ChainDecode Handbook
Your complete guide to understanding smart contract analysis
Introduction
ChainDecode transforms complex blockchain code into plain English explanations, helping you understand exactly what a smart contract does and identify potential risks before interacting with it.
Deep Analysis
Analyzes every function to explain what it does in simple terms
Risk Detection
Identifies security risks, scam patterns, and best practice violations
Multi-Chain
Supports Ethereum, Polygon, and Arbitrum with chain-specific features
Quick Start Guide
Select Your Chain
Choose between Ethereum (â ), Polygon (âŦ), or Arbitrum (â) using the pill selector
Enter Contract Address
Paste the smart contract address you want to analyze (0x...)
Review the Analysis
Get instant insights about functions, risks, and security warnings
Try These Example Contracts
0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
USDC
0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174
USDC
0xFF970A61A04b1cA14834A43f5dE4533eBDDB5CC8
USDC
Understanding ChainDecode Reports
Every analysis report contains several key sections designed to give you a complete understanding of the contract:
Contract Overview
Basic information about the contract including:
- Contract Name - The verified name if available
- Chain Badge - Which blockchain it's deployed on
- Verification Status - Whether source code is verified
- Contract Type - Token standard or contract pattern detected
Trust Indicators
Contract code is publicly viewable
Price, market cap, and trading volume
Protection against rug pulls
Single owner or multi-sig control
Risk Level Legend
General information and observations
Standard functions with minimal risk
Functions requiring caution
Potentially dangerous operations
Severe security issues detected
Token Standard Functions
ChainDecode recognizes and analyzes functions from all major token standards:
ERC20 Token Functions
transfer
Medium Riskfunction transfer(address to, uint256 amount) returns (bool)
Plain English: Sends tokens from your wallet to another address.
What to check: Make sure the recipient address is correct - transfers cannot be reversed.
approve
High Riskfunction approve(address spender, uint256 amount) returns (bool)
Plain English: Allows another address or contract to spend tokens on your behalf.
What to check: Only approve trusted contracts. Consider the amount carefully.
balanceOf
Low Riskfunction balanceOf(address account) view returns (uint256)
Plain English: Checks how many tokens an address holds.
What to check: This is a read-only function - completely safe to call.
ERC721 NFT Functions
safeTransferFrom
Medium Riskfunction safeTransferFrom(address from, address to, uint256 tokenId)
Plain English: Transfers an NFT from one address to another with safety checks.
What to check: Ensure you own the NFT and the recipient can receive NFTs.
setApprovalForAll
High Riskfunction setApprovalForAll(address operator, bool approved)
Plain English: Grants or revokes permission for an address to manage ALL your NFTs in this collection.
What to check: Only approve marketplaces and contracts you absolutely trust.
DeFi Operation Functions
Trading Functions
swap
High RiskPlain English: Exchanges one token for another through a decentralized exchange.
Key Risks: Slippage, MEV attacks, unfavorable rates
addLiquidity
Medium RiskPlain English: Provides tokens to a liquidity pool for others to trade against.
Key Risks: Impermanent loss, smart contract risk
Staking Functions
stake
Medium RiskPlain English: Locks your tokens in a contract to earn rewards.
What to check: Unstaking conditions, lock periods, reward rates
claimRewards
Low RiskPlain English: Collects earned rewards from staking.
What to check: Gas costs vs. reward amount
Security & Control Functions
Ownership Functions
transferOwnership
CriticalPlain English: Transfers complete control of the contract to a new owner.
Security Impact: New owner gains all administrative privileges
renounceOwnership
InformationalPlain English: Permanently removes owner control from the contract.
Security Impact: Makes the contract immutable - can be good or bad
Emergency Functions
pause
High RiskPlain English: Stops all contract operations in case of emergency.
Centralization Risk: Owner can freeze all user funds
blacklist
CriticalPlain English: Blocks specific addresses from using the contract.
Centralization Risk: Can be used to censor users
Governance Function Analysis
Proposal Functions
propose
Medium Riskfunction propose(address[] targets, uint256[] values, bytes[] calldatas, string description)
Plain English: Creates a new governance proposal for the community to vote on.
What to check: Proposal threshold requirements and voting power needed.
castVote
Low Riskfunction castVote(uint256 proposalId, uint8 support) returns (uint256)
Plain English: Casts your vote on an active governance proposal.
What to check: Voting period and your voting power.
execute
High Riskfunction execute(uint256 proposalId) payable returns (uint256)
Plain English: Executes a successful governance proposal.
What to check: Ensure proposal has passed and timelock period expired.
Delegation Functions
delegate
Medium Riskfunction delegate(address delegatee) external
Plain English: Delegates your voting power to another address.
