Threatscan API V1

Documentation of the QuickScan API

GET https://api.solidityscan.com/api/v1/threatscan/{platform_id}/{chain_id}/{contract_address}

SolidityScan Public API [Example]

Example Request

curl --location --request GET 'https://api.solidityscan.com/api/v1/threatscan/1/1/0x4ee38aa8d7449a177119e983610D73e9ace932dA' \
--header 'Authorization: Token {{token}}'

Example Response

{
    "scan_report": {
        "contract_address": "0x4ee38aa8d7449a177119e983610D73e9ace932dA",
        "contract_chain": "mainnet",
        "contract_platform": "etherscan",
        "contract_url": "https://etherscan.io/address/0x4ee38aa8d7449a177119e983610D73e9ace932dA",
        "contractname": "AdventurerStaking",
        "node_reference_id": null,
        "threat_score": "91.67",
        "threat_scan_details": [
            {
                "issue_description": "The contract’s source code is verified.Source code verification provides transparency for users interacting with smart contracts. Block explorers validate the compiled code with the one on the blockchain. This also gives users a chance to audit the contracts.",
                "issue_id": "QUICK_SCAN_IS_SOURCE_CODE_VERIFIED",
                "issue_name": "IS SOURCE CODE VERIFIED",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract cannot mint new tokens. The _mint functions was not detected in the contracts.Mint functions are used to create new tokens and transfer them to the user’s/owner’s wallet to whom the tokens are minted. This increases the overall circulation of the tokens.",
                "issue_id": "QUICK_SCAN_PRESENCE_OF_MINTING_FUNCTION",
                "issue_name": "PRESENCE OF MINTING FUNCTION",
                "issue_status": "pass"
            },
            {
                "issue_description": "The tokens can not be burned in this contract.Burn functions are used to increase the total value of the tokens by decreasing the total supply.",
                "issue_id": "QUICK_SCAN_PRESENCE_OF_BURN_FUNCTION",
                "issue_name": "PRESENCE OF BURN FUNCTION",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract can not be compiled with an older Solidity version.Pragma versions decide the compiler version with which the contract can be compiled. Having older pragma versions means that the code may be compiled with outdated and vulnerable compiler versions, potentially introducing vulnerabilities and CVEs.",
                "issue_id": "QUICK_SCAN_SOLIDITY_PRAGMA_VERSION",
                "issue_name": "SOLIDITY PRAGMA VERSION",
                "issue_status": "pass"
            },
            {
                "issue_description": "This is not an upgradable contract.Having upgradeable contracts or proxy patterns allows owners to make changes to the contract’s functions, token circulation, and distribution.",
                "issue_id": "QUICK_SCAN_PROXY_BASED_UPGRADABLE_CONTRACT",
                "issue_name": "PROXY-BASED UPGRADABLE CONTRACT",
                "issue_status": "pass"
            },
            {
                "issue_description": "Owners cannot blacklist tokens or users.If the owner of a contract has permission to blacklist users or tokens, all the transactions related to those entities will be halted immediately.",
                "issue_id": "QUICK_SCAN_OWNERS_CAN_NOT_BLACKLIST_TOKENS_OR_USERS",
                "issue_name": "OWNERS CANNOT BLACKLIST TOKENS OR USERS",
                "issue_status": "pass"
            },
            {
                "issue_description": "This is not a Pausable contract.If a contract is pausable, it allows privileged users or owners to halt the execution of certain critical functions of the contract in case malicious transactions are found.",
                "issue_id": "QUICK_SCAN_PAUSABLE_CONTRACTS",
                "issue_name": "PAUSABLE CONTRACTS",
                "issue_status": "pass"
            },
            {
                "issue_description": "Critical functions that add, update, or delete owner/admin addresses are detectedThese functions control the ownership of the contract and allow privileged users to add, update, or delete owner or administrative addresses. Owners are usually allowed to control all the critical aspects of the contract. ",
                "issue_id": "QUICK_SCAN_CRITICAL_ADMINISTRATIVE_FUNCTIONS",
                "issue_name": "CRITICAL ADMINISTRATIVE FUNCTIONS",
                "issue_status": "fail"
            },
            {
                "issue_description": "The contract cannot be self-destructed by owners.selfdestruct() is a special function in Solidity that destroys the contract and transfers all the remaining funds to the address specified during the call. This is usually access-control protected.",
                "issue_id": "QUICK_SCAN_CONTRACT_TOKEN_SELF_DESTRUCT",
                "issue_name": "CONTRACT/TOKEN SELF DESTRUCT",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract is not vulnerable to ERC-20 approve Race condition vulnerability.ERC-20 approve function is vulnerable to a frontrunning attack which can be exploited by the token receiver to withdraw more tokens than the allowance. Proper mitigation steps should be implemented to prevent such vulnerabilities.",
                "issue_id": "QUICK_SCAN_ERC20_RACE_CONDITION",
                "issue_name": "ERC20 RACE CONDITION",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract's owner was not found.Renounced ownership shows that the contract is truly decentralized and once deployed, it can’t be manipulated by administrators.",
                "issue_id": "QUICK_SCAN_RENOUNCED_OWNERSHIP",
                "issue_name": "RENOUNCED OWNERSHIP",
                "issue_status": "pass"
            },
            {
                "issue_description": "No addresses contains more than 5% of circulating token supply.. Token distribution plays an important role when controlling the price of an asset.",
                "issue_id": "QUICK_SCAN_USERS_WITH_TOKEN_BALANCE_MORE_THAN_5_PERCENT",
                "issue_name": "USERS WITH TOKEN BALANCE MORE THAN 5%",
                "issue_status": "pass"
            }
        ],
        "scanner_reference_url": "https://solidityscan.com/quickscan/0x4ee38aa8d7449a177119e983610D73e9ace932dA/etherscan/mainnet"
    },
    "status": "success"
}

