysis reports, providing your team with actionable recommendations to better prepare for an audit and thus optimize your time and budget. In our experience as auditors, projects using OpenZeppelin’s Contracts library and implementing fixes surfaced by the Code module can save significant amounts of time, resulting in lower price quotes from any audit firm.
3. Secure Deploy
You've crossed all the t's and dotted and the i's, the time has come to deploy or upgrade your project.
Deploying immutable code or upgrading multi-million dollar systems securely without outbreaks or losses can be a nerve-wracking experience for many. Often, upgrades can take several weeks to prepare and execute due to complex contract landscapes, unique upgrade processes, unexpected scenarios, and reverted transactions — slowing down delivery timelines, increasing the likelihood of errors, and wasting lots of gas in the process.
The new Deploy module now offers a suite of automated features for a secure deploy and upgrade process. It ensures your team executes the deploy or upgrade in compliance with security best practices, so you can minimize risk while avoiding unnecessary delays and post-deployment surprises.
By adding just 5 lines of code to your existing Hardhat (and soon Foundry) deploy script configuration, you can automatically:
- Test deployments and upgrades on testnets and local mainnet forks, mimicking mainnet setup as close as possible.
- Deploy to the same address deterministically across any network, with automatic explorer verification.
- Via bytecode verification, ensure that your deployed code was the correct version audited and matches your compilation files.
- Avoid incompatible changes and storage collisions with automatic checks on your upgradeable contracts.
- Use relayers to automate the payment of gas fees without worrying about private key secure storage, transaction signing, nonce management, gas pricing estimation, front-running or resubmissions.
- Share audit results and detailed information about an upgrade to your Safe signers or community, allowing them to trace, verify and review before executing a transaction, which can prevent mistakes or malicious proposals from passing.
Additionally, the Deploy module integrates with Safe app and Fireblocks for multisig and MPC wallet approvals, as well as OpenZeppelin Contracts library Timelock and Governor for secure on-chain governance.
4. Monitor, Respond, and Operate
Even if you have followed all security best practices before going live, your team must remain vigilant for potential ‘black swan’ events or vulnerabilities outside of the scope of your project, like a bridge or the Solidity compiler. The impact of vulnerabilities can be catastrophic if a project is not prepared.
Existing tools do allow projects to monitor smart contract activity, but the challenge remains knowing what risks and behaviors to monitor – and what to do about them if they occur. Slow detection and remediation can result in millions of dollars in user funds lost.
Defender 2.0 helps your project reduce detection and remediation times by giving you full visibility into your smart contracts' risks and behaviors, and providing your team with the right tools to react quickly (if not automatically) in case of an incident.
With the new Monitor module, you can:
- Start detecting threats with just a few clicks by leveraging pre-built monitoring templates for governance, access control, technical, suspicious activity, and financial risks. Templates are automatically recommended based on the nature of your contracts by analyzing your contracts’ addresses.
- Natively integrate with Forta for expanded threat detection capabilities using machine learning.
- Get alerts on threats and anomalies on Slack, Telegram, PagerDuty, OpsGenie, Discord, email, or via webhook.
- Forward logs to Datadog or Splunk.
In tandem with the Monitor module, the new Incident Response module allows you to:
- Configure predefined scenarios, triggered automatically by monitors or on-demand, to immediately react to threats. Pre-built templates are available to guide your team through common Incident Response scenarios such as unauthorized contract ownership change, compromised private keys, or pausing certain protocol operations in case of an emergency.
- Define approvers depending on an action’s risk profile, simplifying operations and enhancing security.
- Protect from front-running attacks when reacting to incidents using Flashbots integration.
- Conduct attack simulations and test real-world scenarios on a forked network, strengthening your team’s preparedness and security posture.
- Upload operational runbooks as PDFs and associate them to scenarios for quick decision and execution.
Beyond incident detection and remediation, you can extend the Defender 2.0 platform with custom code, using the new Actions module to automate workflows for both on-chain and off-chain operations.
Finally, with the Access Control module, you can oversee and command smart contract permissions on a grand scale, with the power to view and control access at a granular level.
The Vision
Defender 2.0 is our most important step yet in our mission to protect the open economy.
OpenZeppelin’s vision is to build the end-to-end security solution for blockchain applications. As part of this vision, we aim to redefine how security is implemented at every stage of the blockchain development lifecycle, providing startups, enterprises, institutions, and DAOs the most comprehensive combination of tools, processes, and people to succeed.
Our success is only possible if we help secure our clients’ and the wider community’s blockchain success. Beginning with a centralized platform, OpenZeppelin will work to progressively decentralize Defender modules, finding opportunities to create new, permissionless, community-based networks in the spirit of Web3 (e.g. the Forta Network was our first initiative in this direction).
We will continue working closely with clients and partners, as well as investing in even more integrations with the ecosystem and community. Our current footprint supports 30+ networks and 15+ integrations, as well as continued efforts building the open source Contracts library as a public good for all.
Getting started
Whether you are coding smart contracts, engaging with auditors, deploying or upgrading to a new version, or running your system on-chain, Defender 2.0 is the best way to strengthen your project’s security posture and minimize risk.
Defender 2.0 is currently in beta phase. We’ll be rolling out access to both existing OpenZeppelin Defender 1.0 users as well as new accounts upon request:
- To join the group of teams already using Defender 2.0, request early access to the new modules.
- To explore the benefits of using Defender 2.0 and learn how it can help strengthen your project’s security, request a demo
- If you are building an L1 or L2 network and want to make Defender 2.0 available to your developer ecosystem, talk to our team.
Defender 2.0 can also be implemented and extended using our team of world-class security experts, who can work alongside your team to move through each phase of the development lifecycle including: audits, advisory, threat modeling, system integration, and incident response preparation services.
What does this mean for existing Defender users?
Defender 2.0 provides a new, deeply integrated user experience, coupled with more powerful features and an expanded scope.
Defender 2.0 is currently in beta phase and access will be provided upon request. You can join the waitlist here. Once access to the new version is granted, your account will be automatically converted to the new 2.0 experience, maintaining existing configurations, with no additional action required from you or your team. All Defender 1.0 features are supported in 2.0, meaning there are no breaking changes between versions.
Based on the learnings from onboarding users to the new version, we will define and communicate a timeline when Defender 2.0 becomes the de-facto version and v1.0 stops getting maintained. For more information about the changes and updated terminology, please refer to the Defender 1.0 FAQ