What to check: Trust the delegatee and understand you can revoke anytime.
Critical Security Warnings
These warnings indicate severe risks that could result in total loss of funds:
Honeypot Detected
What it means: You can buy tokens but cannot sell them.
How we detect it: Transfer function contains owner-only restrictions or blacklist checks that prevent normal trading.
What to do: DO NOT interact with this contract.
Liquidity Not Locked
What it means: Less than 90% of liquidity is locked, enabling rug pulls.
How we detect it: Analyzing LP token distribution and lock contracts.
What to do: Extreme caution - high risk of liquidity removal.
Unlimited Minting
What it means: Owner can create unlimited new tokens.
How we detect it: Mint function with no supply cap or restrictions.
What to do: Understand the tokenomics before investing.
Security Warnings
These warnings indicate significant security concerns that require careful consideration:
Centralized Ownership
What it means: A single address controls critical contract functions.
How we detect it: onlyOwner modifiers on sensitive functions.
What to do: Verify the owner address and check for multi-sig protection.
Upgradeable Contract
What it means: Contract logic can be changed after deployment.
How we detect it: Proxy patterns and implementation slots.
What to do: Check upgrade controls and timelock mechanisms.
No Reentrancy Protection
What it means: Functions may be vulnerable to reentrancy attacks.
How we detect it: Missing nonReentrant modifiers on state-changing functions.
What to do: Exercise caution with large transactions.
External Call Risks
What it means: Contract makes calls to external addresses that could be malicious.
How we detect it: Call patterns to user-provided addresses.
What to do: Verify the external contracts being called.
Best Practice Warnings
These warnings highlight deviations from security best practices:
Missing Events
What it means: Important state changes don't emit events for tracking.
How we detect it: State-changing functions without event emissions.
What to do: Consider this for transparency and monitoring.
No Input Validation
What it means: Functions don't validate input parameters.
How we detect it: Missing require statements for parameter validation.
What to do: Be careful with edge case inputs.
Outdated Solidity Version
What it means: Contract uses an older version of Solidity.
How we detect it: Pragma version in contract source.
What to do: Check if known vulnerabilities affect this version.
Financial Risk Warnings
These warnings highlight potential financial risks and loss scenarios:
Impermanent Loss Risk
What it means: Providing liquidity may result in less value than holding tokens.
How we detect it: LP token contracts and AMM interactions.
What to do: Understand impermanent loss before providing liquidity.
High Slippage Risk
What it means: Low liquidity may cause significant price impact.
How we detect it: Low liquidity pools relative to trading volume.
What to do: Use smaller trade sizes or set tight slippage limits.
Fee Manipulation
What it means: Contract fees can be changed by owners.
How we detect it: Dynamic fee variables with setter functions.
What to do: Monitor fee changes and check maximum limits.
Lock-up Periods
What it means: Your tokens may be locked for extended periods.
How we detect it: Time-based withdrawal restrictions.
What to do: Understand unlock schedules before depositing.
Chain-Specific Features
ChainDecode adapts its analysis based on the blockchain you're analyzing:
Ethereum Analysis Features
DEX Integration
Analyzes Uniswap V2 liquidity pools and trading pairs
Liquidity Lockers
Checks Unicrypt and Pink Lock for locked liquidity
API Version
Uses Etherscan V2 API with enhanced features
Gas Considerations
Higher gas costs - be mindful of transaction fees
Polygon Analysis Features
DEX Integration
Analyzes QuickSwap liquidity pools and trading pairs
Liquidity Lockers
Checks Unicrypt for locked liquidity
API Version
Uses PolygonScan V1 API
Gas Considerations
Very low gas costs - ideal for frequent transactions
Arbitrum Analysis Features
DEX Integration
Analyzes SushiSwap liquidity pools and trading pairs
Liquidity Lockers
Limited locker support - manual verification recommended
API Version
Uses Arbiscan V1 API
Gas Considerations
Low gas costs with Ethereum-level security
Multi-Chain Comparison
Compare features and capabilities across all supported blockchains:
| Feature | â Ethereum | âŦ Polygon | â Arbitrum |
|---|---|---|---|
| API Version | V2 (Enhanced) | V1 (Standard) | V1 (Standard) |
| Primary DEX | Uniswap V2 | QuickSwap | SushiSwap |
| Liquidity Lockers | Unicrypt, Pink Lock | Unicrypt | Limited Support |
| Gas Costs | High ($5-50+) | Very Low ($0.01-0.10) | Low ($0.50-2.00) |
| Network Security | Highest (L1) | High (PoS) | High (L2 Rollup) |
| Transaction Speed | Slow (15s blocks) | Fast (2s blocks) | Fast (250ms) |
| Contract Verification | Excellent | Good | Good |
| DeFi Ecosystem | Largest | Large | Growing |
When to Use Each Chain
â Ethereum
- Analyzing major DeFi protocols
- High-value transactions
- Maximum security requirements
- Well-established projects
âŦ Polygon
- Frequent trading and interactions
- Gaming and NFT projects
- Low-value transactions
- Testing and experimentation
â Arbitrum
- Ethereum-like experience with lower costs
- DeFi protocols seeking scale
- Bridge-heavy applications
- L2-native innovations
Proxy Contract Analysis
Understanding how ChainDecode handles upgradeable contracts:
What Are Proxy Contracts?
