Continuously monitors EVM smart contracts for unauthorized bytecode changes by detecting upgrade events and comparing the updated contract bytecode hash against an expected checksum.Documentation Index
Fetch the complete documentation index at: https://doc.extractor.live/llms.txt
Use this file to discover all available pages before exploring further.
Functionality
- Overview: Monitors the EVM network for
UPGRADEDevents emitted by smart contracts. Upon detecting an upgrade, fetches the updated contract bytecode, calculates its hash, and compares it against the configured expected checksum. Any discrepancy triggers a notification. - Hash Type: Supports two hash functions for bytecode verification —
keccakandsha256. - Contract Bytecode Checksum: The expected hash of the compiled contract bytecode used as the reference for comparison.
- Initial Check: Optionally performs a one-time verification of the contract bytecode at detector setup, before any upgrade events occur.
Results of processing: Successful Checksum Match
Results of processing: Successful Checksum Match
No notification is sent when the calculated bytecode hash matches the expected checksum. The contract has not been tampered with.
Results of processing: Checksum Mismatch
Results of processing: Checksum Mismatch
An alert is triggered when the bytecode hash does not match the expected checksum, including details about the discrepancy. This indicates a potentially unauthorized contract upgrade.
Configuration
- Hash Type (
hash_type, default:keccak): The hash function used to compute the bytecode checksum. Supported values:keccak,sha256. - Contract Bytecode Checksum (
checksum, default: none): The expected hash of the compiled contract bytecode to verify against. - Initial Check (
initial_check, default:true): When enabled, performs a verification of the current contract bytecode immediately upon detector creation. - Severity (
severity, default:Auto): Alert severity level. See severity configuration.
Supported networks: evm.