Integration and Activation

Integration Overview

The following steps are required in order to integrate spherex into any given dApp:

Inline Mode

Inline integration mode is suitable for either immutable or upgradeable contracts. In this mode, spherex’s code is integrated into the contracts’ code (i.e. implementation) with the following steps:

  • Adding spherex contracts to the codebase

  • Import and inherit spherexProtected.sol to protected contracts

  • Add spherex modifier to protected functions

Proxy Mode

Proxy integration mode is suitable for upgradeable contracts. In this mode, spherex’s code is integrated into the proxy contracts, leaving the implementation contracts untouched. Proxy integration steps:

  • Adding spherex contracts to the codebase

  • Replace any proxy with spherex protected proxies whenever a proxy is required

The integrated contracts include configuration functions to set the protection admin, operator, engine address, and list the protected functions (in proxy mode).

In case of hybrid dApps (including both immutable and upgradeable contracts), both integration modes are used.

The integration can be done either during the development phase, or using spherex integration pipeline, given an existing dApp with a mature codebase.

For example, the following contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Counter {
    	int private count = 0;
    
	function inc() external {
		count += 1;
	}
    
	function getCount() public view returns (int){
		return count;
	}
}

Will be transformed to (inline mode):

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "SphereXProtected.sol";

contract Counter is SphereXProtected {
    	int private count = 0;
    
	function inc() external sphereXGuardExternal(1){
		count += 1;
	}
    
	function getCount() public view returns (int) {
		return count;
	}
}

Activation Overview

Once integrated with spherex, the smart contracts can be deployed on-chain. Once the contracts are on-chain, a dashboard webapp is enabled to monitor and configure the protection of the smart contracts, including setting the access management and deploying the engine.

The protection platform can either be configured using the dashboard webapp or independently in a manual or automated (scripts) manner.

At this point, various security capabilities can be added and configured, e.g. compliance, rate-limit, access-management, virtual patching, exploit prevent, circuit breakers, etc.

Advanced Exploit Prevention

In order to activate the advanced exploit prevention capability, a safe and legitimate TXs baseline should be provided. This baseline can be built either manually, or automatically using local fork, testnet deployment, or historical TXs from production.

Every TX in the baseline is automatically simulated off-line, analyzing and extracting it’s behavioral parameters, and creating the on-chain signatures. These signatures then need to be uploaded to the spherexEngine in order to enforce protection.

Last updated