Functionality
- How does it work: The detector scans transaction history for injected fake transactions and events that resemble the monitored address. A poisoned address is crafted to look nearly identical in wallet history — the first and last 2 bytes are identical to the real address, making it easy to confuse visually.
Configuration
- History past (
past, default:600000): How many blocks into the past to scan for poisoning attempts. - History number (
history, default:25): How many past transactions to include in the scan. - Patterns (
patterns, default:["0xffff00000000000000000000000000000000ffff"]): Address match patterns used to identify fake similar addresses. The default pattern matches addresses with identical first and last 2 bytes (0xffff…ffff). Multiple patterns can be added. - Severity (
severity, default:High): Alert severity level. See severity configuration.
Supported networks: evm.