blackbelt

Blackbelt is a contract risk and security assessment protocol. Scores can be retrieved on our website or directly within Metamask before approving a transaction via Metamask snaps. We utilize on-chain data, which we retrieve from Coinbase Cloud, to score contracts across multiple dimensions. Risk scoring features include: number of days since contract deployment, number of transactions, unique users, contract verification, audited status of a contract, and number of fraud reports. For those characteristics, we calculate individual scores, which yield a global security score. The security score is used to assess the risk level of a contract interaction. For example, a strong indicator for a front-end exploit would be the number of days since deployment, which should be relatively high for real blue-chip protocols, while attackers likely would use a recently deployed contract to drain funds of unsuspecting users. In addition, we provide the ability to revert transactions that do not follow the user’s intention of a transaction, which protects users from losing funds due to risky smart contracts.

Blackbelt has multiple advantages against traditional audits:

• The real-time assessment enables the coverage of all smart contract no matter how old they are.
• Easy to interpret scores for non-tech savvy users directly in the wallet without the needs to look up on an external site.
• Effective protection against hard to detect exploits - especially frontend exploits.

• This project uses Coinbase Cloud Node to gather real time blockchain data for analytics via their API
• We built a custom protocol for processing different forms of data into a unified security score and risk assessment, accessible by the non-technical user, and transparent, sending the results and intermediate computations to IPFS for longevity
• We integrated the security analytics into Metamask Snaps by hosting the computation on a Python Flask server and calling APIs given the contract interaction taking place We host the security analysis data (alongside intermediate computations) on IPFS for transparency and longevity We implement a smart contract that interacts with the smart contract that the user plans to interact with. We perform the transaction on their behalf via delegateCalls. The user specifies their intention of the transaction (for example, sending 100 USDC to the smart contract). Our method performs the transaction and requires that the intended amount is adhered to. If not, the transaction reverts.