Decentralized network of detection bots that scan every block on supported chains and emit alerts (stored on IPFS) for suspicious onchain activity. Consumed via GraphQL API, webhooks (Slack/Discord/Telegram/Email/HTTP), or by writing custom TypeScript/Python detection bots.
- 01custom onchain detection bots
- 02protocol exploit + governance monitoring
- 03alert aggregation across chains
- 04open-source threat intelligence
- 05composable bot reuse via subscriptions
- pnpm add -D forta-bot @fortanetwork/forta-bot-sdk
| Variable | Scope | Description |
|---|---|---|
| FORTA_API_KEY | Server | Forta API key for the alerts GraphQL endpoint (`https://api.forta.network/graphql`), sent in the `Authorization: Bearer` header. |
| FORTA_WEBHOOK_SECRET | Server | Shared secret for verifying custom webhook deliveries from Forta notification channels. |
Use Forta for onchain detection. (1) Consume existing alerts via GraphQL: `POST https://api.forta.network/graphql` with `Authorization: Bearer ${FORTA_API_KEY}` and a query `{ alerts(input: { addresses: [...], chainId: 1, blockTimestampRange: { startTimestamp, endTimestamp }, severities: [CRITICAL, HIGH], first: 50 }) { alerts { hash name description severity protocol source { transactionHash } addresses } } }`. (2) Subscribe to alerts via the dashboard with custom Webhook/Slack/Discord/Telegram/Email channels — webhook handler verifies the configured shared secret and routes by `alertId` and `severity`. (3) Build custom bots with `@fortanetwork/forta-bot-sdk`: implement `handleTransaction(txEvent)` and/or `handleBlock(blockEvent)` returning `Finding[]` with `{ name, description, alertId, severity: FindingSeverity.High, type: FindingType.Suspicious, metadata }`. Test with `npx forta-bot run --tx 0x...` and publish via `npx forta-bot publish`.
- ⚑Forta GraphQL `blockTimestampRange` is in seconds, not milliseconds — passing JS `Date.now()` directly returns no results without erroring.
- ⚑Bot reuse via subscriptions is powerful but each subscribed bot adds query cost and noise — audit which bots you depend on, and pin to bot IDs (not names, which can change).
- ⚑Alert severity is bot-author-defined and not normalized across the network — `HIGH` from one bot may equal `MEDIUM` from another. Build your own severity mapping table per bot you trust.
- ⚑Detection latency is 1+ block (post-confirmation), so Forta is reactive, not pre-transaction — pair it with a pre-signature scanner like Blockaid or a pre-tx enforcement layer like Hypernative for prevention.
- ⚑Self-hosted scan nodes are required for some custom bots and chains; the hosted scanner network only covers a subset of EVM chains (Ethereum, Polygon, BSC, Arbitrum, Optimism, Avalanche, Fantom, Base) — verify your target chain is supported before designing a bot.
- ⚑Bots run in a sandboxed Docker environment with limited filesystem and network — calls to external APIs need explicit allowlisting and can be flaky under high block throughput.