✅GET - /api/audit/<network>/<contract>

This API endpoint performs an audit of a specified token contract on a supported blockchain. It identifies potential vulnerabilities and provides metadata on the token.

Request

URL: /api/audit/<network/<contract>
Method: GET
Content-Type: application/json

Body

None

Response

Success Response (200 OK)

{
    audit: {
        contract: string;
        chain: SupportedChain;
        open_source: boolean;
        contract_type: ContractType;
        creator?: string;
        hash?: string;
        safe: boolean;
        description?: string;
        vulnerabilities?: Vulnerability[];
        name?: string;
        symbol?: string;
        total_supply?: number;
        logo?: string;
        tokenDescription?: string;
        holders?: TokenHolder[];
    }
}

Error Response

{
    "error": "Description of the error"
}

Examples

const audit = await fetch('https://audit.serializedlabs.com/api/audit/${chain}/${contract}', {
    headers: {
        'Content-Type': 'application/json'
    }
});

Additional types

enum SupportedChain {
    ETH = "ETH",
    OP = "OP",
    ARB = "ARB",
    BASE = "BASE",
    BSC = "BSC",
    AVAX = "AVAX",
    APE = "APE",
    BLAST = "BLAST",
    LINEA = "LINEA",
    MANTLE = "MANTLE",
    POLYGON = "POLYGON",
    ZKEVM = "ZKEVM",
    SCROLL = "SCROLL",
    SONIC = "SONIC",
    ZKSYNC = "ZKSYNC",
    ABSTRACT = "ABSTRACT",
    MONAD = "MONAD",
    PLASMA = "PLASMA",
}

type ContractType = 'ERC-20' | 'ERC-721' | 'Unknown';

interface Vulnerability {
    description: string;
    severity: number; // Score between 0 and 100
    code: string;
    type: VulnerabilityType;
}

export type VulnerabilityType =
    | "UnlimitedMinting"
    | "UnauthorizedTransfer"
    | "HiddenFees"
    | "LiquidityDrain"
    | "MaliciousUpgrade"
    | "UnsafeExternalCall"
    | "ApprovalAbuse";

Vulnerability Types Explained

Type

Description

UnlimitedMinting

Owner can mint unlimited tokens or manipulate the total supply, leading to inflation and value dilution.

UnauthorizedTransfer

Owner can transfer tokens directly from user wallets without their consent, effectively stealing funds.

HiddenFees

Hidden or owner-adjustable transfer fees that can be changed at any time, allowing the owner to drain value from transactions.

LiquidityDrain

Owner can withdraw contract funds or liquidity pool assets, commonly known as a "rug pull".

MaliciousUpgrade

Unrestricted upgrade patterns or self-destruct functions that allow the owner to change contract behavior or destroy it entirely.

UnsafeExternalCall

Unsafe external calls or reentrancy vulnerabilities that can be exploited to drain funds or manipulate contract state.

ApprovalAbuse

Mechanisms designed to trick users into granting unlimited token allowances, enabling future theft of funds.

PreviousAPI

Last updated 3 days ago