nethermindeth / forta-starter-kits Goto Github PK
View Code? Open in Web Editor NEWThis project forked from limechain/forta-starter-kits
License: MIT License
This project forked from limechain/forta-starter-kits
License: MIT License
The Flashbot transaction detector is specific for flashbot, but there are more block builders in the space that forta should monitor. i would say that some generalized name could be "block builder transaction detector"
The other players in the ethereum ecosystem are:
Beaver Build
Seems new but is used a lot, they don’t even have a webpage.
Url: https://beaverbuild.org/
Titan Builder
Url: https://www.titanbuilder.xyz/
Rsync Builder
Builder0x69
Url: https://docs.builder0x69.io/
Also block builders are now in ethereum but soon will be in other chains as the efforts to modify the "geth" of each chain to "mev-geth" sucess, is a matter of time.
Hi vasilis,
I have been watching the performance for this bot for the month of April and it looks like it has a high number "tx_drops" for BSC chain, this issue might be also extending to the rest of the chains. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Can we somehow mitigate these classes of FPs? Maybe if the logs are very short, like in this case?
Could we filter out just plain EOA to EOA value tx on the flashbot bot? I understand it has caused some FPs downstream on the attack detector.
Hi vasilis,
I Just analized 18 addresses with the pig butchering label.
Just a heads up, 14 were addresses where funds were drained but not the address that was approved. Anyway these are pig butchers too.
I believe there are other addresses involved in a pig butcher scam, let me briefly explain:
First the target receives funds from a CEX.
Then the target approves an EOA.
It may be the case where the target is fully drained and then repeat the process where the scammer is funded by a CEX, then drained again by the same EOA, etc.
However, it may be the case where the scammer gives away some sort of fake yield in USDT to the target. I believe this may sound like a sweetener to the target in a way that the person believes that the scammer is really investing funds. Then, the target is funded again by a CEX and then fully drained. These addresses, where fake yields were sent, are different from the ones that are used to fully drained the target. Let me attach you an example, (https://etherscan.io/address/0x57964769fe6ee9a814f3b353fbc11025312edc46#tokentxns). I'm mentioning this because it would be good to label these as pig butchers too.
https://explorer.forta.network/alert/0x8f4bf858df031da354e01fb31b7b8de12f46aa43ca141ef264f715f22fe66920 implicates the suspicious contract 0xB95A8D8d7699a32552bE90C3Bbf389feab702557. However, inspecting the transaction 0x82b8894aca8e567495223b92aebe27fd35d62c28031b15d2d0b50b685c75aea4 reveals no transfer initiated by this contract. Pls investigate and fix.
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
https://explorer.forta.network/alert/0x4047f42cbc70f8cc1b8563151f13be43950ee13f09de9afe76f34a5388d3695d claims that the DAI balance of 0xbEbc was drained by 99%.
Reviewing the tx https://explorer.phalcon.xyz/tx/eth/0x4ebdb03264fe8b2837b5ce01d01c117372e75107b94c330887b63c8e62513285
shows that the DAI balance changed only from: 153025311025020457056586169 to 152960724868721505903986058
Hi Vasilis,
Let me share another set of FPs I have found. In this case, the scam detector bot seems to be flagging addresses that are creating token contracts, opening pools in uniswap, then adding and removing liquidity. It seems like rug pulls but the scam detector is identifying this as ice phishing.
2 Example2:
Forta alert: https://explorer.forta.network/alert/0xcfafa4b4d8d020e70f6339f3a1070fd48756309e43bab5593448d4b7e534e0ab
Etherscan link: https://etherscan.io/address/0x6138916d226ffba30ac7e38a83f5448be326355a
3 Example3:
Forta alert: https://explorer.forta.network/alert/0xadb78dda5ee6588455c0cff9eec348b12152fe1561ca0d7c4671c0e23b9db1a5
etherscan link: https://etherscan.io/address/0xf3d54f2106c3ad43bbcbdc2a8d0dc4b4ae4471de
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Some attackers at the end of flashloan perform a transfer to a secondary EOA. This way they try to hide the profit of the attack from detection.
