fix: small updates to webacy risk data source handling

RevokeCash · Jan 6, 2025 · f9decb9 · f9decb9
1 parent 5f77e41
commit f9decb9
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 18 deletions.
diff --git a/lib/utils/risk.tsx b/lib/utils/risk.tsx
@@ -5,13 +5,14 @@ import { track } from './analytics';
 export const RiskFactorScore: Record<string, number> = {
   allowlist: -100,
   blocklist: 100,
-  closed_source: 50,
+  closed_source: 40,
   deprecated: 100,
   eoa: 100,
   exploit: 100,
-  phishing_risk: 50,
-  unsafe: 50,
-  uninitialized: 50,
+  phishing_risk: 40,
+  proxy: 20,
+  unsafe: 40,
+  uninitialized: 40,
 };
 
 export const filterUnknownRiskFactors = (riskFactors: RiskFactor[]): RiskFactor[] => {
@@ -35,8 +36,8 @@ export const getRiskLevel = (riskFactors: RiskFactor[]): RiskLevel => {
 
   const riskScore = calculateRiskScore(riskFactors);
 
-  if (riskScore >= 80) return 'high';
-  if (riskScore <= 20) return 'low';
+  if (riskScore >= 75) return 'high';
+  if (riskScore <= 25) return 'low';
 
   return 'medium';
 };
@@ -48,9 +49,10 @@ export const getRiskIcon = (riskFactor: RiskFactor) => {
     return <ExclamationCircleIcon className=" text-red-500 h-5" />;
   }
 
-  if (score > 25) {
+  if (score > 0) {
     return <ExclamationTriangleIcon className="text-yellow-500 h-5" />;
   }
 
+  // Green is only used for negative risk factors (e.g. allowlist)
   return <InformationCircleIcon className="text-green-500 h-5" />;
 };
diff --git a/lib/whois/spender/risk/WebacySpenderRiskDataSource.ts b/lib/whois/spender/risk/WebacySpenderRiskDataSource.ts
@@ -22,6 +22,7 @@ export class WebacySpenderRiskDataSource implements SpenderDataSource {
       [ChainId.BNBSmartChainMainnet]: 'bsc',
       [ChainId.PolygonMainnet]: 'pol',
       [ChainId.OPMainnet]: 'opt',
+      [ChainId.ArbitrumOne]: 'arb',
     };
 
     const chainIdentifier = chainIdentifiers[chainId];
@@ -40,20 +41,22 @@ export class WebacySpenderRiskDataSource implements SpenderDataSource {
       const elapsedTime = (new Date().getTime() - time) / 1000;
       console.log(elapsedTime, 'Webacy', address);
 
-      // if (address === '0xecA88125a5ADbe82614ffC12D0DB554E2e2867C8') {
-      //   console.log(data);
-      // }
-
       const ALLOWLIST_TAGS = ['trust_list'];
       const BLOCKLIST_TAGS = ['blacklist_doubt', 'stealing_attack', 'phishing_activities', 'is_blacklisted'];
-      const UNSAFE_TAGS = ['can_take_back_ownership', 'transfer_without_approval', 'restricted_approval'];
+      const UNSAFE_TAGS = [
+        'can_take_back_ownership',
+        'transfer_without_approval',
+        'restricted_approval',
+        'centralized_risk_high',
+        'centralized_risk_medium',
+        'centralized_risk_low',
+      ];
 
       const BLOCKLIST_CATEGORIES = ['contract_reported', 'possible_drainer'];
       const UNSAFE_CATEGORIES = [
         'poor_developer_practices',
         'contract_brickable',
         'contract_issues',
-        'financially_lopsided',
         'improper_signature_validation',
       ];
 
@@ -69,20 +72,23 @@ export class WebacySpenderRiskDataSource implements SpenderDataSource {
         const tags = issue?.tags?.map((tag: any) => tag.key) as string[];
         const categories = Object.keys(issue?.categories ?? {});
 
-        if (address === '0xecA88125a5ADbe82614ffC12D0DB554E2e2867C8') {
-          console.log(tags);
-          console.log(categories);
-        }
-
         const tagFactors = tags.flatMap((tag: string) => {
           if (tag === 'is_closed_source') return [{ type: 'closed_source', source: 'webacy' }];
+          if (tag === 'is_proxy') return [{ type: 'proxy', source: 'webacy' }];
           if (UNSAFE_TAGS.includes(tag)) return [{ type: 'unsafe', source: 'webacy' }];
           if (BLOCKLIST_TAGS.includes(tag)) return [{ type: 'blocklist', source: 'webacy' }];
           if (ALLOWLIST_TAGS.includes(tag)) return [{ type: 'allowlist', source: 'webacy' }];
           return [];
         });
 
         const categoryFactors = categories.flatMap((category: string) => {
+          // Proxies are included in the contract_issues category, but we want to treat them as a separate risk factor,
+          // so we ignore them here and add them in the tagFactors section
+          if (category === 'contract_issues') {
+            const categoryTags = Object.keys(issue.categories.contract_issues.tags);
+            if (categoryTags.length === 1 && categoryTags[0] === 'is_proxy') return [];
+          }
+
           if (IGNORE_CATEGORIES.includes(category)) return [];
           if (UNSAFE_CATEGORIES.includes(category)) return [{ type: 'unsafe', source: 'webacy' }];
           if (BLOCKLIST_CATEGORIES.includes(category)) return [{ type: 'blocklist', source: 'webacy' }];

diff --git a/locales/en/address.json b/locales/en/address.json
@@ -88,6 +88,7 @@
       "medium": "medium risk"
     },
     "phishing_risk": "Increases risk surface in case of phishing",
+    "proxy": "Upgradeable proxy contract",
     "source": "reported by <source-link>{source}</source-link>",
     "uninitialized": "No contract deployed to this address",
     "unsafe": "Potentially unsafe contract code"

diff --git a/locales/es/address.json b/locales/es/address.json
@@ -88,6 +88,7 @@
       "medium": "riesgo medio"
     },
     "phishing_risk": "Aumenta la superficie de riesgo en caso de phishing",
+    "proxy": "Upgradeable proxy contract",
     "source": "reportado por <source-link>{source}</source-link>",
     "uninitialized": "No se ha implementado ningún contrato en esta dirección",
     "unsafe": "Código de contrato potencialmente inseguro"

diff --git a/locales/ja/address.json b/locales/ja/address.json
@@ -88,6 +88,7 @@
       "medium": "中リスク"
     },
     "phishing_risk": "フィッシングの場合のリスク領域が増加",
+    "proxy": "Upgradeable proxy contract",
     "source": "<source-link>{source}</source-link>に報告された",
     "uninitialized": "この住所にはコントラクトがデプロイされていません",
     "unsafe": "安全でない可能性のある契約コード"

diff --git a/locales/ru/address.json b/locales/ru/address.json
@@ -88,6 +88,7 @@
       "medium": "средний риск"
     },
     "phishing_risk": "Увеличивает поверхность риска в случае фишинга",
+    "proxy": "Upgradeable proxy contract",
     "source": "сообщил(а)<source-link>{source}</source-link>",
     "uninitialized": "Контракт по этому адресу не отправлен",
     "unsafe": "Потенциально небезопасный код контракта"

diff --git a/locales/zh/address.json b/locales/zh/address.json
@@ -88,6 +88,7 @@
       "medium": "中风险"
     },
     "phishing_risk": "增加钓鱼风险",
+    "proxy": "Upgradeable proxy contract",
     "source": "举报人：<source-link>{source}</source-link>",
     "uninitialized": "没有部署到此地址的合约",
     "unsafe": "可能不安全的合约代码"