Developers
Flying blind: Why onchain monitoring is your instrument panel
Author
Michael Berryhill
Publishing date
Imagine this… you're a pilot. You and your team have spent the last two years building the “next big thing” in aviation and today, it's finally time for you to fly this machine. You do your pre-flight checks. Everything feels right and tight. You're set at the end of the runway. You get an all-clear from the traffic control tower, drive the throttles forward and you start down the airstrip! Just as you feel the plane begin to lift skyward, you look down and realize there is no airspeed indicator… no compass… no altimeter, fuel gauge, thermometer, or any other instrumentation. You are flying blind and instrumentless! How quickly would you turn around and land the plane? In the absence of these kinds of instruments, how would you even know if you were headed in the right direction?
All too often, projects building in the blockchain space run only basic onchain monitoring or, worse, no monitoring at all. When I say monitoring, I'm referring to the technological means to quantify, understand, and address what is happening for a particular entity on the chain. Projects like Hypernative, ChainPatrol, and Blockaid, monitoring providers active in the Stellar ecosystem, help address this gap by enabling monitoring across the network.
Who should monitor?
Here's the easy mistake to make with our flight analogy: assuming the instrument panel is only the pilot's concern. It isn't. The pilot watches the gauges, but so does air traffic control tracking the flight from the tower, the ground crew watching fuel and systems, and even the passenger who glances out the window when the engine note changes. Everyone with something at stake in that flight is watching the instruments that matter to them. Onchain, the principle is identical: if you have value or responsibility in the air, you should have eyes on the dials.
For builders, operators, and managers of smart contracts, monitoring should be treated as a core operational practice. You are the pilot. You are responsible for the protocol's funds, its users, and its continued safe operation. An audit is a thorough pre-flight inspection, but it is a snapshot in time, not a live feed. The moment your contracts are deployed and holding real value, they enter an adversarial environment where conditions change by the block. Treasury managers, DAOs, exchanges, and infrastructure providers all sit in this same seat: stewards of value who cannot afford to fly without instruments.
But the responsibility does not stop with the people who deploy the code. If you are a user with positions onchain (a lending position that can be liquidated, liquidity supplied to a pool, tokens sitting behind an approval you granted months ago) you are flying too, even if it's a seat you didn't expect to be responsible for. You cannot assume the protocol's pilot is watching your specific exposure. Their instruments are tuned to the health of the whole aircraft; yours need to be tuned to your seat. A drop in a position's collateralization, an unexpected change to a contract you've approved, or anomalous activity in a pool you're in are signals you need to catch.
So who should monitor? Everyone. If you build, operate, or manage smart contracts, you monitor as the steward of an ecosystem. If you hold positions or interact with protocols, you monitor to protect what's yours. There is no passive seat on this flight…there's only the question of whether you've turned your instruments on.
Why should I monitor?
The most concrete reason is time. Onchain, exploits and failures don't unfold over days, they unfold in minutes, sometimes seconds. A sophisticated attack can drain a protocol before you have finished reading the first alert. Continuous monitoring is what compresses your reaction window: it's the difference between learning about a problem from a gauge that's been screaming for ninety seconds versus learning about it from a headline the next morning. In aviation, instruments exist precisely because perception is limited and intuition is too slow and easily fooled to catch a problem developing at altitude. The same is true here.
Monitoring also protects far more than your balance sheet. A single incident can erode user trust, damage a hard-won reputation, and unwind years of community building in an afternoon. Knowing quickly, and with confidence, what happened, what's affected, and what to do next is what lets you respond with composure instead of panic. That credibility is an asset, and monitoring is how you protect it.
It's worth saying plainly that monitoring is not only about attacks. Your instruments tell you about the health of the flight, not just the emergencies. Is an oracle drifting? Is liquidity thinning in a way that changes your risk? Are governance proposals moving that could alter critical parameters? Are borrow and supply caps approaching limits? This is operational awareness, the steady stream of information that lets you make good decisions in normal conditions and spot trouble while it's still small. Good pilots spend almost all their time reading instruments when nothing is wrong; that's exactly why things stay that way.
