How ContractScan Tracks the Latest DeFi Hacks
The biggest problem with smart contract security tools is that they're frozen in time. Most scanners check your code against the ruleset that shipped with the tool. But DeFi hacks happen every week with new patterns.
ContractScan is different. Every week, we automatically collect new hack incidents and update our analysis database.
Automatic Threat Intelligence System
ContractScan's Risk Feed Collector pulls from these public sources:
1. Rekt.news RSS
The go-to media outlet for DeFi security incidents. Publishes technical analysis reports within days of each hack.
- Collection frequency: Weekly
- Data: Incident name, loss amount, vulnerability type, reference links
2. DeFiHackLabs (SunWeb3Sec)
An open-source GitHub project that maintains PoC (Proof of Concept) exploit code. Systematically archives DeFi hack incidents from 2020 to present.
- Collection frequency: Weekly
- Data: Incident name, date, loss amount, vulnerability classification, transaction hashes
3. SWC Registry
Smart Contract Weakness Classification — the standard taxonomy for smart contract vulnerabilities. New categories are automatically incorporated as they're added.
- Current coverage: 37 SWC categories
Collection → Classification → Integration Pipeline
[Public Sources] → [Collector] → [Auto-Classification] → [Scan DB Update]
Rekt.news Weekly SWC mapping defi_hacks DB
DeFiHackLabs cron job Keyword-based Shown in scan reports
SWC Registry Categorization
Collected incidents are automatically classified by keyword:
| Keyword | Classification | Example Incident |
|---|---|---|
| reentrancy, re-entrancy | SWC-107 | Euler Finance ($197M) |
| access control, onlyowner | SWC-105 | Poly Network ($611M) |
| flash loan, oracle | Oracle Manipulation | Mango Markets ($116M) |
| bridge, cross-chain | Bridge Exploit | Wormhole ($320M) |
| delegatecall | SWC-112 | Parity Wallet ($150M) |
Why This Matters
The Limitation of Static Rulesets
Traditional security tools only apply rules from their release date. If a new attack pattern is discovered in March 2026, that pattern goes undetected until the tool ships an update.
ContractScan's Approach
- New incident occurs → Reported by public sources
- Weekly collector runs → Automatically updates the DB
- Applied from next scan → Enhanced detection of similar patterns
- Real incident references in reports → "This code matches a pattern similar to incident X"
Users always receive scan results that reflect the latest threat intelligence.
Transparency
ContractScan doesn't hide what sources it uses for analysis.
- All data sources are publicly available
- Classification logic is transparent and documented in scan reports
- Scan reports include referenced incidents and source links
This transparency is the foundation of trust. Not a black box — you can verify what evidence led to what conclusion.
Current Collection Status
- Static DB: 15+ major incidents (The DAO, Cream Finance, Euler Finance, Ronin Bridge, etc.)
- Dynamic collection: Automatic weekly updates
- Total coverage: 37 SWC categories + DeFi-specific patterns (Oracle Manipulation, Bridge Exploit)
What's Next
- SlowMist Hacked database integration
- Automatic Semgrep rule generation pipeline for new incidents
- Email alerts for subscribers when new vulnerabilities are detected
ContractScan isn't a "set it and forget it" tool. It's a living security tool. Every week it learns about new threats and applies them to your next scan.
Start scanning your smart contracts at ContractScan.
Try ContractScan free at contract-scanner.raccoonworld.xyz
Top comments (0)