Contract Monitoring Is Now Available in the Hiro Platform

We’ve rolled out a new contract monitoring feature in the Hiro Platform, so you can get notified anytime a specified function is called in your contract on mainnet. You can target specific function calls by argument values or by caller address, so you can keep an eye on who’s calling your contracts and how they’re being used. Whether you’re monitoring for suspicious activity or simply want to understand contract usage, this new feature’s got you covered.

Type
Product update
Topic(s)
Product
Hiro
Published
September 11, 2024
Author(s)
Sr. Software Engineer
Contract monitoring is now live
Contents

We want to support end-to-end development for your projects in the Hiro Platform, and while we’ve launched many tools in the Hiro Platform to help you develop and build your projects, we haven’t added many features to aid you after you deploy a project to mainnet. That changes with the latest release in the Hiro Platform.

Monitoring Alerts for Your Contracts

As we’ve seen throughout the history of Web3, hacks in crypto reveal the risks of sensitive smart contract calls being exploited. After a developer deploys a contract via the Hiro Platform, it can be difficult to understand how the contract is being used.

We’ve added new contract monitoring features that enable you to set alerts when specific functions are called in your smart contracts. This enables you to detect and respond to suspicious contract activities, enhancing the security of your app throughout the contract lifecycle.

For example, let’s say you have a smart contract with a <code-rich-text>principal-construct?<code-rich-text> function that creates an <code-rich-text>admin<code-rich-text> principal for your app that enables your team to interact with private functions in your smart contract.

This is a sensitive function, and maybe you want to monitor calls to this particular function. With the new contract monitoring feature in the Hiro Platform, you can get notified every single time the <code-rich-text>principal-construct?<code-rich-text> function is called to make sure that all calls to this sensitive function are intentionally made by you. These alerts can be part of your incident response plan, allowing you and your team to respond to issues more quickly.

This feature goes beyond just security—it’s also a way to better understand how your contracts are being used. You can also set up alerts for various public functions in your smart contract to gain insight on which functions are receiving the most calls and how users are interacting with your contract.

How It Works

When logged in to the Hiro Platform, you can configure alerts for any contract calls on mainnet, whether that’s a <code-rich-text>set-contract-owner<code-rich-text> function, a transfer/mint/burn function, or anything else you’ve implemented that you want to monitor.

Once you identify the calls you want to monitor, you can further hone in on the specific function calls by creating predicates that filter for argument values and the address of the wallet which called the function. 

You can monitor these alerts in the Hiro Platform, and you can also choose to receive email alerts every time one of those alerts is triggered. Or configure webhook calls, which can be used for all kinds of customized alerting flows (for example, you could use this webhook call to trigger a Slack message).

Setting Up a Contract Alert

Connecting a Contract

A screenshot of the starting screen
The starting screen for setting up an alert

Setting up an alert is easy. Simply toggle to the “Monitor” tab once you log in to your Hiro Platform account. From there, you can look up any on-chain contract by its principal + contract name.

A screenshot of looking up a contract in the platform
Looking up a contract

All contracts deployed to mainnet are public, and you can monitor and set up alerts for any of them, regardless of whether you are the deployer.

A screenshot of looking up the previous deployments in your wallet
Viewing your deployment history

Alternatively, you can also connect your wallet to view your deployment history and choose any contracts you’ve previously deployed in order to set up alerts for them.

Creating an Alert

A screenshot of a contract's onchain activity
Viewing a contract in the alerts dashboard

Once you are monitoring a contract, you can view its transaction history and any pending transactions in the mempool. You can also set up custom alerts for the contract.

A screenshot of how you can customize your contract alert
Configuring your alert details

Alerts can target function calls within specific arguments or caller addresses, giving you flexibility in how you configure your alerts. You can also choose whether you’d like to receive email alerts and webhook alerts to get notified about these alerts in near-real time.

A screenshot of the alerts dashboard once your alert is turned on
The alert monitoring dashboard

With each alert you set up, you can view the alert’s history and the response status from any webhook calls made. You also have the ability to edit existing alerts to hone in your conditions or notification preferences over time.

Conclusion

We hope this new feature increases your confidence in your code as well as your code’s security, and you can get started with your alerts in Hiro documentation.  If you have any feedback, please reach out to us in the #hiro-platform channel under the Hiro Developer Tools section on Discord.

Product updates & dev resources straight to your inbox
Your Email is in an invalid format
Checkbox is required.
Thanks for
subscribing.
Oops! Something went wrong while submitting the form.
Copy link
Mailbox
Hiro news & product updates straight to your inbox
Only relevant communications. We promise we won’t spam.

Related stories