The Flashbot transaction detector is specific for flashbot, but there are more block builders in the space that forta should monitor. i would say that some generalized name could be "block builder transaction detector"
The other players in the ethereum ecosystem are:

Beaver Build
Seems new but is used a lot, they don’t even have a webpage.
Url: https://beaverbuild.org/

Titan Builder
Url: https://www.titanbuilder.xyz/

Rsync Builder

Builder0x69
Url: https://docs.builder0x69.io/

Also block builders are now in ethereum but soon will be in other chains as the efforts to modify the "geth" of each chain to "mev-geth" sucess, is a matter of time.

Hi vasilis,

I have been watching the performance for this bot for the month of April and it looks like it has a high number "tx_drops" for BSC chain, this issue might be also extending to the rest of the chains. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

https://explorer.forta.network/alert/0xeeba00288acb48a6fa9427b25060ee25faa21249acabfce136853b8d1ccdaa6a

Can we somehow mitigate these classes of FPs? Maybe if the logs are very short, like in this case?

https://etherscan.io/tx/0x93bb391867e230e84593c96a26915dcbcd1aae7a663654ce31b36062967ae35a

Could we filter out just plain EOA to EOA value tx on the flashbot bot? I understand it has caused some FPs downstream on the attack detector.

Hi vasilis,

I Just analized 18 addresses with the pig butchering label.

Just a heads up, 14 were addresses where funds were drained but not the address that was approved. Anyway these are pig butchers too.

I believe there are other addresses involved in a pig butcher scam, let me briefly explain:

• First the target receives funds from a CEX.

• Then the target approves an EOA.

• It may be the case where the target is fully drained and then repeat the process where the scammer is funded by a CEX, then drained again by the same EOA, etc.

• However, it may be the case where the scammer gives away some sort of fake yield in USDT to the target. I believe this may sound like a sweetener to the target in a way that the person believes that the scammer is really investing funds. Then, the target is funded again by a CEX and then fully drained. These addresses, where fake yields were sent, are different from the ones that are used to fully drained the target. Let me attach you an example, (https://etherscan.io/address/0x57964769fe6ee9a814f3b353fbc11025312edc46#tokentxns). I'm mentioning this because it would be good to label these as pig butchers too.

https://explorer.forta.network/alert/0x8f4bf858df031da354e01fb31b7b8de12f46aa43ca141ef264f715f22fe66920 implicates the suspicious contract 0xB95A8D8d7699a32552bE90C3Bbf389feab702557. However, inspecting the transaction 0x82b8894aca8e567495223b92aebe27fd35d62c28031b15d2d0b50b685c75aea4 reveals no transfer initiated by this contract. Pls investigate and fix.

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

https://explorer.forta.network/alert/0x4047f42cbc70f8cc1b8563151f13be43950ee13f09de9afe76f34a5388d3695d claims that the DAI balance of 0xbEbc was drained by 99%.

Reviewing the tx https://explorer.phalcon.xyz/tx/eth/0x4ebdb03264fe8b2837b5ce01d01c117372e75107b94c330887b63c8e62513285

shows that the DAI balance changed only from: 153025311025020457056586169 to 152960724868721505903986058

Hi Vasilis,

Let me share another set of FPs I have found. In this case, the scam detector bot seems to be flagging addresses that are creating token contracts, opening pools in uniswap, then adding and removing liquidity. It seems like rug pulls but the scam detector is identifying this as ice phishing.

1. Example1:
   Forta alert: https://explorer.forta.network/alert/0x228958ebd084fe1b60306ad673896118238ba8d76b8f37539319bc4ac3ca51cd
   Etherscan link: https://etherscan.io/address/0xa1d600554f118a7a876dd2362cfe80d805959b8a

2 Example2:
Forta alert: https://explorer.forta.network/alert/0xcfafa4b4d8d020e70f6339f3a1070fd48756309e43bab5593448d4b7e534e0ab
Etherscan link: https://etherscan.io/address/0x6138916d226ffba30ac7e38a83f5448be326355a

3 Example3:
Forta alert: https://explorer.forta.network/alert/0xadb78dda5ee6588455c0cff9eec348b12152fe1561ca0d7c4671c0e23b9db1a5
etherscan link: https://etherscan.io/address/0xf3d54f2106c3ad43bbcbdc2a8d0dc4b4ae4471de

https://etherscan.io/tx/0xa4fc1486c2266a51c1701d4fbeb2b2f0a5638b832e616fc1a86ca100d1e8679d

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

Some attackers at the end of flashloan perform a transfer to a secondary EOA. This way they try to hide the profit of the attack from detection.

An example of such a transaction can be seen here: https://etherscan.io/tx/0x47c7ab4a9e829415322c8933cf17261cd666dbeb875f0d559ca2785d21cae661

It would be nice to add support for detecting such transactions.