Finally, monitoring buys you something harder to quantify: the confidence to scale. When you can see what's happening across your protocol or your positions in real time, you can grow, ship new features, and take on more value without the quiet dread of operating in the dark. The best monitoring platforms pair real-time detection across onchain and offchain risks with automated response, so visibility turns into action rather than just another alert. Monitoring turns “I hope nothing goes wrong” into “I'll know the moment something does.” That is the foundation of operating responsibly onchain.
How do I know what I should monitor?
You wouldn't choose an aircraft's instruments at random. The panel is built around the realities of the flight, the route, the weather, the failure modes that matter for this aircraft. Monitoring is the same: before you can decide what to watch, you have to understand what could go wrong. The best place to start is a thorough threat model, and conveniently, Stellar dev docs have a Threat Modeling guide that lays out exactly how to build one.
At its core, threat modeling is a structured way of thinking critically about your system's data flows, trust boundaries, and internal processes. It provides a guided way to reason through the security implications of your design and to surface threats you might not have seen otherwise. The payoff is leverage: issues caught early, at the design stage, are far cheaper to address than ones discovered after users (and their funds) are already interacting with your code.
The Threat Modeling guide frames the whole exercise around four deceptively simple questions. The first is “what are we working on?”. Here the goal is documentation, a clear description of your use case plus a data-flow diagram that maps your external entities, processes, data flows, data storage, and, critically, your trust boundaries: the points where one system begins trusting input from another. The second is “what can go wrong?” Rather than brainstorm at random, the guide applies the STRIDE framework to keep the review consistent and thorough, asking you to identify at least one issue in each of its categories.
The third question “what are we going to do about it?” asks you to define a concrete treatment for each one. And the fourth “did we do a good job?” pushes you to confirm the analysis was deep and broad enough, treating the threat model as a living document you revisit whenever the architecture changes.
This is where threat modeling and monitoring meet. A threat model is a point-in-time analysis; monitoring is what keeps watch on those same threats continuously, once you're live and in the air. The good news is that the work translates almost directly, each STRIDE issue you identified maps to a signal you can monitor. Flagged an elevation-of-privilege risk? Watch for ownership transfers and unexpected privileged calls. Flagged tampering or economic manipulation? Track abnormal price deviations, oversized flash loans, and unusual swaps. Flagged a denial-of-service drain or a liquidation cascade? Baseline your balances, collateralization ratios, and outflows, and alert when reality diverges. Each project will have its own threat model and severity ratings for those alerts. For a simple example of some things that can be monitored for on Stellar and example severities, you can check out https://github.com/stellar/security-tools/blob/main/monitoring/Examples.md. This mapping from threat to detection is precisely how platforms like Hypernative, ChainPatrol, and Blockaid are configured, drawing on a large library of pre-built detection types so you're not starting from a blank panel, while still letting you tailor detections to your protocol. The threat model is your flight plan; the monitoring configuration is the instrument panel you build to fly it safely. Start with your highest-impact issues and expand from there. You don't need every gauge on day one, but you do need the ones that keep you in the air.
What are next steps?
If this has convinced you of anything, let it be this: the worst time to discover you're flying blind is when something is already going wrong. You don't want to be reaching for an altimeter that was never installed.
The good news is that you don't have to build the instrument panel yourself. Monitoring platforms like Hypernative, ChainPatrol, and Blockaid are designed to complement the audit you've already completed, not replace it. Whether you use Hypernative, ChainPatrol, Blockaid, or another provider, the important thing is that someone's instruments are on. What matters is closing the gap between “something is happening” and “we're already responding to it.”
A practical way to begin: bring the threat model you sketched above, identify the handful of high-impact signals you most need eyes on, and reach out to Hypernative, ChainPatrol, Blockaid, or your preferred provider, to get alerting, and ideally automated responses, in place for them. Whether you're operating a protocol on Stellar or simply protecting positions you hold, the setup is far lighter than most people expect, and the cost of waiting is far heavier than most people admit.
You've spent the time building something worth flying. Don't take off without your instruments. Turn on monitoring…and fly with the confidence of knowing exactly where you stand.
Note: Mentions of any specific vendor are for informational purposes only and do not constitute an endorsement, warranty, or guarantee by the Stellar Development Foundation. Readers should independently evaluate any third-party service before engaging it.