search

ubiquity / ubiquity-dollar

Ubiquity Dollar (UUSD) smart contracts and user interface.
https://uad.ubq.fi
Apache License 2.0
34 stars 91 forks source link

Security monitoring #927

Open rndquu opened 7 months ago

rndquu commented 7 months ago

In case of a security incident we should:

  1. Pause all of the contracts
  2. Notify the core team that something went wrong

Possible solutions for monitoring:

What should be done:

  1. Setup monitoring for LibUbiquityPool. In case of a possible security incident (let's say >30% of liquidity is withdrawn) we should: a) Pause the UbiquityDollarToken b) Pause LibUbiquityPool by disabling collateral
  2. Send notification to https://t.me/UbiquityDAO (you may create a new topic there like Dollar monitoring)

P.S. Mainnet contract addresses can be found here

molecula451 commented 7 months ago

Hi rndqnuu there is another potential monitor solution available at mainnet, https://cyvers.ai/

rndquu commented 7 months ago

Hi rndqnuu there is another potential monitor solution available at mainnet, https://cyvers.ai/

Updated description

0xJoichiro commented 6 months ago

/help

ubiquibot[bot] commented 6 months ago

Available Commands

Command Description Example
/start Assign yourself to the issue. /start
/stop Unassign yourself from the issue. /stop
/help List all available commands. /help
/query Returns the user's wallet, access, and multiplier information. /query @user
/ask Ask a context aware question. /ask is x or y the best approach?
/multiplier Set the task payout multiplier for a specific contributor, and provide a reason for why. /multiplier @user 0.5 "multiplier
reason"
/labels Set access control, for admins only. /labels @user priority time
price
/authorize Approve a label change, for admins only. /authorize
/wallet Register your wallet address for payments. /wallet ubq.eth
gitcoindev commented 6 months ago

@0xJoichiro I received the notification, can you please add a comment with /start command instead of /help now to have the issue assigned to you?

0xJoichiro commented 6 months ago

/start

ubiquibot[bot] commented 6 months ago 
# Skipping to register a wallet address because both address/ens doesn't exist
gitcoindev commented 6 months ago

/query @0xJoichiro

ubiquibot[bot] commented 6 months ago 
! action has an uncaught error
gitcoindev commented 6 months ago

@0xJoichiro could you please try to register your wallet address for payouts using /wallet 0xYOURETHWALLETADDRESS command ?

0xJoichiro commented 6 months ago

@0xJoichiro could you please try to register your wallet address for payouts using /wallet 0xYOURETHWALLETADDRESS command ?

yes sir,I'll create a wallet and try this asap

0xJoichiro commented 6 months ago

/wallet 0x2C35d567b68Adf4FcE2b89e9c0aE70Ea119C209A

ubiquibot[bot] commented 6 months ago 
+ Successfully registered wallet address
0xJoichiro commented 6 months ago

/start

ubiquibot[bot] commented 6 months ago

DeadlineFri, May 10, 11:58 AM UTC
Registered Wallet 0x2C35d567b68Adf4FcE2b89e9c0aE70Ea119C209A
Tips:
0xJoichiro commented 6 months ago

@gitcoindev does this work as a draft PR https://github.com/ubiquity/ubiquity-dollar/pull/938?

Yes, please mark it as ready for review when it will be ready.

molecula451 commented 6 months ago

@0xJoichiro the message it's not clear do you think the PR is ready to review?

0xJoichiro commented 6 months ago

@0xJoichiro the message it's not clear do you think the PR is ready to review?

It seems that someone else has editted my message there for response to my previous comment

ubiquibot[bot] commented 5 months ago 
# These linked pull requests are closed:  <a href="https://github.com/ubiquity/ubiquity-dollar/pull/938">#938</a>
molecula451 commented 5 months ago

@rndquu OpenZeppelin Defender seems a straightforward as an initial solution to plug-in to the repo. Altho it relies on a specific account (email) for most of the tools like monitoring.

Requirement:

Sign Up (ask email) then email access image

Do you suggest a new email for the organization or any mail to achieve the task and then move on to updates?

image

0x4007 commented 5 months ago

Any email and then switch it to an org email later I suppose.

I'm not sure what the best solution is here because we don't really have a traditional email infrastructure.

There is a dynamic catch all email. You can make up any name @ our domains and it will go into my inbox basically.

In theory I can code a cloudflare router to forward messages to one address to many emails which seems like the best solution for fast information diffusion.

molecula451 commented 5 months ago

I think after the integration then update to an email with dollar-monitor@ubq.fi would do!

suminc7 commented 5 months ago

/query @suminc7

ubiquibot[bot] commented 5 months ago
Property Value
Wallet 0xe0B44E4238aFDB9d26247A05DbB729e00D8Cf1F2
LurkyLunk commented 4 months ago

/wallet 0xf2f933d8136A4cA6BeABDB7a6e651F1DE202caE9

ubiquibot[bot] commented 4 months ago 
! action has an uncaught error
ubiquity-os-main[bot] commented 4 months ago 

- Error: duplicate key value violates unique constraint "new_users_pkey"
ubiquibot-dev[bot] commented 4 months ago 

+ Successfully registered wallet address
alexandr-masl commented 2 months ago

/start

0x4007 commented 2 months ago

/start

@gentlementlegen can you trim and parse commands so they execute even with the \n at the end?

gentlementlegen commented 2 months ago

@0x4007 yes I opened a ticket on ubiquibot-kernel about it.

ubiquity-os[bot] commented 2 months ago

@alexandr-masl the deadline is at Mon, Sep 9, 8:42 AM UTC

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

rndquu commented 2 months ago

@alexandr-masl The point regarding telegram notifications is not mandatory if some other notification method (email?) is available on the monitoring platform.

If https://www.openzeppelin.com/defender supports setting up telegram notification in few clicks then it's fine. Otherwise if it only supports email notifications then it's also fine. There's no need to overengineer, just select a notification solution which can be set up in a couple of clicks (and we'll add telegram notifcations later).

alexandr-masl commented 2 months ago

openzeppelin.com/defender

Got it! I was deciding between Chainlink and OpenZeppelin, but I’m leaning towards implementing OpenZeppelin Defender since it offers built-in notifications like Slack, Telegram, and email right out of the box, plus it supports webhooks, allowing to send notifications to any external service or platform

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

ubiquity-os[bot] commented 2 months ago

@alexandr-masl, this task has been idle for a while. Please provide an update.

alexandr-masl commented 1 month ago

Hey @rndquu, can you please reassign me? Also, I'm still waiting for your review on this pull request. Let me know if there's anything I can help with, as I haven't seen any updates in a while

ubiquity-os[bot] commented 1 month ago

@alexandr-masl the deadline is at Tue, Oct 22, 8:15 AM UTC

ubiquity-os[bot] commented 3 weeks ago

Passed the deadline and no activity is detected, removing assignees: @alexandr-masl.