This guide explains the recommended multisig transaction signing workflow. One of the key steps in safe transaction verification is calldata hash verification. By verifying the hashes on the UI of the multisig compared to the hashes displayed on a connected hardware wallet we are protected from an attack where the UI is compromised or an unexpected malicious transaction is injected into the signing flow. This type of attack resulted in the $1.5B loss experienced by Bybit. Tools & Definitions Safe Tx Hashes Util (CLI) - CLI tool for verifying calldata in multisig transactions This tool is the most actively supported and feature-rich utility for Safe transaction verification OpenZeppelin Safe Utils (UI) - Hosted frontend for verifying calldata based on the Safe Tx Hashes Util CLI tool This tool provides a simpler way to generate the hashes used in signature validation

Safe contract addresses are determined by the initializer function and a nonce. In order to deploy a Safe to the same address on multiple networks it is important to ensure the following conditions are met: Same factory address is used on both networks Same singleton address used on both networks Same nonce used on both networks The same initializer payload is used on both networks This guide includes addresses for the latest v1.4.1 release of Safe. If the Safe you are trying to replicate is an earlier version you must find the old singleton address. This can be found in your original Safe creation transaction (see below) Factory

The SEAL Battlenet initiative developed through discussions with SEAL members at the SEAL Assembly 2024. Concept Overview SEAL Battlenet is a live adversarial environment where teams can deploy and test new protocol versions with realistic network behavior prior to deploying on public main networks. Battlenet allows for rapid iteration to improve web3 security by creating a feedback loop between protocols, attackers, and security professionals in a controlled environment. What does success look like? We stop seeing the same types of exploits and vulnerabilities make their way into production because they are caught at an earlier stage, preventing harm to users and protocols. Alternatively, more unique bugs, exploits, and failure conditions means that Battlenet is working. What does failure look like? We continue to see the same issues exploited on Battlenet over and over, and continue to see them on mainnet chains as well. This would indicate that the feedback loop is not working, protocol teams are not improving, and we have not improved the safety of crypto.

Video Guide: https://www.loom.com/share/c7f4936b92534ba6a4812166944bcabf?sid=685dcf3d-6fbd-46a7-bd5b-30fb3887d364 Shield3 is joining the Onchain Summer Buildathon by offering bounties for teams building who integrate Shield3 into their app! Shield3's bounties will be posted to the community Bountycaster https://www.bountycaster.xyz/onchainsummer Shield3 combines offerings from services including data providers like Chainalysis and Forta, blockchain APIs like Infura and Alchemy into a single service. Use Shield3's RPC to:

Program: https://www.heinz.cmu.edu/programs/itlab/ Duration: 6 weeks Field: Open source cybersecurity initiatives in web3 Final presentation: Early August About Us The Security Alliance is an open source initiative in the web3 space to improve the security landscape of web3 through a series of projects to provide educational content, training, incident response, and legal resources to companies and individual contributors in the ecosystem. Seal 911 - A free 24/7 emergency hotline for help with incident response, vulnerability disclosure, or any other security problem Seal Wargames - Free red team exercises to help prepare teams prepare for the next war room

Contracts Permissions Manager: https://etherscan.io/address/0xC98a7004E2154636f2a01653CCA2E2c5Aa4afAe0 Hydra Token: https://etherscan.io/address/0xf17b47b3b3440fd4bF285029eE461292DaeB9042 Ops Safe: https://app.safe.global/home?safe=eth:0xC879250D96d36E12231b1a72652330E552caB11B Issuing Issuing involves 2 steps per recipient. They need to be granted permissions to receive (but not send) the token. Then they can be issued their tokens. All of these actions for any number of issuances can be batched in Transaction Builder

Previous demo link: https://hackmd.io/@shield3/HypAXccXT Summary This demo shows an example implementation of Shield3's policy engine & RPC to support the gas subsidized transaction use case with Syndicate. The goal is to determine whether or not a subsidized user transaction, and a corresponding subsidy transaction should be submitted based on a set of rules provided by Syndicate. An account has been configured with the following policies: Allow subsidized transactions to specific contracts only Allow value transfers below a max subsidy amount Allow subsidy transactions for 'fresh' accounts (nonce < x)NOTE this is an optional alternative to tracking how many subsidies a wallet has received. If the wallet has been used a certain amount of times we could assume they can get some gas for themselves to continue transacting

