KIR Quantstamp RT Monitoring: Final Progress Report
Summary
Quantstamp created a RT monitoring system for Klaytn. This status update is the final update in the first phase of the Quantstamp RT Monitoring Project for the Klaytn blockchain.
This document is an update to the engagement and creation of a real-time Security Monitoring Solution (RT-Monitor) to detect any abnormal transactions for the Klaytn blockchain. We customized the different types of analyses based on the needs of Klaytn and on the advice of its team. We were able to build a novel and new way to analyze Klaytn tokens and smart contracts. During this process, we created a product that monitors for overflow issues (that may occur due to malicious minting or the batch-overflow bug), mint/burn events, and contract owner changes. With the integration and use of the monitoring software, Klaytn now has enhanced security monitoring abilities. Klaytn ecosystem and users will now benefit from our experience as researchers, software engineers, and security auditors.
Quantstamp has observed the best processes and models for real-time monitoring solutions and other security measures, these methods have been implemented into the Klaytn real-time security monitoring solution.
Project Milestones and Schedule Update
Milestones:
Ramp Up: Start: October 1st. End: October 9th (Complete)
- Ramp-up on Klaytn Infrastructure (2 days) – The RT Monitor requires a provider node, preferably supporting the standard web3 API, in order to interact with the blockchain. Documentation will be reviewed. This may require discussions with the Klaytn team. The RT monitor system relies on the KAS provided by Klaytn.
- Investigate Klaytn Web3 compatibility (1 day) – The RT Monitor utilizes the standard web3 API to query the blockchain data provider. In order to ensure that our service will behave appropriately with the Klaytn provider (i.e., all used web3 functionality is supported), we must perform testing.
Deliverables: Technical specifications
Port: October 9th. End: October 30th_(Complete)
- Create app infrastructure and pipeline (2 days) Create new app instance for port, configure deployment
- Add tokens to RT Monitor port (2 days) - Quantstamp will configure the RT Monitor to monitor a set of token contracts as provided by the Klaytn team. Testing will be performed to ensure that the monitoring service behaves as expected.
- Rebrand UI (1 week) - Customize RT Monitor branding and style/color scheme, updating links
Testing and QA: Start: November 2nd. End November 27th (Complete)
- Test various systems of the RT monitor - alerts, notifications, detectors
Optional extensions: Can be complete in a follow-up engagement (it will require more time / milestone adjustments)
- Monitoring of non-token smart contracts (1 week+) – If there are Klaytn smart contracts that we wish to monitor that have functionality beyond typical token contracts, the RT Monitor can be extended to support them. For example, we have previously extended the RT Monitor to monitor oracle-based contracts, ensuring that trusted oracles behave as expected. These extensions would be smart contract specific, and would require some additional development and testing. The time-frame of these extensions would scale with the complexity of the desired extensions.
Key Deliverables Update
Week of October 19 – Complete
Introduced to Colin and Andy from Klaytn technical team. Scoped out the technical capabilities of the KAS system.
Week of October 26 – Complete
Provided Colin and Andy access to Quanstamp Ethereum real-time monitoring system. Klaytn team assessed the feature set.
Week of November 2nd – Complete
Quantstamp provided Klaytn team with design and layout of the intended real-time monitoring system for Klaytn blockchain. Klaytn team requested additional features that Quantstamp team implemented.
Week of November 9th – Complete
Quantstamp provided to Klaytn an interactive frontend including the rebranding and restyling to test the interface.
Weeks November 16 and November 23 – Complete
Quantstamp merged front-end and back-end of Klaytn real-time monitoring service. Monitoring system has undergone exhaustive testing and QA.
Week of November 30 – Complete
Delivered final production environment. The final dashboard can be found here:
Budget
List all activities where operating expenses incurred.A detailed summary can be found here.
- a) Budget: 320,614.84 KLAY
- b) List of Activities incurring operating expenses
Klaytn has agreed to make payment to Quanstamp for $20,000 per engineer-week (an equivalent of $500 per hour at 40 hours per engineer week). The effort estimated in this engagement was accurate. The services rendered were delivered in a timely manner. The Quantstamp team met with Klaytn team weekly to keep updated and on time.
Quantstamp delivered the final product to the KIR team. At the completion of the project both teams discussed the final product and the additional features that were completed for Klaytn.
The table below summarized the final expenses for this engagement. You can find access to our budget here:
a. RT-Monitor Licensing Fee
of Tokens Monitored 5 10 11-25
Monthly Fee $5,000 $7,500 $10,000
Notes
- The monthly fee is for a one-year contract. If service would like to be continued after the first year, additional volume-based pricing is available up to three years. (ex. Year 1: 0%, Year 2: 15%, Year 3 and beyond 30%)
- The monthly fee includes near-real time support and troubleshooting for 10 hours each month.
c) Total Budget: NA
Budget Remarks
Licensing Fee $120,000 1 Year Contract, 11 tokens monitored
Integration Service $140,000
Total $260,000 KLAY: 320,614 as 25/8/20