Ai contract risk scanner

[1evi7eo]

Description

This PR adds a new AI Contract Risk Scanner demo application for BNB Smart Chain (BSC). The scanner performs bytecode-based heuristic risk analysis on smart contracts by fetching contract data via the BSCTrace API (MegaNode) and analyzing bytecode patterns for common security risks.

Key features:

• Fetches contract bytecode and creation transaction data from BSCTrace API
• Analyzes bytecode for delegatecall/proxy patterns, self-destruct, CREATE/CREATE2, and size-based complexity
• Generates a 0–100 risk score with categorized findings (low, medium, high, critical)
• Provides a dark-mode web UI for interactive contract scanning
• Includes comprehensive unit tests for all risk analysis functions

Motivation:
This tool serves as a learning resource and first-pass risk assessment tool for developers and users interacting with BSC smart contracts. It helps identify common risk patterns before engaging with contracts, though it is not a replacement for professional security audits.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

The implementation includes comprehensive unit tests in app.test.ts that cover:

• Address validation and normalization functions
• Bytecode risk analysis heuristics (delegatecall, self-destruct, CREATE/CREATE2, size checks)
• Risk scoring algorithm
• API endpoint error handling

Manual testing steps:

1. Run npm install to install dependencies
2. Copy .env.example to .env and set BSCTRACE_API_KEY (get a free key from https://dashboard.nodereal.io/)
3. Run npm test to execute all unit tests
4. Run npm start to start the server
5. Open http://localhost:3333 in a browser
6. Test scanning with various BSC contract addresses (e.g., verified contracts, proxy contracts, etc.)
7. Verify risk scores and findings are displayed correctly in the UI

Test coverage:

• All risk analysis functions have unit tests
• Address validation edge cases are covered
• API error scenarios are tested

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[vivixu-cmd]

Congratulations! You have received a Cookbook reward. Please reply with your BSC wallet address.Thanks

[1evi7eo]

Congratulations! You have received a Cookbook reward. Please reply with your BSC wallet address.Thanks

Thank you for the opportunity to contribute!
0x23b23556c3CAA3C582EeE23Fc0D972352FB2a62c