✅GET - /api/audit-contract

This API endpoint performs an audit of a specified token contract on a supported blockchain. It identifies potential vulnerabilities and provides metadata on the token.

Request

URL: /api/audit-contract
Method: GET
Content-Type: application/json

Query Parameters

Parameter

Type

Required

Description

chain

SupportedChain

Yes

Target blockchain (case-insensitive)

address

string

Yes

Contract address to audit

fast

boolean

If true, runs a lightweight safe/unsafe classification instead of a full audit (default: false)

Response

Full Audit Response (200 OK)

{
    audit: {
        contract: string;
        chain: SupportedChain;
        open_source: boolean;
        contract_type: ContractType;
        creator?: string;
        hash?: string;
        safe: boolean;
        description?: string;
        vulnerabilities?: Vulnerability[];
        name?: string;
        symbol?: string;
        total_supply?: number;
        logo?: string;
        tokenDescription?: string;
        holders?: TokenHolder[];
    }
}

Fast Audit Response (200 OK) — when fast=true

{
    isSafe: boolean;
    description: string;
}

Error Response

{
    "error": "Description of the error"
}

Examples

const audit = await fetch(
  `https://audit.serializedlabs.com/api/audit-contract?chain=${chain}&address=${contract}`
).then(r => r.json());

const result = await fetch(
  `https://audit.serializedlabs.com/api/audit-contract?chain=${chain}&address=${contract}&fast=true`
).then(r => r.json());

console.log(result.isSafe);        // true or false
console.log(result.description);   // short explanation

import requests

# Full audit
url = f"https://audit.serializedlabs.com/api/audit-contract?chain={chain}&address={contract}"
response = requests.get(url)

# Fast mode
url = f"https://audit.serializedlabs.com/api/audit-contract?chain={chain}&address={contract}&fast=true"
response = requests.get(url)

Additional types

enum SupportedChain {
    ETH = "ETH",
    OP = "OP",
    ARB = "ARB",
    BASE = "BASE",
    BSC = "BSC",
    AVAX = "AVAX",
    APE = "APE",
    BLAST = "BLAST",
    LINEA = "LINEA",
    MANTLE = "MANTLE",
    POLYGON = "POLYGON",
    ZKEVM = "ZKEVM",
    SCROLL = "SCROLL",
    SONIC = "SONIC",
    ZKSYNC = "ZKSYNC",
    ABSTRACT = "ABSTRACT",
    MONAD = "MONAD",
    PLASMA = "PLASMA",
    MEGAETH = "MEGAETH",
}

type PipelineVariant = 'production' | 'wide' | 'fewshot' | 'fewshot-nofp' | 'cot' | 'fast';

type ContractType = 'ERC-20' | 'ERC-721' | 'Unknown';

interface Vulnerability {
    description: string;
    severity: number; // Score between 0 and 100
    code: string;
    type: VulnerabilityType;
}

export type VulnerabilityType =
    | "UnlimitedMinting"
    | "UnauthorizedTransfer"
    | "HiddenFees"
    | "LiquidityDrain"
    | "MaliciousUpgrade"
    | "UnsafeExternalCall"
    | "ApprovalAbuse";

Vulnerability Types Explained

Type

Description

UnlimitedMinting

Owner can mint unlimited tokens or manipulate the total supply, leading to inflation and value dilution.

UnauthorizedTransfer

Owner can transfer tokens directly from user wallets without their consent, effectively stealing funds.

HiddenFees

Hidden or owner-adjustable transfer fees that can be changed at any time, allowing the owner to drain value from transactions.

LiquidityDrain

Owner can withdraw contract funds or liquidity pool assets, commonly known as a "rug pull".

MaliciousUpgrade

Unrestricted upgrade patterns or self-destruct functions that allow the owner to change contract behavior or destroy it entirely.

UnsafeExternalCall

Unsafe external calls or reentrancy vulnerabilities that can be exploited to drain funds or manipulate contract state.

ApprovalAbuse

Mechanisms designed to trick users into granting unlimited token allowances, enabling future theft of funds.

PreviousAPI

Last updated 14 days ago

hashtagRequest

hashtagQuery Parameters

hashtagResponse

hashtagExamples

hashtagAdditional types

hashtagVulnerability Types Explained