Closed christian-forta closed 10 months ago
@christian-forta, please check this related issue https://github.com/forta-network/starter-kits/issues/364
(NIP-9 alert now includes those addresses, and I will update Ice Phishing as well)
Added ICE-PHISHING-ZERO-NONCE-ALLOWANCE
to the Ice Phishing bot.
Example alert: https://explorer.forta.network/alert/0xa07c9a83e211e3f1f43bfe82e6e9f85982931d90fcea0e953948faaa7a21ce57
https://explorer.phalcon.xyz/tx/eth/0x2e6a73ded77f54759cdfee2e6fbdac417edc0847f4a7724313957e15604551e5?line=6 is detected and spender is identified as scammer (but only on ethereum)
pls see whether we can use logs to do this detection in a trace independent fashion
pls share new alert ID and assign bug to me so I can incorporate into scam detector
@christian-forta
Bot ID: 0x8badbf2ad65abc3df5b1d9cc388e419d9255ef999fb69aac6bf395646cf01c14
Alert ID: ICE-PHISHING-ZERO-NONCE-ALLOWANCE-TRANSFER
Deployed to 2.23.1 on beta2; @Ivan1905 , could you pls measure precision of this new alert ID?
@Ivan1905, just please disregard the very first alerts, because there was a bug which I have fixed.
Precision looked good. closing
https://drops.scamsniffer.io/post/wallet-drainers-starts-using-create2-bypass-wallet-security-alert/
Vasilis, this describes how allowances (permit, allow,increase allowance) could be issued to an address that has no tx history. I would assume this is very unusual in legitimate scenarios, but could be helpful in a detection heuristics. Essentially when we see these functions with a spender with 0 tx history. WDYT?
Could you implement on a new alert ID on the ice phishing bot?