Description:
Run a comprehensive risk analysis on a smart contract by specifying its address and chain ID.
Request Parameters:
address (string): The smart contract address to analyze.
chain_id (string): The blockchain chain ID (use /api/v1/chain/list).
token (string): Your authentication token in the format {public_token}-{private_token}.
Result Parameters:
address – Contract address to be analyzed.
chain_id – chain ID.
info – General information about the address.
is_proxy – true/false. Indicates whether the provided address is a proxy contract. If it is a proxy, we scan the implementation contract instead of the proxy itself. In the results, we show both the original address provided by the user (proxy_address) and the actual implementation address that was scanned (implementation_address).
implementation_address – See is_proxy.
proxy_address – See is_proxy.
is_verified – true/false. Indicates whether the contract provided by the user is verified. If false, it means the deployer intentionally hid the code, leaving no way for users to check its functionality.
is_erc20 - true/false. In case of "false", the API output will not include risk breakdown
results - Array of risks. Each element of the array contains:
key: Risk name
value: true / false — whether the risk exists
title: Risk title
sub_title: Risk subtitle
description: Risk description
severity: Risk severity
market-endorsed: Property complements the technical and code-analysis-based trust score by indicating whether a token has been broadly adopted, integrated, and trusted by traders, platforms, and end-users over time
Example Request:
Sample Response: erc_20 true
Sample Response: erc_20 false
Errors
400
MISSING_PARAMETERS
Required parameters are missing. Please provide address, chain_id, and token.
400
INVALID_TOKEN_FORMAT
Token must be in format public-private separated by a hyphen.
400
INVALID_ADDRESS_FORMAT
The address could not be parsed due to an invalid or unrecognized format.
400
INVALID_CHAIN_ID
Invalid chain ID, must be one of the supported chain IDs.
400 (or 200)
PROCESSING_TIMEOUT
The request took too long to process. Please try again later. (May still return 200)
400 (or 200)
INTERNAL_ERROR
Something went wrong. Please contact support if the issue persists. (May still return 200)
429
–
Rate limit exceeded.
⚠️ Note: Both timeout and internal errors may still arrive in the response body with status: 200 due to the streaming mechanism.
{
"address": "0xdac17f958d2ee523a2206206994597c13d831ec7",
"chain_id": "1",
"results": [
{
"key": "risk_upgradeable",
"value": "false",
"title": "Upgradeable",
"sub_title": "Token contract can be used by other proxies as delegated implementation",
"description": "The token contract is designed to also be used as an implementation for proxy contracts to delegate their implementations to.",
"severity": "info"
},
{
"key": "risk_basic_transfer_fee",
"value": "true",
"title": "Basic Transfer Fee",
"sub_title": "Basic Fee functionality included in transfers",
"description": "The token contract's transfer or transferFrom functions have a basic fee functionality that can be turned on. This may mean that the receiver address can get fewer or a different amount of tokens than passed within the transfer functions.",
"severity": "medium"
},
{
"key": "risk_external_call_in_transfer",
"value": "true",
"title": "External call in transfer",
"sub_title": "Transfer functionality is dependent on other contracts",
"description": "The token contract has at least one external call in its transfer functions. There is a possibility that these external calls may be used to alter the transfer flow, e.g. blocking the transfers or manipulating the amount of tokens being sent.",
"severity": "medium"
},
{
"key": "risk_pausable",
"value": "true",
"title": "Pausable",
"sub_title": "Token operations can be Paused by an external authority",
"description": "The token contract has a pausing mechanism implemented and controlled by an external authority. This may mean token operations, such as transfers, can be paused.",
"severity": "medium"
},
{
"key": "risk_unauthorized_token_approvals",
"value": "false",
"title": "Unauthorized Token Approvals",
"sub_title": "An external authority can Approve tokens for holders",
"description": "The token contract has approve functionality, using which an external authority can manipulate the allowances of the token holders.",
"severity": "high"
},
{
"key": "risk_whitelist",
"value": "false",
"title": "Whitelist",
"sub_title": "Whitelist-based functionality implemented in transfers",
"description": "The token contract's transfer functions have implemented whitelist functionality. This generally means that some token holders have privileges over others; a whitelist can also be used to block transfers for many token holders.",
