Forta Bug Bounty

Details

The Forta Network is a real time threat detection network for web3. It analyzes transactions and blocks in real-time to identify bad entities, like scammer addresses. Identifying what is bad is a negative reputation approach.

A complimentary approach is a positive reputation approach to identify what is good. This can be utilized in security relevant policies (e.g. show a green checkbox when interacting with a good entity or apply it as a false positive mitigation to a negative reputation approach).

The goal of this bounty is to develop a supervised machine learning model that identifies reputable smart contracts. Forta provides a labeled dataset of reputable and scammer/ malicious smart contracts as well as data access to an blockchain indexing service (Zettablock). You need to deliver a supervised machine learning model that can take a smart contract address and classify it as reputable or not. The precision should be extremely high (i.e. no scammer or malicious smart contract should be labeled as reputable) even if recall is not very high on a per contract address basis. Traffic weighted, the model should identify 80% of contract transactions as reputable.

Three high level areas should be considered by the model as a source of positive reputation:

• the contract code (bytecode and/or source code) (e.g. the contract is source code verified and adheres to ERC-20 interface)
• the deployer (e.g. the age of the deployer)
• how the contract is used (e.g. how many transaction it has received over the last 30 days) and characteristics of the contract instance (e.g. TVL)

Deliverables

• Python jupyter notebook that trains the model
• Python jupyter notebook can be used for inference given a smart contract address is provided
• Evaluation report of the model taking into account past 30 days of blockchain transactions that interacted with a smart contract (the to address is a smart contract).
• What percentage of all transactions would have been correctly identified as interactions with reputable contracts?
• What percentage of all transactions would have been incorrectly identified as interactions with reputable contracts (aka scammer/ malicious smart contracts)?
• Documentation around data preparation, training and evaluation of the model (can be inline jupyter notebooks)

Candidates applying for the bounty need to have in-depth applied machine learning and blockchain knowledge as well as sufficient python programming and SQL skills. Please share relevant work that demonstrates those skills.

Links

• Website
• Twitter
• Telegram
• Discord