FAQ

What is a Firewall for smart contacts?

A Firewall for smart contracts is a modular framework composed of an on-chain layer designed to protect blockchain applications by enforcing security policies directly within the blockchain's operational layer. This allows the Firewall to halt any transactions that fail to meet predefined security criteria, ensuring that only legitimate and secure operations affect the blockchain's state.

What is Firewall policy?

A Firewall policy is a set of rules and conditions defined within a smart contract to regulate the behavior of transactions within a blockchain application. These policies enforce security checks both pre and post-execution, ensuring that all transaction operations adhere strictly to the established security criteria. If a transaction does not satisfy these conditions, the policy triggers a revert of the transaction, effectively preventing any potential security breach or malicious activity from impacting the blockchain's state.

How can the Firewall help protect my applications?

The Firewall helps protect your applications by providing a robust, on-chain security layer that secures every transaction before and after its execution. It enforces predefined security policies, which can include validations against unauthorized actions, verification of transaction integrity, and compliance with security protocols. This proactive approach ensures that only transactions that meet stringent security standards can alter the state of your application, thereby preventing potential exploits and vulnerabilities from causing damage.

What types of threats does the Firewall protect me from?

The Firewall protects against a broad range of threats that target blockchain applications, including:

  1. Reentrancy Attacks: These occur when external contract calls within a transaction are maliciously designed to drain funds or disrupt contract logic.

  2. Flash Loan Attacks: These exploit the decentralized finance (DeFi) protocols by borrowing large amounts of assets and manipulating market prices or liquidity pools within a single transaction block.

  3. Phishing and Social Engineering: By enforcing strict transaction verification, the Firewall prevents unauthorized transactions that could be initiated by deceptive practices.

  4. Zero-Day Exploits: It mitigates unforeseen vulnerabilities in smart contract code that haven't yet been discovered or patched.

  5. Unauthorized Admin Actions: Through specific policies, the Firewall can restrict administrative functions to predefined conditions or authorized parties.

  6. Transaction Flow Manipulation: Ensures that the sequence and logic of transaction calls adhere to the expected patterns, preventing manipulation of transaction flow.

By deploying customized policies tailored to the specific needs and threat models of your application, the Firewall offers a comprehensive, on-chain solution to safeguard against these and other emerging security challenges.

Can I set up custom Firewall policy?

Yes, you can set up custom Firewall policies tailored to the specific security needs of your application. The Firewall framework allows you to define and implement various security rules that govern how transactions are processed. These policies can be configured to address unique operational requirements, risk profiles, and threat landscapes specific to your application.

You have the flexibility to create policies that:

  • Validate transaction parameters against predefined criteria.

  • Enforce rules for transaction sequences and interactions.

  • Restrict or allow certain types of transactions based on their origin or intent.

  • Combine multiple security checks using logical operators for more granular control.

This customization capability ensures that your application not only meets standard security protocols but can also evolve with new threats and compliance requirements effectively.

Can I edit or update deployed Firewall policies?

Yes, you can edit or update Firewall policies as needed. This flexibility is essential for maintaining robust security as threats evolve and new vulnerabilities are discovered. The Firewall framework is designed to allow you to dynamically update policies without disrupting the ongoing operations of your application.

Here’s how you can manage updates:

  1. Modify Existing Policies: You can change the conditions, rules, and behaviors defined in existing policies to adapt to new security requirements or to enhance the effectiveness of your security measures.

  2. Add New Policies: As new threats emerge, you may need to implement additional policies. The Firewall allows you to add new policies seamlessly to address these threats.

  3. Deactivate Policies: If certain policies become obsolete or unnecessarily restrictive, you can deactivate them to optimize performance without compromising security.

How do I test my Firewall configurations?

To test your Firewall configurations effectively, you can follow these steps:

  1. Dry Run Mode (recommended): Utilize the dry run mode of the Firewall. This mode allows you to deploy your policies to see how they interact with your application without actually affecting the blockchain state. It helps identify any issues with policy enforcement before going into Active mode.

  2. Automated Testing: Implement automated test scripts using frameworks like Truffle or Hardhat. These tests can simulate various attack vectors and benign transactions to ensure that your policies behave as expected under different conditions.

  3. Testnets: Deploy your Firewall configurations on a testnet to conduct live transaction tests.

  4. Review: Regularly review your security configurations and their implementations.

These methods will help ensure that your Firewall configurations are robust and capable of protecting your application against real-world threats.

What networks does the Firewall support?

The Firewall is designed to be highly versatile and supports a wide range of networks, particularly those based on the Ethereum Virtual Machine (EVM).

This includes:

  1. Ethereum Mainnet

  2. Layer 2 Solutions

  3. Sidechains

  4. Rollups

  5. Other EVM-Compatible Blockchains

What is the cost of using the Firewall?

The Firewall and its platform are open source and available without paywalls, making it freely accessible. Most of the Firewall policies are also open source. However, advanced policies like the "Approved Patterns", which utilize AI models, do incur costs. For specific pricing details on this policy, please contact us.

How does the Firewall impact gas usage?

Using the Firewall slightly increases gas usage due to the additional computations required to check transactions against the security policies. The exact impact on gas costs depends on the complexity and number of policies being enforced. Typically, this results in an added gas cost ranging from 5% to 20%. However, this trade-off is crucial for ensuring enhanced security and protection for your blockchain applications.

How can I integrate the Firewall with my smart contracts?

Integrating the Firewall with your smart contracts involves a few key steps:

  1. Inherit the Firewall modifiers: Start by inheriting the necessary Firewall modifiers in your smart contracts. This allows your contracts to interact with the Firewall and utilize its functions.

  2. Deploy Firewall Contracts: Deploy the Firewall contract on your chosen network. This contract will handle all the security policies and checks.

  3. Connect Contracts to the Platform: Upload your smart contracts to the platform using our dedicated interface. This enables you to manage the Firewall and policy settings more easily and effectively.

  4. Define Security Policies: Determine the specific security policies that you want to enforce.

  5. Test and Optimize: Test to ensure that all security checks are functioning as expected.

Last updated