Hi vasilis,

There is a repetitive FP going on. For this set of alerts, it seems that these addresses were wrongly flagged as scammers.

https://explorer.forta.network/alert/0xf29b4b1254dc72aad241714cc48fe75dbfb16ba48cbe5b8a1a73dc83bbb11001
https://explorer.forta.network/alert/0x416ab96a84c89ed786549899cd0ec6387639071cf4fc5b3a98a8cacad32a1bcf
https://explorer.forta.network/alert/0xa7b0fd35abdca3afaac7efeaa465f0f7b4c84bbcb6dbcea3cb78e5ad14625383
https://explorer.forta.network/alert/0x8202fa1c5f4331b584f047cc87099971925a543af0d756ffedb2560f2f2c6e2a

Seems that the function that may be triggering this is the sell item one.

Hi there,

Seems like the pig butcher should have labeled this one.

Victim was funded by CEX with usdt and stolen as soon as funded.

Thanks

Didnt trigger on exploit tx (https://etherscan.io/tx/0x937a03268cd13c1b7afb1dd621794d58e4d2674069e24caf8ab694c60c43cd41)

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

Private key Compromise https://app.forta.network/bot/0x6ec42b92a54db0e533575e4ebda287b7d8ad628b14a2268398fd4b794074ea03
Tornado cash funding
https://explorer.forta.network/bot/0x617c356a4ad4b755035ef8024a87d36d895ee3cb0864e7ce9b3cf694dd80c82a
Victim Identifier
https://app.forta.network/bot/0x441d3228a68bbbcf04e6813f52306efcaf1e66f275d682e62499f44905215250

Hi, going over the performance on the following bot, during May they had a high drop rate. I t would be great if you could take a look at them and consider sharding as a possible solution.
https://explorer.forta.network/bot/0xbc06a40c341aa1acc139c900fd1b7e3999d71b80c13a9dd50a369d8f923757f5

https://phalcon.blocksec.com/tx/bsc/0xe367d05e7ff37eb6d0b7d763495f218740c979348d7a3b6d8e72d3b947c86e33

Asset Drained bot didn't trigger on the draining of NODE tokens. Txn.

Note: If the drained wasn't a COMPLETE drain, it would've been missed because at the time the bot only alerted on asset drains of 100%.

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate on ETH. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

This bot has dropped 25% of the transactions in January from Mainnet- code could have a bug

Hi Vasilis,

I have observed that the scam detector triggered many ice phishing alerts which I assessed like False positives. Apparently in many cases the bot is flagging addresses that seem to be stealing USDT but they are not.

Let me give you an example:

1. Forta alert here: https://explorer.forta.network/alert/0xeab4a1b5236c7de40fa4aba959e7c5ca59fa3f7fd734526ca30e1559618e89a8
   Etherscan address here:
   https://etherscan.io/address/0x08a34cac368f1206a30803787d5e00cf4265c347

As you can see in this example, "targets" seem to be approving the suspected address and then funds are being sent to 0x4baE69a92C1F812Cb2B74fcd2f3E664aEa435c46. What is very strange is that in most of the cases, targets are interacting in many opportunities with the mentioned address which seems like something illogical.

Attaching you some other examples here:

• https://explorer.forta.network/alert/0x5a3a9d5262bc90aa1d9c885085b8cb65d27f6b2747c550b77b03b35d80b078fd
• https://explorer.forta.network/alert/0xb84139dd54655a8750d6fc071a225e5ebffa420baec107cd36ee4c35e19b964b
• https://explorer.forta.network/alert/0xd1d6cfcb03c3db17a16f9e3e9aae027f02dade4e95edf3c33c324354e0ec0cdd

https://bscscan.com/tx/0x54121ed538f27ffee2dbb232f9d9be33e39fdaf34adf993e5e019c00f6afd499

Seems like this address is being reported as a known scammer, but the metadata contains no info on what label was observed. Cant really find info on this address being flagged as a known scammer.

https://explorer.forta.network/alert/0x8b95fe9bf2c444fccee06ccf0207e0234ffe8da78799560c875179522d938ca6

https://explorer.forta.network/alert/0xc1554a62beb0253bc6ae158aa2e42ef2f2a5c584bfc4c0202c5c66c8290b57b2
https://etherscan.io/tx/0x7f12255758626c5978cd4f9adbedc825d33ed19cac52c3f87db0dd64849cd771

Hello. I found that your bot didn't notice this transaction https://etherscan.io/tx/0x9a97d85642f956ad7a6b852cf7bed6f9669e2c2815f3279855acf7f1328e7d46 (https://flashbots-explorer.marto.lol/?block=16260581). Following transaction was sent by the Rubic Protocol exploiter (https://docs.google.com/document/d/1fHkBIqKRN1dX2H2E0lw-kn4fSibcOjezOTBHTzKdVVg) Could you figure out the reason of this?

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

Hi Vasilis, the asset-drained bot has some high drop rates in the month of may, in the BSC chain (though it only has one node assigned). Would appreciate you taking a look at it, and conisdering sharding. Thank you!

Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.

0xf947dfa6387710dd316cb9b1afec82d1f49d187426c8f6370000cddc2bec945d should have triggered; could you pls investigate why it did not?