Security methodology · 8-stage pipeline

How Xemas
analyses contracts

An 8-stage pipeline combining static analysis, machine learning, on-chain forensics, and optional human expert review into a single, auditable risk score.

8-stage analysis pipeline

From input to risk score

01

Input & Chain Detection

Submit any EVM address, Solana wallet, or smart contract bytecode. Xemas automatically identifies the chain, contract type, and ABI signature without requiring source code.

EVM + Solana supportAuto chain detection across 50+ networksBytecode opcode scan for unverified contracts; full static analysis for source-verified
02

Static Analysis

We decompile and disassemble bytecode to extract control-flow graphs and opcode sequences. Pattern matching identifies 200+ vulnerability classes.

Reentrancy detectionInteger overflow / underflowAccess control flawsUnchecked low-level callsSelfdestruct & delegatecall risks
03

ML Risk Scoring

Our random-forest model ensemble, trained on a labelled corpus of confirmed-exploit and benign contracts, assigns a 0–100 risk score in real time.

Random-forest decision-tree ensembleTrained on a labelled exploit and benign-contract corpusRetrained as new confirmed exploit data is ingestedEvaluated against a labelled holdout set
04

On-Chain Analytics

We index transaction history to compute holder distribution, liquidity depth, wash-trading probability, and whale concentration across 20+ chains.

Holder concentration analysisWash-trading probability scoringAnomalous gas pattern detectionFlash-loan interaction flagging
05

Simulation & Fuzzing

Contracts are forked into an isolated EVM sandbox and subjected to symbolic execution and property-based fuzzing to detect logic bugs static analysis misses.

Isolated EVM fork environmentSymbolic executionProperty-based fuzzingPrice manipulation vectorsGovernance exploit detection
06

Forensic Attribution

Wallet clustering and on-chain identity linking connects deployer addresses to known threat actors using graph analysis across millions of historical transactions.

Multi-hop wallet graph analysisCross-chain attributionKnown threat-actor databaseMixer & tumbler detection
07

Human Expert Review

Enterprise and critical-risk scans are escalated to our security researchers for manual code review, cross-validated against public exploit databases.

Optional for Pro / Enterprise plansCross-validated vs Rekt News & DefiHacksProprietary threat intel feeds24–72 h turnaround
08

Certificate Issuance

Audits that pass all checks receive a cryptographically signed certificate stored on-chain with a unique ID, timestamp, risk score, and tamper-proof hash.

On-chain certificate registryUnique certificate IDVerifiable at /verifyPDF export with QR code
Machine learning

26 Behavioural Features

The random-forest ensemble was trained exclusively on behavioural signals, with no downstream security labels that could cause target leakage.

Transaction value

  • ·value_log (log₁₊ USD)
  • ·value_to_gas_ratio
  • ·gas_efficiency

Gas behaviour

  • ·gas_price_log
  • ·gas_used_log
  • ·gas_price_deviation (per-chain baseline)
  • ·gas_volatility
  • ·block_congestion

Temporal

  • ·hour_sin/cos (time-of-day)
  • ·day_sin/cos (day-of-week)
  • ·is_weekend

Contract context

  • ·is_contract_interaction
  • ·is_known_contract
  • ·is_verified_contract
  • ·contract_age_days
  • ·liquidity_locked

Token metrics

  • ·is_token
  • ·token_holders_norm
  • ·token_concentration

Wallet history

  • ·wallet_age_days
  • ·wallet_tx_count_norm
  • ·wallet_avg_value_norm
  • ·wallet_success_rate

MEV & attack patterns

  • ·is_flash_loan
  • ·is_arbitrage
  • ·is_sandwich

Risk signals

  • ·mempool_backlog
  • ·is_suspicious
  • ·has_alert
  • ·is_honeypot
Static analysis

Bytecode Vulnerability Classes

Detected via opcode pattern matching and PUSH4 function-selector analysis on unverified contracts.

RE-01ReentrancyOF-01Integer overflow / underflowAC-01Access controlUL-01Unchecked low-level callSD-01Selfdestruct exposureDC-01Delegatecall abusePX-01EIP-1167 minimal proxyTO-01tx.origin authBT-01Block timestamp dependenceUI-01Unprotected initialiserFL-01Flash loan receiverSA-01Freeze authority retained (Solana)
Solana analysis

Solana Alpha Score (0–100)

Composite launch safety score checked live against Solana mainnet RPC, Raydium v3 API, and Metaplex DAS, with no third-party risk aggregators.

Scoring components

  • Mint authority revoked+40 pts
  • Freeze authority revoked+30 pts
  • LP burned / locked / managed+20 pts
  • Smart-money early entry+10 pts
90–100 = ALPHA TIER 1 · 70–89 = TIER 2 · 40–69 = WATCHLIST · <40 = UNSAFE

LP classification statuses

  • BURNEDLP tokens sent to a dead address. Rug-pull impossible.
  • MANAGEDLP held by governance multisig (Squads, Realms DAO)
  • LOCKEDLP held by a vesting/timelock program (Streamflow, etc.)
  • CEX_DEPTHLarge-cap token: CEX order-book depth dominates on-chain LP
  • CLMMConcentrated-liquidity pool (Raydium CLMM, Meteora DLMM)
  • PARTIALSome LP burned; remainder in unverified wallet
  • UNVERIFIEDLP holder could not be identified through on-chain resolution
Risk scoring

Risk Score Reference

How to interpret Xemas risk scores

Low
0 – 25

No significant issues found. Standard best-practice recommendations only.

Medium
26 – 50

Minor vulnerabilities or centralization risks. Review recommended before mainnet.

High
51 – 75

Significant findings with potential for fund loss. Fix before deployment.

Critical
76 – 100

Severe vulnerabilities. Do not deploy or interact with this contract.

FAQ

Common questions

Ready to audit?

Ready to audit your contract?

10 free scans every day. No credit card required.

Get Started FreeVerify a Certificate