Today i have found the new strategy of how can i write my own custom smart contracts to analyze the transactions more efficiently.
Back then i was analyzing using simple server-side logic and using regex to just read the bytecode of the smart contract user wants to analyze.
We were using etherscan api to fetch the bytecode and i make my regex logic to read it and detect any malicious pattern.
Example:
If the smart contract of any new coin is not verified on the etherscan site my simple server side logic simply returns ABI not found.
If the scammer made the smart-contract and added a malicious logic for instance For adding a user who interacts with scammer smart contract is added to blacklist and never withdraw token/coin/real money so my logic is simply detecting the names of the function scammer might have created.
So my regex logic is just looking at the names in the bytecode of smart contract “blacklist” and similar to that.
But what if **Scammer is using something like
UniCORN
** to dodge the audit of smart contracts.
so in that case my TxShield platform did not catch it, so i have been researching for the past 1 week and i have found a solution.
THE SOLUTION I FOUND:
Now to detect the fake names and ditching my naive REGEX logic, I write my own custom solidity smart contract to bypass this SCAM,
now in my smart contract logic I have brute-forcing the write/read bytes selectors of the BLACKLIST_METHODS which catches the most of the scams instantly, because it’s no longer detecting the hard-coded names, it’s detecting the pattern of bytes on which now scammer names whatever the function name when this function is executed in our TxShield’s sandbox smart contract logic, it detects => is it storing any user address or not in some king of list/mapping.
The Teqnique:
This technique is called Phantom Contracts we are running our own custom smart contracts and not deploying we are just using our Infura to call the built-in method calleth with parameters and boom we have run our own smart contracts.
Benefits of phantom contracts:
You don’t need to deploy your smart contract.
It’s security driven no sharing of your source code.
You can your smart contract and directly use them inside your server-side code.
The Quesiton for you guys
Would you use this Phantom Contracts Techniques in your own code?