Security Architecture

Explore the security architecture of our platform, including encryption, access controls, and compliance measures.

Security Architecture

Sentinel’s security architecture is designed around three core pillars:

  1. Continuous Auditing Pipeline
  2. AI Inference Engine
  3. Immutable Threat Intelligence Layer

Together, they enable Sentinel to provide always-on security for smart contracts, from deployment to post-launch.

1. Continuous Auditing Pipeline

The auditing pipeline begins the moment a contract is deployed on Metis. It operates in two phases:

a. Pre-Deployment Static Analysis

  • Developer submits contract to Sentinel CLI or web interface
  • Static analyzer (open-source tools like Slither, Mythril, integrated)
  • AI-enhanced context mapping (uses known vulnerability patterns from threat DB)
  • Risk score + vulnerability report generated

b. Post-Deployment Monitoring

  • Contract is registered to the on-chain Sentinel Watcher
  • Sentinel reads:
    • On-chain contract behavior (via Metis RPC + internal tracer)
    • State diffs and function calls
    • Interaction with external contracts
  • Event stream sent to inference layer for continuous evaluation

2. AI Inference Engine

The heart of Sentinel’s real-time intelligence:

  • Runs on ALITH inference execution layer on Metis
  • Receives:
    • Contract source code (flattened or proxy-aware)
    • Behavior logs (on-chain events, function calls, state deltas)
    • Context from known exploits (stored in threat DB)

Inference Capabilities:

  • Match contract behavior against known vulnerability signatures
  • Apply transformer-based ML models (hosted on ALITH) to predict potential unknown flaws
  • Produce real-time alerts, risk score updates, and mitigation suggestions
  • Infer behavioral anomalies such as:
    • Reentrancy loops
    • Price oracle manipulation
    • Access control bypass
    • Integer manipulation (under/overflow despite compiler protections)

Output:

  • Human-readable report
  • Developer webhook callbacks
  • Alert to protocol DAO if public contract is dangerous

3. Immutable Threat Intelligence Layer

A decentralized and append-only storage of security knowledge.

  • Hosted on Metis IPFS-compatible oracles or Filecoin (as external backup)
  • Stores:
    • Known CVEs for smart contracts
    • Historical audit reports (crowdsourced or partner-fed)
    • Newly inferred threats (with model confidence scores and raw data)
    • Response history (developer fixes, exploit confirmations)

Access Patterns:

  • Queried by inference engine for context
  • Available to external developers via open Sentinel API
  • Token-gated access (optional for sustainability)

Benefits:

  • Shared knowledge across dApps, helping prevent repeated mistakes
  • Immutable by design — past vulnerabilities and threat data can’t be erased
  • Builds long-term ecosystem resilience

Integration with Metis

  • Contracts are monitored at the Sequencer level (block-level feed)
  • Inference and processing occur on AΛITH compute nodes
  • Sentinel optionally integrates with Metis Polis (DAO infra) for alerting governance when live contracts are dangerous
  • All activity settles to Ethereum via Metis rollup finality guarantees

Optional Components (Will Be implemented in Future Releases)

  • Developer Dashboard:

    • Contract health overview
    • Risk trend over time
    • Suggestions for mitigation (model + audit-based)

  • API Integration for IDEs like Hardhat, Foundry, Remix (via plugins)

  • Webhook Alerting to Discord, Slack, Telegram, etc.