Shield Every Transaction

Source: Dev.to

Introduction

Today I discovered a new strategy for writing custom smart contracts that analyze transactions more efficiently. Previously, I relied on simple server‑side logic and regular expressions to read the bytecode of the smart contract a user wanted to analyze. We fetched the bytecode via the Etherscan API and used regex to detect malicious patterns.

Example

• If a new coin’s smart contract is not verified on Etherscan, my server‑side logic simply returns ABI not found.
• When a scammer adds malicious logic—e.g., blacklisting a user who interacts with the contract so they can never withdraw tokens/coins/real money—I detect it by searching for suspicious function names such as blacklist.

My regex scans the bytecode for names like “blacklist” and similar terms.

Limitation

If a scammer uses obfuscated names (e.g., UniCORN) to dodge audits, my TxShield platform fails to catch it. After a week of research, I found a solution.

The Solution

To move beyond naive regex detection, I wrote a custom Solidity smart contract that brute‑forces the read/write byte selectors of BLACKLIST_METHODS. This approach catches most scams instantly because it no longer relies on hard‑coded names; instead, it detects the byte pattern of any function that stores a user address in a list or mapping.

Technique: Phantom Contracts

The technique is called Phantom Contracts. We run our own custom smart contracts without deploying them. Using Infura, we call the built‑in method calleth with parameters, effectively executing our contracts in a sandbox environment.

Benefits of Phantom Contracts

• No need to deploy the smart contract.
• Security‑driven: no sharing of source code.
• Can be invoked directly from server‑side code.

Question for the Community

Would you use Phantom Contracts techniques in your own code?