Summary Shield3 provides automated security & compliance tools for developers to protect user transactions through a customizable policy engine delivered as a custom RPC. Mural provides crypto payments & invoicing tools for payroll, contractors, vendors, and more. Through an integration with Shield3, Mural and/ or Mural users can enforce transaction policies for security, internal & external compliance, and reporting for audits. Reporting All transactions are saved along with full audit trails for policy execution results. Logs can be exported to assist with compliance filing processes. Dashboard(3) Policy Library Shield3 offers both standard policies, and custom policies for compliance, security, and org specific rules. Shield3 can work with Mural to create a custom policy set to protect all of their transactions and establish audit trails for export.

Summary Onboarding Video Walkthrough Shield3 provides automated security & compliance tools for developers to protect user transactions through a customizable policy engine delivered as a custom RPC. Dynamic provides embedded wallets for developers to manage onboarding & wallets for their users. Through an integration with Shield3, customers of Dynamic would be able to add custom rules to all transactions that are facilitated by their application. Integration Mockup Dynamic _ S3 Policy Library Shield3 offers both standard policies, and custom policies for compliance, security, and org specific rules. Shield3 can work with customers of Dynamic to create a custom policy set to protect all of their transactions.

Misconfigured transactions, user errors and malicious transaction requests are responsible for a large amount of preventable losses in crypto. Automated transaction policies at the wallet or RPC layer are one approach to mitigating these losses. In this article, we present a library for decoding transaction payloads to detect max slippage of DEX transactions on Uni V2, V3, and Universal Router, a policy implemented as RPC middleware, and a method for using Cryo with Python to back test the effectiveness and calculate preventable slippage of previously executed trades What Is A Transaction Policy (and why)? Smart contracts define the permissible actions of a protocol; however, permissable actions are very different from optimal actions. This gap leads to scenarios where decentralized application users are vulnerable to exploitation due to transaction misconfigurations. This isn't a flaw of smart contracts, but it highlights a gap in the traditional Web3 stack of application, wallet, contracts, and neutral RPCs. Many user protection features are ill-suited for the smart contract layer as they would be overly restrictive and break the open, composable nature of DeFi. And while applications and wallets can help educate and guide users towards safe transactions, they can benefit from an additional external validation of the user's intended actions. We introduce transaction policies as an RPC middleware to perform the validation and act as a check on transactions coming from wallets. This middleware is supported by a robust policy framework which interprets complex transactions, adds critical context, and takes action to protect users from mistakes or malicious activity. tPGj-5ixJ-87dW31ator6cW4lVJjdDp-e2TJMNR2MO4

Running Protocol Drills Slides: https://hackmd.io/@shield3/sealchaos digraph G { graph [bgcolor="#181818", fontcolor="white", fontname="Courier New", fontsize=18]; node [fontname="Courier New", fontsize=18, fontcolor="white"]; edge [fontname="Courier New", fontsize=12, color="white", fontcolor="white"]; node [shape=none]; // No shape for nodes to make them look like labels

Summary Video Walkthrough MPC Vault provides self-custodial, multichain asset management. Transactions on MPC vault benefit from risk analysis, audit logs, and policy enforcement. Shield3 provides advanced customizable transaction policies which can expand the functionality of MPC Vault's transaction rules and provide an additional layer of defense, and auditability for customer transactions. MPC_flowchart Mockups of MPC Vault with Shield3 Integration MPCVault _ Enable

Summary In the Syndicate dashboard demo project users are able to relay transactions via the Syndicate API to call mint on a demo contract. In this demo we'll show how we can define this restriction, and further restrictions within the Shield3 RPC. syndicate_flowchart_2 copy Syndicate Configuration On the Syndicate UI the project is configured as shown here: Screenshot 2023-11-08 at 12.49.36

