Monitoring

We audited your protocol. Now we watch it. Real-time on-chain monitoring, anomaly detection, and incident response — powered by Guardrails infrastructure.

Why Monitoring

Post-Audit Exposure

Most exploits happen post-audit when code is live and handling real funds.

Minutes, Not Hours

Average time to detect a DeFi exploit: hours to days. Average time to drain funds: minutes.

Continuous Coverage

Monitoring bridges the gap between audit snapshots and production reality.

SEAL 911 Aligned

Incident response meets industry best practices.

The 3 Pillars (SEAL-aligned)

1. Know What Matters

Identify and prioritize the critical state changes, transaction patterns, and invariants that signal an attack.

TVL threshold monitoring

Governance proposal tracking

Oracle price deviation alerts

Unusual withdrawal patterns

Contract upgrade detection

2. Commit to Responsive Action

Monitoring without response is just logging. We build and maintain incident response playbooks so your team can act within minutes.

Severity classification (P1-P5) with documented response times

Automated pause triggers for critical scenarios

SEAL 911 emergency coordination

War room activation procedures

Communication templates for users, partners, and media

3. Build Resilient Detection

No single monitoring system catches everything. We layer detection across multiple providers and approaches.

On-chain monitoring (Guardrails, Tenderly, Hexagate, Hypernative)

Off-chain infrastructure monitoring

Cross-provider alert correlation

Dead man switch verification

Regular detection coverage audits

Severity Framework

For incident response: priority levels with documented response times

LevelDefinitionResponse Time

P1 - CriticalActive exploit, funds at riskImmediate (minutes)

P2 - HighSuspicious activity, potential exploitWithin 1 hour

P3 - MediumAnomalous patterns, requires investigationWithin 4 hours

P4 - LowUnusual but non-threatening activityWithin 24 hours

P5 - InformationalNotable events for awarenessWeekly review

Incident Response Retainer

For protocols that want dedicated IR support:

Named IR contact available 24/7

Pre-built response playbooks tailored to your protocol

SEAL 911 coordination and escalation path

Post-incident analysis and hardening

Quarterly tabletop exercises

Pricing

Monthly retainer model. "We audited it, now we watch it."

Base

Automated monitoring with alert forwarding

On-chain monitoring setup

Alert routing to your team

Monthly coverage report

Professional

Custom playbooks, severity classification, quarterly reviews

Everything in Base

Custom detection rules

P1-P5 severity classification

Quarterly coverage reviews

Enterprise

24/7 IR retainer, SEAL 911 coordination, dedicated analyst

Everything in Professional

24/7 IR contact

SEAL 911 coordination

Dedicated analyst

Tabletop exercises

Who This Is For

DeFi protocols post-launch

Bridges and cross-chain infrastructure

High-TVL vaults and lending platforms

Any protocol that completed an audit and wants ongoing protection

What You Receive

Everything you need to detect and respond

Monitoring Setup

Custom detection rules and alert configuration

Alert Playbooks

Step-by-step response procedures per alert type

IR Documentation

Incident response plans and war room procedures

Coverage Report

Monthly review of detection coverage and gaps

Ready to Secure Your Project?

Get a free 30-minute security assessment. We will review your codebase scope and flag the top 3 risk areas.

No commitment required. Typical audits start within 1–2 weeks.

audits@codespect.xyz