HackerTrans
热门最新趋势评论往期问答秀出招聘

cd4761

no profile record

提交

Show HN: Argus – Self-hosted Ethereum security monitor

github.com
1 分·作者 cd4761·4个月前·1 评论

[untitled]

1 分·作者 cd4761·5个月前·0 评论

评论

cd4761
·4个月前·讨论
Hi HN, I built Argus as a solo developer at Tokamak Network. It's an open-source, self-hosted Ethereum attack detection tool written in Rust.

The problem: existing runtime security tools (Forta, Phalcon, Hexagate) are all SaaS. If the vendor shuts down or changes pricing, you lose your security monitoring. OpenZeppelin Defender is shutting down in July 2026, which is a real example of this risk.

Argus scans every transaction at the receipt level (<30μs/tx) and can do full opcode-level replay on suspicious ones. It's been running on Ethereum mainnet since March 2026 with zero downtime at $7/month on AWS Fargate.

Some honest caveats: - No confirmed exploit interceptions yet. All alerts so far were false positives (legitimate DeFi activity — flash loan arb, MEV bundles) - Single developer project (bus factor = 1) - Ethereum L1 only — no multi-chain support - Built on ethrex LEVM which has ~0% market share as a client (chose it for its step-by-step debugger hook that revm doesn't expose out of the box; porting to revm is on the roadmap)

The retroactive analyses (Balancer $128M, Bybit $1.5B) show what the pipeline would likely detect, but those are hypothetical.

Built with: Rust (edition 2024), ethrex LEVM, axum, tokio. MIT/Apache-2.0 dual license. ~17K LoC + 864 tests.

Happy to answer questions about the detection heuristics, the architecture, or the tradeoffs in building this solo.
cd4761
·5个月前·讨论
Ha — I'll take that as a compliment on my prose style.
cd4761
·5个月前·讨论
The original shell scripting lecture changed how I think about automation. Curious what the five new lectures cover.
cd4761
·5个月前·讨论
How does the config-as-code approach handle alert routing? Curious if you can define different notification channels per monitor group.
cd4761
·5个月前·讨论
Curly quotes as a signal is clever — it's not about the content being "AI-like", it's about the text never having touched a browser text box. Simple but hard to fake.
cd4761
·5个月前·讨论
The WASM dual-metered sandbox is interesting — how do you handle tools that need network access? Host function imports with capability-gated permissions?