Skip to content

Latest commit

 

History

History
82 lines (65 loc) · 1.97 KB

README.md

File metadata and controls

82 lines (65 loc) · 1.97 KB

Aztec Protocol Funding

Description

This bot detects when Aztec Protocol was used to fund an EOA, as well as when that EOA interacts with a contract.

Supported Chains

  • Ethereum

Alerts

  • AZTEC-PROTOCOL-FUNDING

    • Fired when Aztec Protocol was used to fund an EOA
    • Severity is always set to "low"
    • Type is always set to "info"
    • Labels:
        entityType: EntityType.Address,
        label: 'MixerFunded',
        confidence: 1,
        entity: account
      
  • AK-AZTEC-PROTOCOL-FUNDED-ACCOUNT-INTERACTION-0

    • Fired when a transaction contains contract interactions from a Aztec Protocol funded account
    • Severity is always set to "low"
    • Type is always set to "suspicious"'
    • Labels
        entity: txEvent.to,
        entityType: EntityType.Address,
        label: 'Attacker',
        confidence: 0.001
      
        entity: txEvent.hash,
        entityType: EntityType.Transaction,
        label: 'Attack',
        confidence: 0.001
      
  • AK-AZTEC-PROTOCOL-FUNDED-ACCOUNT-DEPLOYMENT

    • Fired when an account funded via Aztec Protocol deployed a contract
    • Severity is always set to "high"
    • Type is always set to "suspicious"'
    • Metadata:
      • containedAddresses: an array of addresses found inside the contract bytecode and storage slots.
    • Labels
        entityType: EntityType.Address,
        label: 'Attacker',
        confidence: 0.1,
        entity: account
      
        entityType: EntityType.Address,
        label: 'Exploit',
        confidence: 0.1,
        entity: contractAddress
      

Test Data

AZTEC-PROTOCOL-FUNDING

Due to the limitation on the number of findings per request, the bot publishes alerts in batches. Therefore, to test these alerts, you need to scan the whole block.

$ npm run block 15826198

AK-AZTEC-PROTOCOL-FUNDED-ACCOUNT-INTERACTION-0

The following command should detect the finding with account 0x4f6420e54191389555d33c0850e8ec66dccbcd45.

$ npm run range 15851384..15851427