This API will return the count of total vulnerabilities detected by SolidityScan and the security score of the Smart Contract for a contract address whose contract code is verified on the supported explorers.

Supported Explorers for Verified Contracts

Headers

Accept application/json, text/plain, */* Accept-Language en-GB,en Connection keep-alive Content-Type application/json Authorization Token {{token}}

Parameters

{{platform_id}}

PlatformParameter Value

etherscan.io

1

bscscan.com

2

polygonscan.com

3

snowtrace.io

4

ftmscan.com

5

cronoscan.com

6

celoscan.io

7

aurorascan.dev

8

arbiscan.io

9

reefscan.io

13

nordekscan.com

14

explorer.fuse.io

15

{{chain_id}

PlatformchainsValue

etherscan.io

mainnet

1

goerli

3

kovan

4

rinkeby

5

ropsten

6

bscscan.com

mainnet

1

testnet

2

polygonscan.com

mainnet

1

testnet

2

snowtrace.io

mainnet

1

testnet

2

ftmscan.com

mainnet

1

testnet

2

cronoscan.com

mainnet

1

testnet

2

celoscan.io

mainnet

1

testnet

2

aurorascan.dev

mainnet

1

testnet

2

arbiscan.io

mainnet

1

testnet

2

reefscan.io

mainnet

1

testnet

2

nordekscan.com

mainnet

1

explorer.fuse.io

mainnet

1

testnet

2

Builbear

Example Request

curl --location --request GET 'https://api.solidityscan.com/api/v1/threatscan/10/Bottom_R5-D4_de9d270c/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136'
--header 'Authorization: Token {{token}}' 

