PulseChain-native protection intelligence

PulseShield.io

Scan any PulseChain DeFi contract before you trust it. PulseShield is the premium command surface for live risk intelligence. It reads on-chain evidence, detects high-risk patterns, and displays results like a production security command dashboard.

Scan Target

Contract intelligence intake

Contract address

Network lock

PulseChain only

All scans inspect PulseChain mainnet evidence.

Project type

Auto-classified

Detected from bytecode, source, selectors, and token metadata.

Audit Score

Warning

Threat Level: Orange

Verdict: WarningPulseChain / Auto-classifiedType confidence: PendingPLS gas / scan.pulsechain.comSWC + OWASP SCS mapped

Adversarial Interpretation

Caution: meaningful risk needs review. This contract may function normally today, but retained control can change behavior later. This is not automatically malicious, but it creates rug-pull and governance-risk potential.

Owner can modify transfer fees up to 100%

Critical

Confidence: LikelyExploitability: ImmediateUser impact: Fund loss / Trading lock

Centralized blacklist can block sells

High

Confidence: ConfirmedExploitability: ConditionalUser impact: Frozen funds / Privilege abuse

Upgradeable proxy depends on single admin

High

Confidence: PossibleExploitability: Upgrade-dependentUser impact: Fund loss / Reputation risk

External call before complete accounting update

Medium

Confidence: LikelyExploitability: ConditionalUser impact: Accounting corruption

Contract Dependency Graph

Interactive evidence map

PulseChain contract

Target Contract

0xA1077a...0f9a27

info

0xA1077a294dDE1B09bB078844df40758a5D0f9a27

Threat Radar

PulseShield Exploit Simulations

Threat pulse routing

Privilege escalation88%

owner -> fee setter -> sell lock

Liquidity drain74%

router -> pair -> reserve skew

Proxy mutation81%

admin -> implementation -> delegatecall

Oracle pulse69%

spot price -> borrow path -> liquidation

Critical Findings

Classified by severity, confidence, exploitability, impact, evidence, context, and fix

1. Owner can modify transfer fees up to 100%

CriticalLikely

Evidence: setFees(uint256,uint256), _taxFee, onlyOwner, PairSync event drift

Exploitability: Immediate

Taxonomy: OWASP SCS / SWC

False-positive context: Launch taxes may be temporary if capped, timelocked, and transparently emitted.

Recommended fix: Hard cap fees below a protocol-approved ceiling, add timelock, emit granular events, and renounce or multisig the role.

2. Centralized blacklist can block sells

HighConfirmed

Evidence: mapping(address => bool) blacklist, _beforeTokenTransfer, setBlacklist(address,bool)

Exploitability: Conditional

Taxonomy: OWASP SCS / SWC

False-positive context: Sanctions controls can be legitimate when narrowly scoped and governed.

Recommended fix: Restrict blacklist use to documented compliance cases, add appeal flow, timelock changes, and publish admin actions.

3. Upgradeable proxy depends on single admin

HighPossible

Evidence: EIP-1967 implementation slot, ProxyAdmin.owner(), delegatecall upgrade path

Exploitability: Upgrade-dependent

Taxonomy: OWASP SCS / SWC

False-positive context: Proxies are normal when controlled by multisig, timelocks, tests, and public upgrade notices.

Recommended fix: Move admin to audited multisig plus timelock, document upgrade runbooks, and monitor implementation bytecode changes.

4. External call before complete accounting update

MediumLikely

Evidence: withdraw(uint256), call{value: amount}(), rewards[msg.sender] update follows call

Exploitability: Conditional

Taxonomy: OWASP SCS / SWC

False-positive context: May be safe if guarded by nonReentrant and all state-changing paths are covered.

Recommended fix: Apply checks-effects-interactions, update accounting before transfer, and add reentrancy guards across shared state.

5. Oracle route appears manipulable within one block

HighSpeculative

Evidence: getAmountsOut(), spot reserves, no TWAP window, no heartbeat validation

Exploitability: Economic-only

Taxonomy: OWASP SCS / SWC

False-positive context: Deep liquidity and independent circuit breakers can reduce exploit practicality.

Recommended fix: Use TWAP or trusted oracle aggregation, bound price movement, and reject stale or extreme values.

Market Intel

Run a token scan to attach live DexScreener price, liquidity, volume, trade-flow, pair ranking, and generated market charts.

Risk Matrix

Honeypot riskhigh

Owner privilege riskcritical

Proxy upgrade riskhigh

Tax / fee manipulation riskhigh

Mint / burn abuse riskmedium

Oracle attack riskhigh

Reentrancy riskmedium

Liquidity drain riskhigh

Governance capture riskmedium

Hidden blacklist riskcritical

Pausable / frozen funds riskmedium

Live Scan Terminal

engine.boot: PulseShield online

chain.profile: PulseChain mainnet / native gas PLS

fetch.source: scan.pulsechain.com lookup queued

static.pass: Slither / Mythril / Semgrep rules mapped

bytecode.pass: proxy slot and selector scan complete

ai.report: evidence-only explanation drafting

verdict.rule: never guarantee safety

Severity Heatmap

Community Trust Voting

Suspicious42%

Needs Manual Review28%

False Positive13%

Confirmed Malicious11%

Confirmed Safe6%

Credibility: new users 1x, verified wallet age 1.5x, auditor badge 3x, past accurate reports 5x, sybil-suspicious accounts 0.25x.

Detection Modules

Ownership & privilege scanner

Proxy / upgradeability scanner

ERC20 / ERC721 behavior scanner

Honeypot and transfer-restriction scanner

Fee / tax mutation scanner

Mint / burn authority scanner

Blacklist / whitelist / cooldown scanner

Liquidity and pair interaction scanner

Oracle dependency scanner

Flash-loan attack surface scanner

Reentrancy scanner

External-call scanner

Storage collision / proxy slot scanner

Governance takeover scanner

Signature / permit abuse scanner

Reward accounting scanner

Staking withdrawal edge-case scanner

NFT metadata / reveal / admin abuse scanner

Bridge / cross-chain trust scanner

Known exploit-pattern matcher

Bytecode similarity scanner

Community reputation layer

Source-Backed Taxonomy

SC01 Access controlSC02 Business logicSC03 Oracle manipulationSC04 Flash-loan attacksSC05 Input validationSC06 Unchecked external callsSC07 Arithmetic / precisionSC08 ReentrancySC09 DoSSC10 Proxy / upgradeabilitySWC weakness taxonomy

Automated analysis cannot guarantee safety. Findings may include false positives or incomplete context. Some risky permissions are legitimate during launch, migration, or emergency-protection periods. Always combine automated scans with manual review before deploying funds.