Smart Contract Risk Scorer
Purpose
Analyze smart contracts for security vulnerabilities and rug pull indicators to protect users from malicious tokens and scams in the DeFi ecosystem.
Specification
Job: Analyze a smart contract and return comprehensive security assessment with risk score, vulnerabilities, and actionable recommendations.
Inputs:
contract_address - Smart contract address to analyze (0x...)chain - Blockchain network (ethereum, polygon, arbitrum, optimism, base)scan_depth - Analysis depth: "quick" (30s) or "deep" (2-3 min)
Returns:
risk_score - Overall risk score (0-100, higher = more risky)risk_level - Risk category: "low", "medium", "high", "critical"vulnerabilities[] - List of detected security issues with severitysecurity_checks - Results of all security validations (honeypot, ownership, proxy detection)external_checks - Third-party API verification results (GoPlus, Token Sniffer)contract_info - Contract metadata (name, creator, age, verification status)recommendations[] - Actionable security recommendationsconfidence - Confidence level of the analysis (0.0-1.0)
Acceptance Criteria
✅ Analyzes smart contracts for security risks and rug pull indicators
✅ Multi-source verification (Etherscan + GoPlus + Token Sniffer APIs)
✅ Detects honeypots, hidden ownership, and malicious code patterns
✅ Source code analysis for verified contracts (50+ malicious patterns)
✅ Bytecode analysis fallback for unverified contracts
✅ Ownership analysis (renounced, timelocks, multi-sig detection)
✅ Risk score calculation with confidence level
✅ Detailed findings with evidence and severity ratings
✅ Response time < 10 seconds for quick scans, < 30 seconds for deep scans
✅ Must be deployed on a domain and reachable via X402
Use Cases
- Before investing: Check if a new token is a scam or rug pull
- Portfolio audit: Analyze existing holdings for security risks
- Due diligence: Verify contract safety before interacting with DeFi protocols
- Whale watching: Detect concentrated ownership and creator holdings
- Honeypot detection: Identify tokens that cannot be sold
Done When
Agent provides accurate security analysis with verified risk assessments from multiple data sources, helping users make informed decisions about smart contract interactions.
Resources
Submission
Submission is a PR into this repo linking the issue - first in first served if the bounty has been completed.
Smart Contract Risk Scorer
Purpose
Analyze smart contracts for security vulnerabilities and rug pull indicators to protect users from malicious tokens and scams in the DeFi ecosystem.
Specification
Job: Analyze a smart contract and return comprehensive security assessment with risk score, vulnerabilities, and actionable recommendations.
Inputs:
contract_address- Smart contract address to analyze (0x...)chain- Blockchain network (ethereum, polygon, arbitrum, optimism, base)scan_depth- Analysis depth: "quick" (30s) or "deep" (2-3 min)Returns:
risk_score- Overall risk score (0-100, higher = more risky)risk_level- Risk category: "low", "medium", "high", "critical"vulnerabilities[]- List of detected security issues with severitysecurity_checks- Results of all security validations (honeypot, ownership, proxy detection)external_checks- Third-party API verification results (GoPlus, Token Sniffer)contract_info- Contract metadata (name, creator, age, verification status)recommendations[]- Actionable security recommendationsconfidence- Confidence level of the analysis (0.0-1.0)Acceptance Criteria
✅ Analyzes smart contracts for security risks and rug pull indicators
✅ Multi-source verification (Etherscan + GoPlus + Token Sniffer APIs)
✅ Detects honeypots, hidden ownership, and malicious code patterns
✅ Source code analysis for verified contracts (50+ malicious patterns)
✅ Bytecode analysis fallback for unverified contracts
✅ Ownership analysis (renounced, timelocks, multi-sig detection)
✅ Risk score calculation with confidence level
✅ Detailed findings with evidence and severity ratings
✅ Response time < 10 seconds for quick scans, < 30 seconds for deep scans
✅ Must be deployed on a domain and reachable via X402
Use Cases
Done When
Agent provides accurate security analysis with verified risk assessments from multiple data sources, helping users make informed decisions about smart contract interactions.
Resources
Submission
Submission is a PR into this repo linking the issue - first in first served if the bounty has been completed.