Component Overview
EVM Blockchains- Supports all EVM-compatible chains (Ethereum, Polygon, Arbitrum, Base, Optimism, Rootstock, etc.)
- Connects via RPC/WebSocket to blockchain nodes
- Real-time transaction monitoring
- Blockchain Listeners: Connect to EVM nodes via WebSocket (preferred) or HTTP polling
- Handles multiple chains simultaneously
- Rule Loader: Parses YAML rules and validates syntax
- Rule Evaluator: Evaluates conditions against transactions using expression engine
- Transaction Analyzer: Fetches receipts (if enabled), extracts function selectors from input data (if enabled), analyzes gas usage (if enabled)
- Contract Analyzer: Retrieves contract bytecode (if enabled) for rule evaluation
- Aggregator: Groups related findings to reduce alert noise
- Alerter: Routes findings to configured channels (log, file, Slack, Discord, Email, Webhooks)
- Exporters: Formats findings for external systems (NDJSON for log aggregators, SARIF for CI/CD)
- gRPC Server: Core API for internal communication
- REST API: HTTP API for external integrations and dashboards
- Prometheus Metrics: Performance and operational metrics
- Health Checks: System health monitoring
Data Flow
- Ingestion: Blockchain listeners connect to EVM nodes and stream transactions in real-time
- Rule Loading: YAML rules are parsed, validated, and loaded into the rule engine
- Analysis: Transactions are analyzed by specialized analyzers (transaction, contract)
- Evaluation: Rule evaluator checks conditions against analyzed transaction data
- Aggregation: Related findings are grouped to reduce alert noise
- Output: Findings are routed to configured alert channels and exported in various formats
- Observability: Metrics and health checks provide operational visibility