Example Response

{
    "scan_report": {
        "contract_address": "0x1aa51bc7eb181ce48ce626bf62f8956fa9555136",
        "contract_platform": "buildbear",
        "contract_url": "https://buildbear.io/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136",
        "contractname": "PAWZONE",
        "node_reference_id": "Bottom_R5-D4_de9d270c",
        "threat_score": "84.62",
        "threat_scan_details": [
            {
                "issue_description": "The contract’s source code is verified.Source code verification provides transparency for users interacting with smart contracts. Block explorers validate the compiled code with the one on the blockchain. This also gives users a chance to audit the contracts.",
                "issue_id": "QUICK_SCAN_IS_SOURCE_CODE_VERIFIED",
                "issue_name": "IS SOURCE CODE VERIFIED",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract cannot mint new tokens. The _mint functions was not detected in the contracts.Mint functions are used to create new tokens and transfer them to the user’s/owner’s wallet to whom the tokens are minted. This increases the overall circulation of the tokens.",
                "issue_id": "QUICK_SCAN_PRESENCE_OF_MINTING_FUNCTION",
                "issue_name": "PRESENCE OF MINTING FUNCTION",
                "issue_status": "pass"
            },
            {
                "issue_description": "The tokens can be burned in this contract.Burn functions are used to increase the total value of the tokens by decreasing the total supply.",
                "issue_id": "QUICK_SCAN_PRESENCE_OF_BURN_FUNCTION",
                "issue_name": "PRESENCE OF BURN FUNCTION",
                "issue_status": "fail"
            },
            {
                "issue_description": "The contract can not be compiled with an older Solidity version.Pragma versions decide the compiler version with which the contract can be compiled. Having older pragma versions means that the code may be compiled with outdated and vulnerable compiler versions, potentially introducing vulnerabilities and CVEs.",
                "issue_id": "QUICK_SCAN_SOLIDITY_PRAGMA_VERSION",
                "issue_name": "SOLIDITY PRAGMA VERSION",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract was found to be using ERC-20 token standard.ERC-20 is the technical standard for fungible tokens that defines a set of properties that makes all the tokens similar in type and value.",
                "issue_id": "QUICK_SCAN_IS_ERC20_TOKEN",
                "issue_name": "IS ERC-20 TOKEN",
                "issue_status": "pass"
            },
            {
                "issue_description": "This is not a Pausable contract.If a contract is pausable, it allows privileged users or owners to halt the execution of certain critical functions of the contract in case malicious transactions are found.",
                "issue_id": "QUICK_SCAN_PAUSABLE_CONTRACTS",
                "issue_name": "PAUSABLE CONTRACTS",
                "issue_status": "pass"
            },
            {
                "issue_description": "Critical functions that add, update, or delete owner/admin addresses are not detectedThese functions control the ownership of the contract and allow privileged users to add, update, or delete owner or administrative addresses. Owners are usually allowed to control all the critical aspects of the contract. ",
                "issue_id": "QUICK_SCAN_CRITICAL_ADMINISTRATIVE_FUNCTIONS",
                "issue_name": "CRITICAL ADMINISTRATIVE FUNCTIONS",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract cannot be self-destructed by owners.selfdestruct() is a special function in Solidity that destroys the contract and transfers all the remaining funds to the address specified during the call. This is usually access-control protected.",
                "issue_id": "QUICK_SCAN_CONTRACT_TOKEN_SELF_DESTRUCT",
                "issue_name": "CONTRACT/TOKEN SELF DESTRUCT",
                "issue_status": "pass"
            },
            {
                "issue_description": "The contract is not vulnerable to ERC-20 approve Race condition vulnerability.ERC-20 approve function is vulnerable to a frontrunning attack which can be exploited by the token receiver to withdraw more tokens than the allowance. Proper mitigation steps should be implemented to prevent such vulnerabilities.",
                "issue_id": "QUICK_SCAN_ERC20_RACE_CONDITION",
                "issue_name": "ERC20 RACE CONDITION",
                "issue_status": "pass"
            },
        ],
        "scanner_reference_url": "https://solidityscan.com/quickscan/0x1aa51bc7eb181ce48ce626bf62f8956fa9555136/buildbear/Bottom_R5-D4_de9d270c?ref=buildbear"
    },
    "status": "success"
}

Last updated