When I published the State of Sui report, the biggest surprise wasn't the 39.6 % of voting power exposed — it was actually how little people 'cared' about external hygiene. I thought I was doing a good thing for the network. Alas, Sui really didn't seem that fussed.
The data was acknowledged and questioned and dismissed as 'not a bug bounty'. But that wasn't the aim of the project at all.
So I thought it would be cool to try and visualise this data without requiring Yet Another Dashboard Tool To Login In To (YADTTTIT)?
So I built a wee Discord Bot that would allow validators to have a look at their scores. And also for regular users, like me, to check how secure a validator was.
And here it is!
Why a Discord bot?
Most validator operators already live in Discord.
You're there for epoch coordination, validator channels, and announcements — so security should meet you there too.
PGDN Sentinel is a private, agentic security toolkit for Sui validators that runs entirely through Discord DMs.
No dashboards, no credentials, no installs.
Just slash commands. That's what she said.
I released this code as an open source project that you can use although I haven't worked out how to make the backend data public yet. That's just in a db for now.
Why Keep The Data Private Simon?!
As with most external analysis, I did uncover a large number of validators with actual issues, CVEs, misconfigurations etc. I figured that it probably wouldn't be the best idea to publish these.
That said, I did create a 'validation' logic that would allow the 'validators' to prove ownership and then get a list of these. And I've been offering some free advice to them too. Because that's how I roll.
What is the architecture, I hear you asking?!
I created two repos - the main 'bot' that subscribes to the Discord webhooks and an API. The API is connected to the db and I'm running this in a Kubernetes cluster. I guess in theory, the bot can run anywhere but I locked the API's ingress down.
It's all in Python. And Claude gave me a helping hand, as usual.
Why this matters
In Simulated Attack, I modelled how an attacker could disable enough validators to cross the 33 % halt threshold. Sentinel exists to close that gap — to make external posture checks routine and effortless.
You don't need a SOC team to know if your node is exposed.
Try it
➡️ Add PGDN Sentinel in Discord
Works in any server or direct DM.
The code can be found here, it's MIT licensed which means you are totally welcome to do what you want with it.
API: https://github.com/pgdn-oss/pgdn-api-discord
Bot: https://github.com/pgdn-oss/pgdn-discord
Get in touch
I'm a CTO with 20 years experience, most recently even managed to exit a crypto exchange. I would love to connect on Twitter - please do DM and follow me, I have limited frens on there still :) https://x.com/simonpmorley
Top comments (0)