DIY SEAL WARGAMES
Introducing the Security Alliance Wargames Drill Scenario Template
Isaac Patka and Kelsie Nabben. October 31, 2024
This research is supported by Ethereum Foundation Academic Grants 2024. This post is a practical toolkit inspired by the work of SEAL and research insights from Part 1. For the Part 1 research article, see Governing Blockchain Security: White Hat Hackers ‘Code of Conduct’.
For over a year, the Security Alliance has been running free red team exercises to help prepare developers and security teams for the next attack and war room on their project. To better scale our program, we’re offering a DIY option for projects who don’t want to sit in our waitlist: the Security Alliance Wargames Drill Scenario Template.
The template is an open source GitHub repository to provide protocol teams with the steps and tools that the SEAL Wargames Team uses to coordinate drills. This includes:
- The steps required to plan and execute a wargames drills scenario
- A Foundry & Hardhat setup for developing & testing scenarios on a local fork
- Configurations for running a live fork on Tenderly
- A template for a tabletop exercise
- A template typescript bot service (inspired by a real drill with Optimism)
- A template monitoring bot service with connections to Prometheus, Grafana, and OpsGenie (inspired by a real drill with Optimism)
To access the template repo or provide comments and feedback, see here.
For an overview of the template via video walkthrough with SEAL Wargames lead Isaac Patka, see here.
ENTER THE WAR ROOM
Insights from Kelsie Nabben
As I’ve documented, my first SEAL war room began with a foreboding message: “Welcome to the SEAL Chaos Team’s Simulation War Room…Good luck. The simulation is about to begin”.
Prior to this, I had joined a ‘table top’ planning exercise, where Isaac Patka (lead of SEAL Wargames) had run a top-tier protocol team through a laundry list of possible attack scenarios. The amount of research and expertise that goes into just one of these drills is immense. It included having a dedicated ‘mole’ — someone on the inside of the partnering protocol team to help inform the SEAL wargames team of possible vulnerabilities — to plan accurate and constructive scenarios.
The execution was first class. It included kicking off the tabletop exercise call with a custom made ‘countdown’ video of cool kids in baggy pants doing parkour. The video served as a motif of the dedication, commitment, and practice that is required to master one’s craft, the same skills that this protocol team needed for the exercise they were about to embark on.
The SEAL Wargames team have run drills with over 8 protocols since launching, with the likes of Aave, Yearn, Compound, Optimism and Base, Uniswap, Arrakis, Lido (soon), and more. Scenarios have included oracle manipulation, faulty upgrades, leaked private keys and malicious governance proposals, disguised as legitimate ones.
More than just a toolkit for executing security drills, SEAL Wargames emphasises the critical importance of cultivating a security-first mindset (a.k.a. A culture that cultivates “absolute f*# paranoia”). In an ever-evolving threat landscape that impacts individuals, projects, and protocols across the blockchain ecosystem, establishing a proactive security approach is not just beneficial — it’s essential. By integrating continuous preparedness into everyday practices, developers and security teams can better navigate the ever-evolving landscape of threats and vulnerabilities. While a future of no hacks or losses in Web3 seems like a distant mirage, each exploit that can be stopped or rescued makes a material difference to the people’s whose resources are not taken from them.
To read more about the experience of War Rooms, see here.
To access the template repo or provide comments and feedback, see here.
For an overview of the template via video walkthrough with SEAL Wargames lead Isaac Patka, see here.
For more about SEAL, wargames, and their other initiatives, see here.
(Note: Canonical link to original post is here).
