[AlphaGrowth] Enhancing Security and Trust with ChainPatrol

TLDR:
AlphaGrowth proposes to hire ChainPatrol on behalf of the Compound Protocol community to detect, block and manage takedowns of active malicious threats.

We have already agreed to pay their service fee of $3,000/month out of the Growth Program budget for a 1-month trial to determine the effectiveness of their service. Following the trial AlphaGrowth will decide with the help of the community whether to continue.

In order for ChainPatrol to start, the community needs to vote for the signature of a Power of Attorney & Letter of Authorization that allow ChainPatrol to approach platforms on behalf of Compound Protocol to request immediate take downs of malicious content. We welcome feedback from the community on the best way to proceed with such a vote.

ChainPatrol
ChainPatrol was founded 3 years ago, they are a Real-Time Security Platform that aims to detect, block and manage takedowns of active malicious threats targeting Compound Protocol, keeping the community and organization safe from bad actors (impersonations, phishing links, wallet drainers, etc …). Notable clients include: Arbitrum, The Graph, Linea, Curve Finance, etc …

Their takedown services protect from malicious:
Domains, social platforms, and app stores, with social takedowns spanning across X.com, Discord, Telegram, Reddit, Instagram, YouTube, LinkedIn, TikTok, Facebook, and decentralized social platforms.

Discord & Slack bots enable the community to easily report any malicious activity they experience to be dealt with accordingly by ChainPatrols 24/7 security support staff. For example: ChainPatrol can block malicious domains within 15 minutes across 20 leading crypto wallets, including Metamask, Coinbase Wallet, and Phantom.

The ChainPatrol Dashboard provides reports on active threats, metrics, and takedowns, as well as 24/7 automated monitoring for new threats across domains and social platforms.

Legal Representation with Social Platforms
To proceed ChainPatrol will require a legal agreement stating they are an authorized representative of the Compound Protocol in order to request action from platforms like Twitter.

Onboarding Steps
Once approved, ChainPatrol’s first action with Compound Protocol will be to work closely with AlphaGrowth & the community to add all of the required assets necessary to train our systems.

Below are the initial key steps to the onboarding process:

1. Collect Legal Documents

• Power of Attorney
• Letter of Authorization

2. Trademarks Details
3. Add all brand assets and URLs to the dashboard
4. Add Social Profiles of key Compound Protocol Staff Members
5. Add Discord or Slack Reporting Bot for the Community.
6. Staff and community members will be able to both check and report suspected malicious assets, using the /check and /report commands

Ongoing Support Expectations (in ChainPatrol’s own words)
The success of our service comes from ensuring that we maintain an open and honest flow of communication between our team and the Compound community and staff. As such, after completion of onboarding, ChainPatrol will provide continuous support through the following actions:

1. 24/7 Triaging of Threats Shared through Communication Channels (Telegram, Discord, Slack)
2. Our team will maintain open daily communication with Compound to address threats detected by community and staff
3. Monthly Threat Snapshot Reports
4. Provides transparency to the metrics associated with our protection efforts
5. Regular Touchpoint Meetings
6. Stay up-to-date on key roadmap events upcoming, ensuring any new brand assets are appropriately added to our systems

Links & Contact Info:

ChainPatrol Website - https://chainpatrol.io
Introduction to ChainPatrol
ChainPatrol Contact: Davide Scalzo
Email - davide@chainpatrol.io
Telegram - t.me/dschainpatrol

AlphaGrowth is a firm supporter of ChainPatrol and we look forward to adding them as a trusted security partner for the Compound Protocol ecosystem.

Action Items

1. Discuss how to approve Legal Documents for ChainPatrol to represent Compound

• Power of Attorney
• Letter of Authorization

2. Aggregate all vetted Compound Protocol materials to whitelist so they aren’t reported as malicious.
3. Google Form to submit known URLs
4. Current Submissions

Hey @rossgates , thank you so much for posting! Our team is very keen to offer full protection for the Compound Protocol community and organization.

For the voting process, we would certainly welcome a snapshot vote from the community, if that works for all members?

Happy to write a separate forum post with the details that need to be voted on.

OpenZeppelin is neutral on the selection of new service vendors to the protocol. However, the need for a solution to detect, block and manage takedowns of active scams and phishing that target the Compound protocol is very real and should be addressed promptly. On a personal level, I’ve seen the quality of work done by Chainpatrol and can vouch for their ability to address this need.

Going forward, I would suggest that the Alpha Growth team and the rest of the community consider a more transparent process of proposing and trialing new potential service vendors to the protocol. An existing service vendor sponsoring the trial of another service vendor under their existing budget does complicate the boundaries of how DAO vendor selection is managed. However, I think the proposed plan put forward by Alpha Growth here is addressing a clear and present need for the Compound community and is being done in good faith, especially since a snapshot vote will be performed as a first step.