Risk analysis api comparison
URL dApp risk evaluation: Tested agains these urls (provided by blockaid team)
`'https://metamask-fix.pages.dev',`
`'https://doc-opensea.com',`
`'https://mantachain-network.org',`
`'https://airdropmantanetwork.org',`
`'https://ghostdag.site',`
`'https://rewards-mantapacific.net',`
`'https://overlordcoin.xyz',`
`'https://zk-distributions.app',`
`'https://reg-monad.com',`
`'https://unstopable.domains',`
`'https://manta-byj.pages.dev',`
`'https://airdrop-mantanetworks.com',`
`'https://realms-90n.pages.dev',`
`'https://boype.bio',`
`'https://playsipher.pages.dev',`
`'https://yprideckt.com',`
`'https://blurnftgroup.tech',`
`'https://tamadoge.top',`
`'https://registrar-renderfoundation.com',`
`'https://migrate-dypius.pages.dev',`
`'https://bellcoin.xyz',`
`'https://bitcoinbridge.org',`
`'https://clmtaiko.xyz',`
`'http://airdrop.monta.network',`
`'http://cusd.tech',`
`'https://dfinity.cab',`
`'https://blastl2-claim.org',`
`'https://mantanetwork-chain.net',`
`'https://soulbound-4p2.pages.dev',`
`'http://coin-portals.web.app',`
`'https://shwifeth.art',`
`'https://submit-aave.com',`
`'https://notcoin.gift',`
`'https://injectiveve.com',`
`'https://zurmarket-v1vercel.com',`
`'https://tengria.xyz',`
`'https://airdro# p-mamta.network',`
`'https://spongevip.info',`
`'https://zkfaer.io'`
]
Blockaid:
- if the dapp is not recognised it is being scanned
- 39/39 malicious
- also info if the url is web3 and/if malicous Reponse for malicoius dapp
{
status: 'hit',
url: 'doc-opensea.com',
scan_start_time: '2024-01-07T20:27:38.911000',
scan_end_time: '2024-01-07T20:33:38.356000',
malicious_score: 1,
is_reachable: true,
is_web3_site: true,
is_malicious: true,
attack_types: {
raw_ether_transfer: { score: 1, threshold: 1, features: {} },
blur_farming: { score: 1, threshold: 1, features: {} },
malicious_network_interaction: { score: 1, threshold: 1, features: {} },
malicious_sdk: { score: 1, threshold: 1, features: {} }
},
network_operations: [
'api.cloudweb3-api.com',
'cloudflare-eth.com',
'doc-opensea.com',
'eth.llamarpc.com',
'explorer-api.walletconnect.com',
'fonts.googleapis.com',
'fonts.gstatic.com',
'ipapi.co',
'jsdelivr.net',
'rpc.cloudweb3-api.com',
'rpc.walletconnect.com',
'unpkg.com',
'verify.walletconnect.org'
],
json_rpc_operations: [
'eth_accounts',
'eth_chainId',
'eth_requestAccounts',
'eth_sendTransaction',
'eth_signTypedData_v4'
],
contract_write: {
contract_addresses: [ '0xa12a679e521983b871efef34049ace12274cf9ef' ],
functions: {}
},
contract_read: { contract_addresses: [], functions: {} }
}
Redefine:
- 26/39 HIGH
- 11/39 NO_ISSUES
- 2/39 MEDIUM
Blowfish
- 30/39 Free tier users cannot send us new domains to analyze.
- 5/39 score 1
- 3/39 score 0.5
- 1/39 score 0
Simulate transactions:
Blockaid:
- validation and simulation for bulk of transactions
- provides data about
- in and out tokens and their $value for all addresses
- all contract addresses that are triggered with their names
- basic humanization for movement of tokens
- total usd diffs
Blowfish:
- simulation failed when passing data for a swap
Redefine:
- balance changes just for the user account
- short and long descriptions of the issues
[
{
"description": {
"short": "This token has low trading activity on reputable DEXs during the past 7 days",
"long": "This token has been traded 40 times on active pools in the last 7 days, it seems to have low public interest and could lack sufficient liquidity, meaning that selling this token would be difficult/impossible depending on the position size"
},
"category": "TOKEN_LIQUIDITY",
"severity": {
"code": 1,
"label": "LOW"
}
},
{
"description": {
"short": "One of the EOA holders of this token owns a 11.3965 % of the total supply",
"long": "The token has a 11.3965 % of its total supply held in a single wallet, meaning there is a risk that they could dump their holdings on the market and cause a substantial price drop"
},
"category": "DISTRIBUTION_OF HOLDINGS",
"severity": {
"code": 1,
"label": "LOW"
}
}
]
Signed messages:
Blockaid: both simulation and validation
validation {
"result_type": "Malicious",
"description": "A known malicious address is involved in the transaction",
"reason": "transfer_farming",
"classification": "known_malicious",
"features": []
}
"simulation": {
"assets_diffs": {
[paritcipantAddress:string]: {
"asset": {...},
"in": [...],
"out": [...]
}[]
},
"total_usd_diff": {
[paritcipantAddress:string]: {
"in": "0.000000000000002551",
"out": "0.0",
"total": "0.000000000000002551"
}
},
"exposures": {},
"total_usd_exposure": {},
"address_details": {
[paritcipantAddress:string]: {
"name_tag": string,
"contract_name": string
}
},
"account_summary": {
"assets_diffs": [
{
"asset": {
"type": "NATIVE",
"name": "Ether",
"symbol": "ETH",
"chain_name": "Ethereum Mainnet",
"chain_id": 1,
"decimals": 18,
"logo_url": "https://cdn.blockaid.io/chain/ethereum"
},
"in": [
{
"usd_price": "0.000000000000002551",
"summary": "Received 0 ETH",
"value": "0.000000000000000001",
"raw_value": "0x1"
}
],
"out": []
}[],
],
"total_usd_diff": {
"in": "0.000000000000002551",
"out": "0.0",
"total": "0.000000000000002551"
},
"exposures": [],
"total_usd_exposure": {}
}
}
}
Redefine:
"insights":{
"issues":[
{
"description":{
"short":"You are listing your NFT for free",
"long":"You are listing your NFT for free"
},
"category":"GENERAL",
"severity":{
"code":4,
"label":"CRITICAL"
}
}
],
"verdict":{
"code":4,
"label":"CRITICAL"
}
}"insights":{
"issues":[
{
"description":{
"short":"You are listing your NFT for free",
"long":"You are listing your NFT for free"
},
"category":"GENERAL",
"severity":{
"code":4,
"label":"CRITICAL"
}
}
],
"verdict":{
"code":4,
"label":"CRITICAL"
}
}
Blowfish:
- yes
Rabby on security
