Frequently Asked Questions
What does MonitorChain look for and alert?
MonitorChain tracks the major characteristics of Ethereum tokens that change or are violated in the case of a major theft or code exploit. Among the conditions we monitor:
- Changes in total supply in violation of the minting conditons of a token
- Known exploits such as the BatchOverflow attack vector
- Smart contracts holding or controlling significant portions of a token’s supply transferring tokens in a manner than violates the conditions of the smart contract itself
Does MonitorChain send alerts on tokens built on other blockchain platforms?
Currently MonitorChain only supports tokens built on Ethereum. We intend to add support for tokens on additional platforms including NEO and Stellar in the near future.
Why does MonitorChain cost money?
While we try to price MonitorChain as affordably as possible, the high degree of manual work required to build and maintain our alerts and provide top quality service to our customers requires that we charge a fee for usage of the service. If MonitorChain’s subscriptions are out of price range please feel free to contact us, as we do offer discounted rates for small startups and non-profit entities.
If a token smart contract has been audited, does it really need to be monitored?
Independent smart contract audits are essential whenever large sums of money are involved, and go a long way to reducing the risk of exploit and theft; they are not infallible however, as even the best auditors may miss vulnerabilities. These audits also cannot take into account undiscovered future vulnerabilities, along with certain cases of human error or deception. MonitorChain works along with smart contract auditing to provide an extra layer of security and minimize damages should an exploit or theft occur.
Can I integrate MonitorChain into my own smart contract?
Yes. A primary use case of MonitorChain is for exchanges, dApps and token creators to use MonitorChain as an oracle within their own smart contracts to take preventative actions such as suspending trading of a token that MonitorChain has detected as likely exploited. You can do this as you would use any smart contract oracle. We also provide assistance in this regard for a fee as part of our custom packages.
How do I receive alerts?
Alerts are received via the Ethereum address you use to subscribe. When MonitorChain detects a suspicious action, it notifies all subscribing addresses, which in turn respond to receive the notification. The entire process is automated and does not cost additional gas fees for subscribers. The alerts can be integrated with existing tools both on and offchain, and for enterprise level clients we assist you directly with this process.
How do I cancel my subscription?
Subscriptions once placed cannot be formally cancelled due to the nature of prepayment on the Ethereum network. Our subscription function does allow you to shift your subscription to different tokens. Since all subscriptions are prepaid, no recurring billing will occur if you simply allow your subscription to expire.
Can I receive alerts to multiple Ethereum addresses?
At the current time no. We intend to add this feature soon.
Can I receive alerts by phone, email, or social media?
Currently this is only available via custom implementation or if manually configured by your own development team. We hope to add additional alert methods soon.
Does MonitorChain prevent hacks and exploits from occurring?
Not directly. We leave smart contract auditing to the many excellent firms that provide such services.
What if MonitorChain sends an incorrect alert?
While we strive to maintain accuracy and only provide alerts in cases where there is a high probability of token code exploit or major theft, there is always a chance of false alarms. For this reason, depending on your own use case and risk profile, you may wish to manually review alerts before taking action such as suspending trading of a token or publicly announcing a breach to your users.
Does MonitorChain detect all hacks and vulnerabilities?
While we try to detect all signs that a token has been compromised or a large locked reserve stolen, it is impossible to catch everything. We aim to detect the vast majority of exploits, and regularly update our detections to catch any new methods or known vulnerabilities.
Can you add custom monitoring conditions for my token?
Absolutely. We are happy to work with token creators to track additional smart contracts and specific custom conditions to provide the most accurate set of alerts. Please contact us to begin the process.
MonitorChain is tracking an incorrect smart contract condition on my token, what should I do?
Most of our monitoring conditions are automated by reading smart contract code and testing method validity, so we suggest first reviewing your own code to ensure you have not missed something. Occasionally however mistakes can be made, if you believe this to be the case please contact us and we will review on a case by case basis.
Is there a demo of MonitorChain on the testnet I can review and check implementation before subscribing to the paid feed?
Yes, our Github contains a number of sample integration libraries, and we have built a demonstration exchange and a handful of insecure Rinkeby testnet token contracts which can be used for demonstration, testing, and integration sandboxing.