Replace public testnets with Virtual TestNets synced with mainnet state. Get started!

Raising the Bar in DeFi Security - Tenderly and Hackless Technical Partnership

How can Tenderly raise Hackless' ability to prevent and react to DeFi hacks, the value of what Hackless is doing and how this partnership will improve the DeFi security standards.

Raising the Bar in DeFi Security - Tenderly and Hackless Technical Partnership

In this post

The DeFi space is steadily growing, and with it, the number of exploits and hacks individual users, as well as whole protocols, are experiencing. Hackless is aiming to tackle this issue in collaboration with the Tenderly team - so let’s dive straight into it.

As a multi-service security platform that helps DeFi protocols and investors keep their funds safe and mitigate risks of suffering hacker attacks, Hackless is currently executing the following workflow at its core:

  • When a DeFi protocol comes under attack, it is paused immediately
  • Hackless works with the protocol in order to properly identify and fix the vulnerability, as well as deploy a new (secure) protocol version
  • Hackless creates a bundle of transactions in order to migrate funds to the new protocol version
  • By relying on MEV (private mining), bundled transactions are guaranteed to be executed in that exact order and within one block, which leaves no room for malicious actors to drain liquidity
  • The transaction bundle consists of the following:
    (1) “Unpause” a protocol that is currently under attack
    (2) “Migrate” the funds to a new (safer) protocol
    (3) “Pause” the original protocol again

Both teams have talked on several occasions about how this workflow could be improved, and we came to the conclusion that Tenderly could significantly extend the ability of Hackless services to predict and timely react to unexpected transaction outcomes - by integrating our Simulator feature. The Simulator enables accurate predictions of transaction outcomes while they are still in the mempool, as well as testing any proposed solution or scenario (with custom parameters), to make sure the problem is truly solved before sending transactions on-chain. This will be well complemented by our robust Debugger in order to quickly and accurately identify the source of the problem and test possible optimizations.

In turn, Tenderly will gather invaluably detailed data on the hacks and their solutions as they occur, in order to further improve our existing feature set and better cater to market needs, as well as inform the possible development of new services. One of the areas where Hackless’ security experience will be very valuable is the further development of our Alerting feature, in order to make it more powerful when it comes to timely detecting and notifying the user about a whole range of suspicious activities on smart contracts and account wallets.

With this collaboration, we are aiming to extend the depth of the Hackless’ workflow in order to prevent and not react to the majority (ideally all) of the hacks by being able to “predict the future” in the form of transaction outcomes, as well as learn as much as we can about the tools Web3 community needs to tackle this and other similar issues. In the future, we will be providing Hackless (as well as everyone else) with a mempool monitoring feature, which should further strengthen the ability to mitigate various hacks and exploits.

You can read more about how exactly Hackless safely migrates funds from a protocol under attack, and how they already managed to save a part of the VAIOT project’s funds in the recent attack.