Proxy contracts allow smart contract logic to be upgraded after deployment. ChainDecode automatically detects and analyzes both the proxy and implementation contracts.
Transparent Proxy
Most common pattern. Admin controls upgrades, users interact with proxy.
UUPS Proxy
Upgrade logic is in implementation contract, more gas efficient.
Beacon Proxy
Multiple proxies point to a shared beacon for implementation.
How ChainDecode Analyzes Proxies
Proxy Detection
Identifies proxy patterns and extracts implementation address
ABI Merging
Combines proxy and implementation ABIs for complete function analysis
Upgrade Analysis
Checks upgrade controls, timelock mechanisms, and admin permissions
Risk Assessment
Evaluates upgrade risks and centralization concerns
Liquidity Analysis Deep Dive
Understanding ChainDecode's liquidity analysis and rug pull protection:
What We Analyze
đ Pool Detection
Automatically finds trading pairs on major DEXs (Uniswap V2, QuickSwap, SushiSwap)
đ Lock Verification
Checks if LP tokens are locked in trusted platforms (Unicrypt, Pink Lock)
đ Distribution Analysis
Analyzes LP token holder distribution and concentration risks
â° Lock Duration
Verifies lock periods and unlock schedules for transparency
Rug Pull Risk Assessment
Safe (90%+ Locked)
Most liquidity is locked for extended periods
Caution (50-89% Locked)
Partial liquidity protection, monitor remaining liquidity
High Risk (<50% Locked)
Majority of liquidity can be removed at any time
What to Look For
- Lock Percentage: Aim for 80%+ locked liquidity
- Lock Duration: Longer locks (6+ months) indicate commitment
- Lock Platform: Trusted platforms like Unicrypt provide better security
- Team Tokens: Check if team/dev tokens are also locked
- Multi-DEX: Liquidity spread across multiple DEXs reduces risk
Market Data Integration
How ChainDecode integrates market data for comprehensive token analysis:
Data Sources
đĻ CoinGecko
Primary Source: Price, market cap, trading volume
- Real-time price feeds
- 24h trading volume
- Market capitalization
- Price change indicators
đ On-Chain Data
Direct Analysis: Contract-level metrics
- Total supply verification
- Holder distribution
- Transfer patterns
- Contract interactions
đ DEX Analytics
Trading Analysis: Liquidity and trading metrics
- Pool size and depth
- Slippage estimation
- Trading frequency
- Price impact analysis
Market-Based Trust Indicators
Trading Volume
High volume indicates active trading and market interest
Market Cap
Larger market caps generally indicate more established projects
Price Stability
Extreme volatility may indicate manipulation or low liquidity
CoinGecko Rank
Platform ranking provides additional credibility reference
Important Limitations
New Tokens: Recently launched tokens may not have market data
Low Volume: Thin trading can lead to inaccurate price data
Market Manipulation: Price data can be artificially inflated
API Delays: Market data may have slight delays (1-5 minutes)
Frequently Asked Questions
What does "Contract not verified" mean?
It means the contract's source code hasn't been published for public review. While not always malicious, unverified contracts carry higher risk because you can't see what the code actually does.
Can ChainDecode guarantee a contract is safe?
No tool can guarantee 100% safety. ChainDecode helps identify risks and explain functionality, but you should always do additional research and never invest more than you can afford to lose.
Why is there no liquidity information for my token?
Liquidity data is only available for tokens with trading pairs on supported DEXs (Uniswap V2, QuickSwap, or SushiSwap). New or small tokens might not have established liquidity pools yet.
What's the difference between the risk levels?
Risk levels range from Informational (general info) to Critical (severe security issues). Higher risk doesn't always mean scam - it indicates the potential impact if something goes wrong.
How do I report a false positive?
If you believe ChainDecode incorrectly flagged a contract, please open an issue on our GitHub repository with the contract address and your reasoning.