Definition: Post-audit monitoring is continuous security surveillance after contract deployment and audit completion. Audits are point-in-time; monitoring is 24/7. Post-audit vulnerabilities emerge from: code changes, new integrations, governance updates, discovered attack vectors, and protocol interactions. Firepan enables post-audit monitoring via HOUND AI, continuously rescanning deployed contracts and alerting on new threats as they surface.
Your contract passed a thorough $150K CertiK audit. Mainnet launch happens. Two weeks later, a new oracle manipulation vector surfaces industry-wide. Your contract uses that oracle. The audit didn't catch it (it didn't exist during the audit window). Your protocol is now exposed to a threat that wasn't known when you paid for the audit. This is the post-audit gap. This article explains why monitoring matters post-deployment and how to fill the gap.
Vulnerability Class 1: Code Changes Post-Audit
After launch, teams push updates:
Each change introduces new risk. An audit covers the codebase as of the audit date—not as of deployment date, and certainly not as of 6 months post-launch.
Vulnerability Class 2: Newly Discovered Attack Vectors
New exploit techniques surface regularly:
Your contract was deemed safe against known attacks. But new attack classes emerge faster than audit cycles.
Vulnerability Class 3: Integration with Unsafe Dependencies
Your protocol is secure in isolation. But after launch:
Each integration adds risk. An audit of your original contract doesn't cover the risks introduced by new dependencies.
Vulnerability Class 4: Governance and Operational Risks
Non-code vulnerabilities emerge post-launch:
These aren't code vulnerabilities but operational failures. Monitoring catches governance anomalies.
Historical data shows the danger:
| Exploit | Audit Date | Exploit Date | Days Between | |---------|-----------|-------------|--------------| | The DAO | Audit found issues | June 17, 2016 | Post-launch | | Cream Finance | Recent audit | Feb 13, 2021 | Weeks | | Poly Network | No public audit | Aug 10, 2021 | Unknown | | Nomad Bridge | Last audit 2 mo prior | Aug 2, 2022 | 60+ days | | Ronin Bridge | Last audit pre-launch | Mar 23, 2022 | 60+ days |
Pattern: Most major exploits occur within 1-12 months post-launch, with 58% occurring within the first 6 months.
An audit is necessary but insufficient. You need monitoring.
1. Code Changes Every deployment should trigger a re-scan. If code changes introduce new vulnerabilities, detection should be automatic.
2. Emerging Threat Patterns As new attack vectors surface, detection rules update. Your already-deployed contract should be re-scanned with new rules automatically.
3. Governance Anomalies Monitoring should track:
4. Integration Risks When you integrate with a new protocol, monitoring should assess the risk and flag dangerous patterns.
5. Dependency Vulnerabilities If a library your contract depends on (OpenZeppelin, Uniswap, etc.) is found to have a vulnerability, monitoring should identify all impacted contracts.
Step 1: Connect Your Repo Link your GitHub repository to Firepan. Firepan creates a webhook that triggers on every push.
Step 2: Run Initial Scan Firepan scans your deployed contracts against all known vulnerability classes. This is your baseline.
Step 3: Configure Alerts Set alert thresholds:
Step 4: Integrate with Incident Response Connect Firepan alerts to your incident response (Slack webhook, PagerDuty, email).
Step 5: Review Weekly Review Firepan dashboard weekly. Verify findings and prioritize fixes.
Implementation Example:
# .github/workflows/firepan-monitor.yml
name: Firepan Post-Deployment Monitoring
on:
push:
branches: [main]
schedule:
- cron: "0 0 * * *" # Daily scan
jobs:
firepan-monitor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Firepan Scan
run: |
curl -X POST https://api.firepan.com/surface/scan \
-H "Authorization: Bearer ${{ secrets.FIREPAN_API_KEY }}" \
-F "repo=${{ github.repository }}" \
-F "commit=${{ github.sha }}"
- name: Notify Slack on Critical
if: failure()
uses: slackapi/slack-github-action@v1.24.0
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
payload: |
{
"text": "Firepan detected critical vulnerability in ${{ github.repository }}"
}
Q: Do I need monitoring if I just got audited?
A: Absolutely. Many vulnerabilities emerge after the audit date — from code changes, new integrations, and newly discovered attack vectors. Your audit is a historical snapshot. Monitoring is your continuous defense.
Q: What's the cost of post-audit monitoring?
A: Firepan monitoring costs $299–$2,999/month depending on protocol size and tier. A single prevented exploit ($1M+) justifies the annual cost many times over.
Q: How often should Firepan scan?
A: Continuously. Every code push triggers a scan automatically. Additionally, Firepan runs background scans daily with updated threat detection rules. You get new findings daily as the threat landscape evolves.
Q: What if monitoring detects a critical issue after launch?
A: Your incident response team activates: (1) verify the finding, (2) assess impact, (3) determine if emergency pause is needed, (4) fix the issue, (5) re-deploy if safe, or (6) communicate with users if exploitation is possible. Firepan alerts give you hours or days before an attacker finds it.
Q: How does Firepan integrate with my incident response?
A: Firepan connects to Slack, email, and PagerDuty. Critical findings trigger alerts immediately. Your on-call team responds within minutes. Start scanning at https://app.firepan.com/
An audit gives you pre-launch confidence. Monitoring gives you post-launch survival. Your contract's threat surface doesn't end on audit completion—it evolves. Monitor continuously.
Start scanning at https://app.firepan.com/
Firepan
12,453 contracts secured. 2,851 vulnerabilities blocked. 236 exploits prevented. Run a free surface scan — results in minutes, no credit card required.
Run Free Scan →