An example of such a transaction can be seen here: https://etherscan.io/tx/0x47c7ab4a9e829415322c8933cf17261cd666dbeb875f0d559ca2785d21cae661
It would be nice to add support for detecting such transactions.
Hi vasilis,
There is a repetitive FP going on. For this set of alerts, it seems that these addresses were wrongly flagged as scammers.
https://explorer.forta.network/alert/0xf29b4b1254dc72aad241714cc48fe75dbfb16ba48cbe5b8a1a73dc83bbb11001
https://explorer.forta.network/alert/0x416ab96a84c89ed786549899cd0ec6387639071cf4fc5b3a98a8cacad32a1bcf
https://explorer.forta.network/alert/0xa7b0fd35abdca3afaac7efeaa465f0f7b4c84bbcb6dbcea3cb78e5ad14625383
https://explorer.forta.network/alert/0x8202fa1c5f4331b584f047cc87099971925a543af0d756ffedb2560f2f2c6e2a
Seems that the function that may be triggering this is the sell item
one.
Hi there,
Seems like the pig butcher should have labeled this one.
Victim was funded by CEX with usdt and stolen as soon as funded.
Thanks
Didnt trigger on exploit tx (https://etherscan.io/tx/0x937a03268cd13c1b7afb1dd621794d58e4d2674069e24caf8ab694c60c43cd41)
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Private key Compromise https://app.forta.network/bot/0x6ec42b92a54db0e533575e4ebda287b7d8ad628b14a2268398fd4b794074ea03
Tornado cash funding
https://explorer.forta.network/bot/0x617c356a4ad4b755035ef8024a87d36d895ee3cb0864e7ce9b3cf694dd80c82a
Victim Identifier
https://app.forta.network/bot/0x441d3228a68bbbcf04e6813f52306efcaf1e66f275d682e62499f44905215250
Hi, going over the performance on the following bot, during May they had a high drop rate. I t would be great if you could take a look at them and consider sharding as a possible solution.
https://explorer.forta.network/bot/0xbc06a40c341aa1acc139c900fd1b7e3999d71b80c13a9dd50a369d8f923757f5
Asset Drained bot didn't trigger on the draining of NODE tokens. Txn.
Note: If the drained wasn't a COMPLETE drain, it would've been missed because at the time the bot only alerted on asset drains of 100%.
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate on ETH. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in ETH and BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
This bot has dropped 25% of the transactions in January from Mainnet- code could have a bug
Hi Vasilis,
I have observed that the scam detector triggered many ice phishing alerts which I assessed like False positives. Apparently in many cases the bot is flagging addresses that seem to be stealing USDT but they are not.
Let me give you an example:
As you can see in this example, "targets" seem to be approving the suspected address and then funds are being sent to 0x4baE69a92C1F812Cb2B74fcd2f3E664aEa435c46. What is very strange is that in most of the cases, targets are interacting in many opportunities with the mentioned address which seems like something illogical.
Attaching you some other examples here:
Seems like this address is being reported as a known scammer, but the metadata contains no info on what label was observed. Cant really find info on this address being flagged as a known scammer.
Hello. I found that your bot didn't notice this transaction https://etherscan.io/tx/0x9a97d85642f956ad7a6b852cf7bed6f9669e2c2815f3279855acf7f1328e7d46 (https://flashbots-explorer.marto.lol/?block=16260581). Following transaction was sent by the Rubic Protocol exploiter (https://docs.google.com/document/d/1fHkBIqKRN1dX2H2E0lw-kn4fSibcOjezOTBHTzKdVVg) Could you figure out the reason of this?
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
Hi Vasilis, the asset-drained bot has some high drop rates in the month of may, in the BSC chain (though it only has one node assigned). Would appreciate you taking a look at it, and conisdering sharding. Thank you!
Hi!
I have been watching the performance for this bot for the month of August and it looks like it has a high drop rate in BSC. I would appreciate if you can check it out, and consider sharding as a potential solution to mitigate this.
0xf947dfa6387710dd316cb9b1afec82d1f49d187426c8f6370000cddc2bec945d should have triggered; could you pls investigate why it did not?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.