This security utility can be deployed as a container on a server to enable the monitoring of mission-critical native sol, spl-token and program accounts. Thanks to compatibility with Slack notifications, it constitutes the basis for a simple early warning system able to detect suspicious variations in account balances and deployments. As such, it can help detect critical bugs in production systems, as well as intentional attacks resulting from contract exploits, key theft, rogue agents/teams, etc.
Although the vault-watcher service can be used directly as a binary with a custom postgres instance, we recommend using docker-compose.
git clone git@github.com:Bonfida/vault-watcher.git
cd vault-watcher
cp _accounts.json accounts.json
cp _config.json config.json
cp _.env .envThe accounts.json and config.json should then be edited to configure the service. Optionally, the .env file can be edited as well. Once this is done, we start the docker containers.
sudo docker-compose build
sudo docker-compose upThe Postgres database can be directly accessed. In addition, a grafana instance with a simple provisioned dashboard can be found running at http://localhost:3000 by default.
| Field Name | Type | Description |
|---|---|---|
| endpoint | string | URL for the Solana RPC endpoint to connect to |
| refreshPeriod | integer | Period between account polls in milliseconds. All polls are written to the database. |
An array of accounts objects containing
| Field Name | Type | Description |
|---|---|---|
| name | string | User-readable identifier for the account to monitor. Maximum length is 50 characters. |
| address | string | The public key in base58 format for the account to monitor |
| maxChange | float (Optional) | The maximum allowable amplitude of balance change (in UiAmount, or Sol for native sol accounts). Only to be specified for a vault account |
| maxChangePeriod | integer (Optional) | Maximum number of milliseconds over which a maxChange balance variation is allowed without triggering a notification. Only to be specified for a vault account |
The .env file is used to define additional configuration through environment variables.
| Var name | Description |
|---|---|
| POSTGRES_PASSWORD | Password for direct access to the underlying balance history database |
| DB_PORT | Port number for the accessible locahost postgres database |
| GRAFANA_PORT | Port number on localhost for the grafana interface |
| SLACK_URL | Slack hook url used to push balance notifications to a Slack channel |
For example, if your endpoint is https://solana-api.projectserum.com and you want to poll data every 5s:
{
"refreshPeriod": 5000,
"endpoint": "https://solana-api.projectserum.com"
}For example if you want to monitor 2Av1qmnqjLcnA9cpNduUL9BQcitobBq1Fiu7ZA4t45a6 and allow a max variation of 1,000 tokens every 5s while monitoring the program account 6XmmYz2gxHRPzh4yUZKiqkifEMbscS2k2ZC3bj6Amdpp:
{
"accountType": "vault",
"address": "2Av1qmnqjLcnA9cpNduUL9BQcitobBq1Fiu7ZA4t45a6",
"maxChange": 1000,
"maxChangePeriod": 5000,
"name": "My token (or native sol) account"
},
{
"accountType": "program",
"address": "6XmmYz2gxHRPzh4yUZKiqkifEMbscS2k2ZC3bj6Amdpp",
"name": "My program account"
}Historical balances can be monitored using Grafana through port 3000