"severity": "low"
},
{
"key": "risk_blacklist",
"value": "true",
"title": "Blacklist",
"sub_title": "Transfers can be blocked for specific senders using Blocklist",
"description": "The token contract's transfer functionality includes checking the token sender address against a controlled blocklist, which may cause a transfer freeze for certain holders.",
"severity": "high"
},
{
"key": "risk_excessive_token_withdrawal",
"value": "false",
"title": "Asset Withdrawal",
"sub_title": "An external authority can Sweep (transfer out) tokens from the contract",
"description": "The token contract has asset sweeping (transferring out) functionality for the assets on its balance. While generally, the token contract itself should not hold any assets on its balance, this may impose a risk for users in case the contract is designed to receive tokens or native assets directly.",
"severity": "info"
},
{
"key": "risk_hidden_fees",
"value": "false",
"title": "Hidden fees",
"sub_title": "Hidden fee functionality included in transfers",
"description": "The token contract's transfer or transferFrom functions have a hidden fee functionality that can be turned on. This may mean that the receiver address can get fewer or a different amount of tokens than passed within the transfer functions.",
"severity": "high"
},
{
"key": "risk_blockable_transfer",
"value": "true",
"title": "Blockable Transfer",
"sub_title": "Transfers can be blocked for specific senders using various checks",
"description": "The token contract's transfer functionality includes checks such as transfer pausing, cooldown period checks, big transfer amounts checks etc. This may cause a transfer freeze for certain holders.",
"severity": "medium"
},
{
"key": "risk_eth_balance_sweep",
"value": "false",
"title": "ETH Balance Sweep",
"sub_title": "An external authority can Sweep (transfer out) native currency from the contract",
"description": "The token contract has asset sweeping (transferring out) functionality for the assets on its balance. While generally, the token contract itself should not hold any assets on its balance, this may impose a risk for users in case the contract is designed to receive tokens or native assets directly.",
"severity": "info"
},
{
"key": "risk_transfer_time_constraints",
"value": "false",
"title": "Cooldown checks",
"sub_title": "Transfers can be Time-Constrained (cooldown periods)",
"description": "The transfer functions in the token contract have time-based checks. This can implement transfer cooldowns or even fully block token transfers.",
"severity": "medium"
},
{
"key": "risk_selfdestruct",
"value": "false",
"title": "Selfdestruct",
"sub_title": "Self-destructing token contract",
"description": "The token contract has self-destruct functionality. This means the storage values, including balances, will be wiped after the contract self-destructs.",
"severity": "high"
},
{
"key": "risk_proxy",
"value": "false",
"title": "Proxy",
"sub_title": "Token contract is a Proxy (upgradable contract)",
"description": "The token contract does not directly implement the logic but instead uses the proxy pattern to be upgradable. This means that the contract actual code can be changed at any time, which may impose various risks.",
"severity": "high"
},
{
"key": "risk_centralized_mint",
"value": "false",
"title": "Centralized Mint",
"sub_title": "An external authority can Mint tokens",
"description": "The token contract has a token minting functionality that can be called only by an external authority and can affect the actual price of the token, diluting the holders.",
"severity": "high"
},
{
"key": "risk_balance_manipulation_in_non_standard_functions",
"value": "false",
"title": "Balance Manipulation",
"sub_title": "Balance of the token can be manipulated in non-standard functions",
"description": "The token contract has callable functions that manipulate the balance and are not standard token functions like transfer/transferFrom or burn/mint functionality.",
"severity": "medium"
},
{
"key": "risk_centralized_burn",
"value": "false",
"title": "Centralized Burn",
"sub_title": "An external authority can Burn holders' tokens",
"description": "The token contract has a token burning functionality which can be called only by an external authority and can affect the balances of token holders.",
"severity": "high"
}
],
"info": {
"implementation_address": null,
"is_proxy": false,
"proxy_address": "0xdac17f958d2ee523a2206206994597c13d831ec7",
"is_verified": true,
"is_erc20": true
},
"execution_time": 0.01406703,
"score": 0,
"market_endorsed": true
}