For compliance-focused business leaders, blockchain technology presents a paradox. On one hand, it offers transformative potential for unlocking new markets and removing barriers to accessing financial services. On the other, it comes fraught with challenges such as regulatory uncertainty, security vulnerabilities, and complex, interconnected dependencies. The solution to unlock the full potential of blockchain based finance is a robust routing and policy layer, designed to make applications more secure, compliant, and effective. In this article, Shield3 and Blockscience present both an architecture for building this layer, and a instrumenting to meet the needs of enterprises building blockchain based applications. Elevating the Status of Blockchain for Enterprise Applications While blockchain and smart contracts define a foundation of permissible actions, they do not guide users toward actions that are strategically optimal or compliant with existing regulations. This is not a flaw in blockchains, as they are intended to be open and permissionless by design. However this presents major challenges for the business leaders wanting to offer blockchain based applications, implementers charged with deploying these applications, and compliance teams working to mitigate compliance and security risks. This is where the concept of a routing and policy layer becomes critical. Acting as the operational "brains," this layer resides above the blockchain, navigating complex transactions, enriching them with necessary context, and enforcing compliance and security protocols. The integration of such an intelligent layer enables the next-generation of financial applications that adhere to regulatory standards and scale efficiently, all without compromising the decentralized nature of blockchain technology.

AWS SageMaker is a managed ML platform that provides a Jupyter notebook interface to build data pipelines and train models. Cryo is a tool to extract data from the Ethereum Blockchain. This post will show you how to set up notebooks in SageMaker to analyze data extracted by Cryo. A forked version of Paradigm Data Portal and the notebooks from this post are available here: https://github.com/ipatka/paradigm-data-portal/tree/s3/notebooks The Paradigm Data Portal hosts a public dataset of Ethereum data extracted by Cryo. The portal can be installed as a CLI tool or imported as a Python package. While you can extract this data yourself with Cryo, downloading the datasets from PDP is the quickest way to get started. Setting up SageMaker If you do not have a SageMaker Studio environment set up already, follow this tutorial to create one: Amazon SageMaker Studio. Working with S3

by Michael Zargham, Isaac Patka, Geoffrey Arone For compliance-focused business leaders, blockchain technology presents a paradox. On one hand, it offers transformative potential for unlocking new markets and removing barriers to accessing financial services. On the other, it comes fraught with challenges such as security vulnerabilities, regulatory uncertainty, and systemic risks. The solution to unlock the full potential of blockchain-based financial applications is a robust, automated, yet practical policy framework. Shield3 has developed a product suite which includes data infrastructure, a policy-writing language, a library of modular workflows, and monitoring dashboards. BlockScience is collaborating with Shield3 to provide enterprise clients with custom AI-powered policies that support the enforcement of their compliance requirements and protect consumers. Instrumenting organizations with tools to select and enforce their security and compliance policies closes a critical gap, especially for enterprises leveraging (or hoping to leverage) blockchain technology. In this piece, Shield3 and BlockScience present the architecture for our framework. From "can do" to "should do" While blockchain and smart contracts define a foundation of permissible actions ("can do"), they do not guide users toward actions that are strategically optimal ("should do") given their business goals and constraints. Enterprises must make their own decisions about their strategic goals as well as how to operationalize regulatory guidance.

Phage is a rust based library that provides programmable middleware for Ethereum nodes. With Phage, developers can build: Safer consumer wallets with anomaly detection, threat interception, and MFA flows Enterprise trading wallets with protocol & sender specific rules, and pre-mempool alerting Account abstraction tooling with dynamic transaction bundling Optimized transaction routing with fee management & MEV protection The middleware is designed to be modular, and extensible, enabling developers to program the Ethereum node to understand the intent of the user, and take the optimal action on their behalf. Using the middleware, developers can build applications that are more secure, more efficient, and more accessible. In this article, we will explore the different types of modules that can be built using this middleware, including:

Building a DSL for Modular RETH Transaction Middleware Isaac Patka - Shield3 With RETH we can extend the RPC api and add <font color="red">middleware</font> With RETH we can extend the RPC api and add <font color="red">security</font> middleware With RETH we can extend the RPC api and add <font color="red">modular</font> security middleware Building a DSL for modular middleware Make decisions based on transaction context

Programmable Transaction Middleware for Ethereum Nodes Phage is a rust based library that provides programmable transaction middleware for Ethereum nodes Current transaction broadcasting infrastructure is passive Existing protection tools are concentrated on the wallet layer Phage modules enable nodes to make automated decisions With Phage you can build... ✅ Custom RPC methods