Security monitoring

[rndquu]

In case of a security incident we should:

1. Pause all of the contracts
2. Notify the core team that something went wrong

Possible solutions for monitoring:

• https://docs.chain.link/chainlink-automation
• https://www.openzeppelin.com/defender
• https://cyvers.ai/

What should be done:

1. Setup monitoring for LibUbiquityPool. In case of a possible security incident (let's say >30% of liquidity is withdrawn) we should:
   a) Pause the UbiquityDollarToken
   b) Pause LibUbiquityPool by disabling collateral
2. Send notification to https://t.me/UbiquityDAO (you may create a new topic there like Dollar monitoring)

P.S. Mainnet contract addresses can be found here

[molecula451]

Hi rndqnuu there is another potential monitor solution available at mainnet, https://cyvers.ai/

[rndquu]

Hi rndqnuu there is another potential monitor solution available at mainnet, https://cyvers.ai/

Updated description

[0xJoichiro]

/help

[ubiquibot]

Available Commands

Command	Description	Example
/start	Assign yourself to the issue.	/start
/stop	Unassign yourself from the issue.	/stop
/help	List all available commands.	/help
/query	Returns the user's wallet, access, and multiplier information.	/query @user
/ask	Ask a context aware question.	/ask is x or y the best approach?
/multiplier	Set the task payout multiplier for a specific contributor, and provide a reason for why.	/multiplier @user 0.5 "multiplier reason"
/labels	Set access control, for admins only.	/labels @user priority time price
/authorize	Approve a label change, for admins only.	/authorize
/wallet	Register your wallet address for payments.	/wallet ubq.eth

[gitcoindev]

@0xJoichiro I received the notification, can you please add a comment with /start command instead of /help now to have the issue assigned to you?

[0xJoichiro]

/start

[ubiquibot]

# Skipping to register a wallet address because both address/ens doesn't exist

[gitcoindev]

/query @0xJoichiro

[ubiquibot]

! action has an uncaught error

[gitcoindev]

@0xJoichiro could you please try to register your wallet address for payouts using /wallet 0xYOURETHWALLETADDRESS command ?

[0xJoichiro]

@0xJoichiro could you please try to register your wallet address for payouts using /wallet 0xYOURETHWALLETADDRESS command ?

yes sir,I'll create a wallet and try this asap

[0xJoichiro]

/wallet 0x2C35d567b68Adf4FcE2b89e9c0aE70Ea119C209A

[ubiquibot]

+ Successfully registered wallet address

[0xJoichiro]

/start

[ubiquibot]

Deadline	Fri, May 10, 11:58 AM UTC
Registered Wallet	0x2C35d567b68Adf4FcE2b89e9c0aE70Ea119C209A

Tips:

• Use /wallet 0x0000...0000 if you want to update your registered payment wallet address.
• Be sure to open a draft pull request as soon as possible to communicate updates on your progress.
• Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.

[0xJoichiro]

@gitcoindev does this work as a draft PR #938?

Yes, please mark it as ready for review when it will be ready.

[molecula451]

@0xJoichiro the message it's not clear do you think the PR is ready to review?

[LurkyLunk]

/wallet 0xf2f933d8136A4cA6BeABDB7a6e651F1DE202caE9

[ubiquibot]

! action has an uncaught error

[ubiquity-os-main]

- Error: duplicate key value violates unique constraint "new_users_pkey" 

[ubiquibot-dev]

+ Successfully registered wallet address

[alexandr-masl]

/start

[0x4007]

/start

@gentlementlegen can you trim and parse commands so they execute even with the \n at the end?

[gentlementlegen]

@0x4007 yes I opened a ticket on ubiquibot-kernel about it.

[ubiquity-os]

@alexandr-masl the deadline is at Mon, Sep 9, 8:42 AM UTC

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[rndquu]

@alexandr-masl The point regarding telegram notifications is not mandatory if some other notification method (email?) is available on the monitoring platform.

If https://www.openzeppelin.com/defender supports setting up telegram notification in few clicks then it's fine. Otherwise if it only supports email notifications then it's also fine. There's no need to overengineer, just select a notification solution which can be set up in a couple of clicks (and we'll add telegram notifcations later).

[alexandr-masl]

openzeppelin.com/defender

Got it! I was deciding between Chainlink and OpenZeppelin, but I’m leaning towards implementing OpenZeppelin Defender since it offers built-in notifications like Slack, Telegram, and email right out of the box, plus it supports webhooks, allowing to send notifications to any external service or platform

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[ubiquity-os]

@alexandr-masl, this task has been idle for a while. Please provide an update.

[alexandr-masl]

Hey @rndquu, can you please reassign me? Also, I'm still waiting for your review on this pull request. Let me know if there's anything I can help with, as I haven't seen any updates in a while

[ubiquity-os]

@alexandr-masl the deadline is at Tue, Oct 22, 8:15 AM UTC