Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.extractor.live/llms.txt

Use this file to discover all available pages before exploring further.

The Block Anomaly detector watches every produced block and fires when key metrics fall outside their expected ranges. It catches network-level anomalies that often precede or accompany on-chain attacks.

What it monitors

Fires when the number of transactions in a block is unusually low (possible censorship or validator downtime) or unusually high (spam attack, MEV flood).

Use cases

A chain suddenly producing blocks with abnormally low transaction counts or gas usage can signal network congestion, validator downtime, or censorship attacks. The detector flags these in real time so infra teams can investigate immediately.
MEV spam, denial-of-service attacks, and reorg attempts all produce blocks with extreme metrics. The detector correlates anomalies with known attack patterns (repeated reverts, flash-loan spam, flood of small transfers).
Auditors and compliance teams need structured logs of abnormal block patterns. The detector provides these for cross-referencing with suspicious addresses and regulatory reporting.

Configuration

ParameterDescription
NameDescriptive label for this detector instance
Transactions min/maxAcceptable transaction count range per block
Events min/maxAcceptable event count range per block
Block size min/maxAcceptable block size range (bytes)
Gas min/maxAcceptable total gas usage range per block
Gas min/max (Tx)Acceptable gas usage range per individual transaction
Block Freq min/maxExpected block interval in milliseconds
CronSchedule for evaluation (leave empty for real-time)
Track LatencyWhether to include block production latency in analysis
Start with wide min/max ranges and tighten them over time as you learn your network’s baseline. Too-narrow ranges will produce noisy alerts early on.