Permit and dynamically created contracts

[christian-forta]

https://explorer.phalcon.xyz/tx/eth/0xbe936387c03605abea7c4994b83befe57f38cbd00cae2d378611a4de403e7b62

Here a contract is created on the fly, which the user given permission to though an off-chain signature.

From a protection perspective, the contract needs to be in FF threat intel prior to this tx.

This can only be done by proactively generating contract addresses based on the EOA and nonce into the future.

[christian-forta]

One way to address is to create contract labels into the future from within the scam detector. How many needs to be evaluated looking on-chain.

For instance: 0x00003ffa7857408ab714c28b1451914330240000 produced 144 contracts in the last day:

SELECT DISTINCT to_address FROM ethereum_mainnet.traces JOIN (SELECT hash FROM ethereum_mainnet.transactions WHERE from_address = '0x00003ffa7857408ab714c28b1451914330240000' and data_creation_date > DATE('2023-12-01')) as tx ON tx.hash = ethereum_mainnet.traces.transaction_hash WHERE data_creation_date > DATE('2023-12-01') and trace_type = 'create'

[christian-forta]

Scammer deployed contract function in scam detector could be expanded to:

1. look at trace information to see whether contract is created
2. if it is, calculate the contract information out for at least 5 txs

[Vxatz]

Fixed in https://github.com/forta-network/starter-kits/pull/433.

[Thisisgeorg3]

Deployed today. Closing issue.

[Ivan1905]

I wanted to confirm this is effectively working.

• Yesterday there was this $4M phishing scam.
• I believe the permitted contract was this one but the SD was not able to catch.

[Thisisgeorg3]

@Vxatz please take a look when you have moment at this. Not a priority, just want to confirm @Ivan1905 finding. thank you for handling it

[Vxatz]

Apologies for the delay, this has now been fixed 👍