The Incident: What Happened to Ekubo? The attacker exploited a flaw in the Payment Callback logic, manipulating token transfers from users who had granted maximum approvals to the contract. This wasn't a flaw in the AMM math itself, but a failure in access control and state validation during cross-chain interactions. The Solution: Active Invariant Monitoring To address this, I've updated my project, Sentinel-Rhea, to support multi-chain monitoring (EVM + Starknet). The Strategy Our agent doesn't just check if a hack happened; it checks if the rules of the protocol are still being followed. For EVM (Mantle): We monitor the Assets-to-Shares ratio to detect "Ghost Debt". For Starknet (Ekubo Core): We monitor pool reserves and "Flash Accounting" deltas. Implementation in Clojure Why Clojure? Its concurrency model and functional purity make it ideal for high-speed blockchain polling. Here is how we implemented a resilient, multi-chain watcher: Clojure :content-type :json Handling Public RPC Challenges During development, we faced 403 Forbidden errors and Cloudflare blocks from public Starknet nodes. A production-grade sentinel must be resilient. We implemented: User-Agent Masking to bypass basic filters. Exception Handling to prevent agent crashes during network congestion. Failover Logic to maintain monitoring even when specific nodes are unstable. Conclusion Check out the full source code and my research here: 👉 https://github.com/rdin777/sentinel-rhea blockchain #security #clojure #web3 #starknet