Smart contract risk scoring API on Base, sold agent-to-agent via x402.
Live: https://risk-api.life.conway.tech
Analyzes EVM smart contract bytecode with 8 detectors:
- Proxy detection — EIP-1967, EIP-1822, OpenZeppelin slots; auto-resolves implementation (1 hop)
- Reentrancy — external calls before state changes
- Selfdestruct — contract can be destroyed
- Honeypot patterns — transfer restrictions and traps
- Hidden mint — unauthorized token minting capability
- Fee manipulation — dynamic fee extraction
- Delegatecall — arbitrary code execution risk
- Deployer reputation — on-chain deployer history via Basescan
Returns a composite 0-100 risk score with severity levels: safe (0-15), low (16-35), medium (36-55), high (56-75), critical (76-100).
The /analyze endpoint is behind an x402 paywall. Agents pay $0.10 USDC on Base per call — no API keys, no signup.
1. GET /analyze?address=0x...
→ 402 Payment Required (with payment details in response)
2. Agent constructs x402 payment using USDC on Base
3. GET /analyze?address=0x...
Header: PAYMENT-SIGNATURE: <x402 payment proof>
→ 200 OK (risk analysis result)
# Without payment (returns 402 with payment requirements)
curl https://risk-api.life.conway.tech/analyze?address=0x4200000000000000000000000000000000000006{
"address": "0x4200000000000000000000000000000000000006",
"score": 0,
"level": "safe",
"bytecode_size": 2438,
"findings": [],
"category_scores": {
"access_control": 0,
"code_quality": 0,
"external_calls": 0,
"value_extraction": 0
}
}Proxy contracts include a nested implementation object with the resolved implementation's findings:
{
"address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"score": 60,
"level": "high",
"findings": [...],
"implementation": {
"address": "0x2ce6...",
"bytecode_size": 12847,
"findings": [...],
"category_scores": {...}
}
}| Field | Value |
|---|---|
| Network | Base mainnet (eip155:8453) |
| Price | $0.10 USDC |
| Pay to | 0x13580b9C6A9AfBfE4C739e74136C1dA174dB9891 |
| Facilitator | Mogami (https://v2.facilitator.mogami.tech) |
| Payment header | PAYMENT-SIGNATURE |
All free (no x402 payment required):
| Endpoint | Description |
|---|---|
/health |
Health check |
/agent-metadata.json |
ERC-8004 agent metadata |
/openapi.json |
OpenAPI 3.0 specification |
/.well-known/ai-plugin.json |
AI plugin manifest |
/avatar.png |
Agent avatar image |
/dashboard |
Analytics dashboard |
- ERC-8004 #19074 — on-chain agent registry on Base
- x402.jobs — x402 resource directory
pip install -e ".[dev]"
pytest tests/ -vMIT