VOIDSCANNER
AI-powered bytecode risk oracle for EVM smart contracts.
Detect honeypots, rug vectors, and exploit patterns before you sign.
Ethereum · Base · Arbitrum · Polygon · Optimism
14 exploit signatures · Llama 3.3 70B · < 4s full analysis · 24h cache
HOW IT WORKS
FIVE STAGES FROM ADDRESS TO VERDICT
Paste any 0x contract address and select the chain. Works with unverified contracts — bytecode analysis doesn't need source code. The Oracle accepts any valid 40-char hex address deployed on any supported EVM network.
VOID SCANNER pulls raw EVM bytecode from Etherscan V2 and checks whether the source is verified. If verified, the actual Solidity source is used for deeper pattern matching. A SHA-256 hash of the bytecode is computed for cache keying.
14 exploit signatures are matched against the bytecode and decompiled output with byte-aligned opcode parsing. PUSH operands are skipped during iteration to eliminate false positives from embedded data. Each match is classified LOW / MEDIUM / HIGH / CRITICAL and carries an exact bytecode offset.
Llama 3.3 70B reads the decompiled pseudo-Solidity, matched patterns, and up to 15 resolved function selectors to compute a risk score, honeypot probability (0–1), rug pull likelihood (0–1), and a plain-English verdict summary. Groq's inference delivers results in under 2 seconds.
Pattern severity weights are summed (CRITICAL=25, HIGH=15, MEDIUM=8, LOW=3) and blended with the AI score. The final 0–100 risk score maps to SAFE (0–30), RISKY (31–65), or ABORT (66–100). Results are cached in Supabase for 24 hours and returned as structured JSON.
CAPABILITIES
EVERY LAYER OF THE SECURITY STACK
Pulls raw EVM bytecode directly from Etherscan V2 across 5 chains. Parses every opcode with byte-aligned disassembly — PUSH data is skipped so false positives are eliminated. Resolves function selectors via 4byte.directory to reconstruct method names from the ABI.
Hardcoded library of 14 known exploit patterns matched against both raw bytecode and decompiled Solidity output. Detects SELFDESTRUCT, DELEGATECALL, honeypot transfer blocks, unlimited approval drains, tx.origin auth, reentrancy vectors, and more.
Every contract is sent to Llama 3.3 70B (via Groq's ultra-fast inference) for contextual security analysis. The model reads decompiled source, matched patterns, and function signatures to compute honeypot probability, rug pull likelihood, and write a plain-English verdict.
Manifest V3 extension that wraps window.ethereum via provider proxy injection. Intercepts eth_sendTransaction and eth_signTransaction before they reach MetaMask. Runs Oracle analysis + Tenderly simulation in parallel, then injects a full-screen verdict overlay blocking the tx.
Exposes the Oracle as a Model Context Protocol server at /api/mcp. AI agents (Claude, GPT-4, custom LLMs) can call analyse_contract, get_risk_score, and check_patterns as tools. Requires a PRO or ENTERPRISE API key passed as Bearer token.
Supports Ethereum mainnet, Base, Arbitrum, Polygon, and Optimism — all via Etherscan V2's unified API endpoint. Each chain gets byte-accurate bytecode and source verification. Shareable scan URLs include chain context for one-click re-analysis.
EXPLOIT PATTERN LIBRARY
14 SIGNATURES MATCHED AGAINST EVERY CONTRACT
Each pattern is matched at the EVM opcode level using byte-aligned disassembly. PUSH operands are skipped during iteration to eliminate false positives from embedded data.
PRICING
ONE PREVENTED RUG PULL PAYS FOR A YEAR
All plans include AI analysis · Cancel anytime · Instant activation
FAQ
COMMON QUESTIONS ABOUT THE ORACLE
Yes — all 14 exploit pattern signatures operate at the EVM opcode level, so raw bytecode is all we need. No source code required. When source is verified on Etherscan, the AI receives deeper context for more nuanced scoring, but every pattern check works regardless of verification status.
Severity weights from matched patterns are summed: CRITICAL = 25 pts, HIGH = 15 pts, MEDIUM = 8 pts, LOW = 3 pts. The AI analysis can adjust the final score ±20 points based on contextual review of function selectors and decompiled logic. Score 0–30 → SAFE, 31–65 → RISKY, 66–100 → ABORT.
RISKY (31–65) means suspicious patterns are present — investigate before interacting. ABORT (66–100) means confirmed exploit vectors: SELFDESTRUCT present, honeypot transfer blocking detected, or AI honeypot probability above 0.8. The Chrome extension automatically blocks ABORT transactions before they reach MetaMask.
The Manifest V3 extension injects a provider proxy at window.ethereum that wraps eth_sendTransaction and eth_signTransaction. When you hit 'confirm' in any dApp, the proxy fires before MetaMask receives the call — running Oracle analysis and Tenderly simulation in parallel and rendering a full-screen verdict overlay.
Ethereum mainnet, Base, Arbitrum, Polygon, and Optimism — all via Etherscan V2's unified API endpoint. Each chain returns byte-accurate bytecode and source verification status from the same authentication key. More chains (BSC, Avalanche) are planned.
Yes. ENTERPRISE plans include MCP server access at /api/mcp. AI agents like Claude or GPT-4 can call analyse_contract, get_risk_score, and check_patterns as structured tools. PRO plans get a standard REST API key (Bearer token) for direct programmatic integration.
INTEGRATE THE ORACLE
One POST request. Full analysis in under 5 seconds.
Works in any language. Returns structured JSON with flags, probabilities, and AI verdict.
curl -X POST https://xrvoid.online/api/analyse \
-H "Content-Type: application/json" \
-H "Authorization: Bearer vs_your_api_key" \
-d '{"address":"0x...","chain":"ethereum"}'
# Response (< 5 seconds):
{
"verdict": "ABORT",
"riskScore": 89,
"verified": false,
"analysisTimeMs": 3241,
"honeypotProbability": 0.94,
"rugProbability": 0.31,
"flags": [
{ "severity": "CRITICAL", "id": "HONEYPOT_TRANSFER",
"title": "Honeypot Transfer Block",
"description": "Transfer reverts for non-owner addresses" },
{ "severity": "HIGH", "id": "SELFDESTRUCT",
"title": "Self-Destruct Vector",
"bytecodeOffset": "0x1a4" }
],
"patternsMatched": ["HONEYPOT_TRANSFER", "SELFDESTRUCT"],
"aiExplanation": "Contract has hard-coded sell restriction...",
"keyFindings": [
"Transfer reverts for non-owner",
"SELFDESTRUCT reachable by deployer",
"No liquidity lock detected"
],
"auditNotes": "Do not interact. Pattern consistent with honeypot.",
"cached": false
}