Create Block Explorer Scans

Create a Block Explorer Scan

POST /v1/scans/explorer

This endpoint allows you to initiate a scan of a specific smart contract on a blockchain via a block explorer interface. By providing the smart contract's address and the chain ID, users can receive detailed security scan of the contract's source code.

Headers

Name
Value

Content-Type

application/json

Authorization

Bearer <token>

Body

Name
Type
Description

contract_address

string

Address of the smart contract to scan

chain_id

number

ID of the chain the contract is deployed on.

Response

{
  "success": true,
  "scan_id": "60188023-0b6f-4994-ba15-3d973efb0711",
  "webhook_url": "your-specified-callback-url.com"
}

Webhook Response

Once a scan completes, AuditBase will callback a webhook with the following data:

{
   "success":true,
   "scan_id":"60188023-0b6f-4994-ba15-3d973efb0711",
   "data":{
      "findings":[
         {
            "id":"cb775b85-a334-4096-bbb6-1ec3540b46c4",
            "title":"Centralization risk for trusted owners",
            "description":"Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Consider changing to a multi-signature setup, or having a role-based authorization model.",
            "identifier":"M001",
            "count":1,
            "gas_savings":"-",
            "severity":"M",
            "snippet":"```solidity\nFile: tmp/0bd226dd-a4da-4dbe-8005-6616cae58949/contract.sol\n\n559         function renounceOwnership() public onlyOwner {\n568         function transferOwnership(address newOwner) public onlyOwner {\n602         function changeName(string memory name) public onlyOwner{\n\n```\n"
         },
         {
            "id":"bae2e591-5fca-48ed-8233-eaceec8649c2",
            "title":"Use `Ownable2Step` rather than `Ownable`",
            "description":"`Ownable2Step` and `Ownable2StepUpgradeable` prevent the contract ownership from mistakenly being transferred to an address that cannot handle it (e.g. due to a typo in the address), by requiring that the recipient of the owner permissions actively accept via a contract call of its own.",
            "identifier":"L001",
            "count":1,
            "gas_savings":"-",
            "severity":"L",
            "snippet":"```solidity\nFile: tmp/0bd226dd-a4da-4dbe-8005-6616cae58949/contract.sol\n\n590     contract Token is ERC20, ERC20Detailed, ERC20Burnable, Ownable {\n\n```\n"
         },
         {
            "id":"d49b8e59-5c39-4a28-9500-bd1a434e8125",
            "title":"Burn functions should be protected with a modifier",
            "description":"  ",
            "identifier":"L002",
            "count":1,
            "gas_savings":"-",
            "severity":"L",
            "snippet":"```solidity\nFile: tmp/0bd226dd-a4da-4dbe-8005-6616cae58949/contract.sol\n\n492         function burn(uint256 amount) public {\n493             _burn(msg.sender, amount);\n494         }\n\n```\n"
         },
         {
            "id":"e489b2cf-7385-4945-a971-d2a2d56a5831",
            "title":"No limits when setting state variable amounts",
            "description":"It is important to ensure state variables numbers are set to a reasonable value.",
            "identifier":"L003",
            "count":1,
            "gas_savings":"-",
            "severity":"L",
            "snippet":"```solidity\nFile: tmp/0bd226dd-a4da-4dbe-8005-6616cae58949/contract.sol\n\n441             _decimals = decimals;\n\n```\n"
         }
      ]
   }
}

Last updated