π’Threatscan API V1
Last updated
Last updated
SolidityScan Public API [Example]
curl --location --request GET 'https://api.solidityscan.com/api/v1/threatscan/1/1/0x4ee38aa8d7449a177119e983610D73e9ace932dA' \
--header 'Authorization: Token {{token}}'{
"scan_report": {
"contract_address": "0xa579472f17b6E1b6C5dED2A785067a89EC536ce8",
"contract_chain": "mainnet",
"contract_platform": "etherscan",
"contract_url": "https://etherscan.io/address/0xa579472f17b6E1b6C5dED2A785067a89EC536ce8",
"contractname": "AddOnAi",
"is_quick_scan": true,
"request_type": "threat_scan",
"ts_scan_details": [
{
"gas": 74953.0,
"issue_code_findings_enabled": false,
"issue_description": "<p>The simulation for the scanned contract indicates that this token incorporates antiwhale measures. These measures are designed to prevent large holders from impacting the market significantly, ensuring fairer distribution and trading practices.</p>",
"issue_dynamic_desc": "Antiwhale Simulation - Token Has Antiwhale Measures",
"issue_id": "TRANSACTION_STIMULATION_WHALE_MODULE",
"issue_name": "TOKEN IS ANTIWHALE",
......This API will return the count of total vulnerabilities detected by SolidityScan and the security score of the Smart Contract for a contract address whose contract code is verified on the supported explorers.
BuildBear Example:
curl --location --request GET 'https://api.solidityscan.com/api/v1/threatscan/10/Bottom_R5-D4_de9d270c/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136'
--header 'Authorization: Token {{token}}' {
"scan_report": {
"contract_address": "0x1aa51bc7eb181ce48ce626bf62f8956fa9555136",
"contract_platform": "buildbear",
"contract_url": "https://buildbear.io/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136",
"contractname": "PAWZONE",
"node_reference_id": "Bottom_R5-D4_de9d270c",
"threat_score": "84.62",
"threat_scan_details": [
{
"issue_description": "The contractβs source code is verified.Source code verification provides transparency for users interacting with smart contracts. Block explorers validate the compiled code with the one on the blockchain. This also gives users a chance to audit the contracts.",
"issue_id": "QUICK_SCAN_IS_SOURCE_CODE_VERIFIED",
"issue_name": "IS SOURCE CODE VERIFIED",
"issue_status": "pass"
},
{
"issue_description": "The contract cannot mint new tokens. The _mint functions was not detected in the contracts.Mint functions are used to create new tokens and transfer them to the userβs/ownerβs wallet to whom the tokens are minted. This increases the overall circulation of the tokens.",
"issue_id": "QUICK_SCAN_PRESENCE_OF_MINTING_FUNCTION",
"issue_name": "PRESENCE OF MINTING FUNCTION",
"issue_status": "pass"
},
{
"issue_description": "The tokens can be burned in this contract.Burn functions are used to increase the total value of the tokens by decreasing the total supply.",
"issue_id": "QUICK_SCAN_PRESENCE_OF_BURN_FUNCTION",
"issue_name": "PRESENCE OF BURN FUNCTION",
"issue_status": "fail"
},
{
"issue_description": "The contract can not be compiled with an older Solidity version.Pragma versions decide the compiler version with which the contract can be compiled. Having older pragma versions means that the code may be compiled with outdated and vulnerable compiler versions, potentially introducing vulnerabilities and CVEs.",
"issue_id": "QUICK_SCAN_SOLIDITY_PRAGMA_VERSION",
"issue_name": "SOLIDITY PRAGMA VERSION",
"issue_status": "pass"
},
{
"issue_description": "The contract was found to be using ERC-20 token standard.ERC-20 is the technical standard for fungible tokens that defines a set of properties that makes all the tokens similar in type and value.",
"issue_id": "QUICK_SCAN_IS_ERC20_TOKEN",
"issue_name": "IS ERC-20 TOKEN",
"issue_status": "pass"
},
{
"issue_description": "This is not a Pausable contract.If a contract is pausable, it allows privileged users or owners to halt the execution of certain critical functions of the contract in case malicious transactions are found.",
"issue_id": "QUICK_SCAN_PAUSABLE_CONTRACTS",
"issue_name": "PAUSABLE CONTRACTS",
"issue_status": "pass"
},
{
"issue_description": "Critical functions that add, update, or delete owner/admin addresses are not detectedThese functions control the ownership of the contract and allow privileged users to add, update, or delete owner or administrative addresses. Owners are usually allowed to control all the critical aspects of the contract. ",
"issue_id": "QUICK_SCAN_CRITICAL_ADMINISTRATIVE_FUNCTIONS",
"issue_name": "CRITICAL ADMINISTRATIVE FUNCTIONS",
"issue_status": "pass"
},
{
"issue_description": "The contract cannot be self-destructed by owners.selfdestruct() is a special function in Solidity that destroys the contract and transfers all the remaining funds to the address specified during the call. This is usually access-control protected.",
"issue_id": "QUICK_SCAN_CONTRACT_TOKEN_SELF_DESTRUCT",
"issue_name": "CONTRACT/TOKEN SELF DESTRUCT",
"issue_status": "pass"
},
{
"issue_description": "The contract is not vulnerable to ERC-20 approve Race condition vulnerability.ERC-20 approve function is vulnerable to a frontrunning attack which can be exploited by the token receiver to withdraw more tokens than the allowance. Proper mitigation steps should be implemented to prevent such vulnerabilities.",
"issue_id": "QUICK_SCAN_ERC20_RACE_CONDITION",
"issue_name": "ERC20 RACE CONDITION",
"issue_status": "pass"
},
],
"scanner_reference_url": "https://solidityscan.com/quickscan/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136/buildbear/Bottom_R5-D4_de9d270c?ref=buildbear"
},
"status": "success"
}