AI-powered real-time smart contract scanner that connects Machine Learning with Etherscan V2 to analyze newly deployed contracts instantly. Fetches verified Solidity code, performs static risk analysis, computes ML-driven deployer trust scores, and generates full security intelligence pipelines for Web3 threat detection.
Machine Learning Meets Etherscan: A Full Pipeline for Real-Time Smart Contract Scanning
How to Build a Complete ML + Blockchain Security System That Monitors New Smart Contracts in Real Time
Blockchain security is changing fast. Rugpulls evolve, malicious deployers grow more sophisticated, and new contracts appear every few seconds. Traditional manual audits simply cannot keep up.
So what is the future? AI-powered, automated, real-time contract scanning, a pipeline that continuously fetches fresh deployments from Etherscan, analyzes their Solidity code, classifies risk using machine learning, and generates trust scores for both tokens and deployers.
In this article, we build exactly that. Step by step. Fully explained.
Why โReal-Time Smart Contract Scanningโ?
Every malicious token and every rugpull begins with one moment:
A deployment transaction.
Once the token is live, investors will be targeted, liquidity may be added, Telegram hype starts, and a scam might unfold in minutes.
If we can intercept and analyze a token immediately at deployment, before the first investor buys, we gain:
- Early warning signals
- Automatic red flags
- Deployer reputation insight
- Liquidity risk estimation
- Scam pattern detection
The Full Real-Time ML + Etherscan Pipeline
Below is the complete architecture pipeline:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [1] Listen for New Deployments (Etherscan / On-Chain) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [2] Fetch Contract Source Code (Etherscan V2) โ
โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [3] Static Token Audit (Rule-Based Analysis) โ
โ - dangerous patterns (mint, blacklist, trading lock) โ
โ - taxable functions, honeypot flags โ
โ - suspicious structures โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [4] ML Feature Extraction โ
โ - numeric + binary features โ
โ - contract metadata โ
โโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [5] Machine Learning Classification โ
โ - RandomForest or Gradient Boosting โ
โ - P(rugpull), P(suspicious) โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [6] Deployer Reputation Engine โ
โ - aggregates all contracts by deployer โ
โ - ML trust score (0โ100) โ
โโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ [7] Final Output โ
โ - Token Risk Score + Label โ
โ - Deployer Reputation Score โ
โ - JSON Report / Alerts / Dashboard โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
This is essentially a self-contained risk intelligence system.
Letโs break it down layer by layer.
Layer 1, Real-Time Detection Using Etherscan V2
Etherscan V2 introduces a cleaner, more explicit API:
https://api.etherscan.io/v2/api
Every deployment contract comes from:
- A transaction where
contractAddressis non-null - Usually a
CREATEorCREATE2opcode
Option A, Poll Etherscan every X seconds for latest txs
Option B, Use WebSocket blockchain listeners (Alchemy, Infura)
Option C, Hybrid (WS for speed, Etherscan for source code)
Once you detect a deployer transaction:
{
"from": "0xDEAD...123",
"contractAddress": "0xABC...789",
"hash": "0xTX..."
}
You pull the source code immediately via:
module=contract
action=getsourcecode
If verified, you now have raw Solidity text to analyze.
Layer 2, Static Token Risk Auditor (Pattern-Based)
Before machine learning even enters the conversation, pattern-based static analysis is extremely effective.
The auditor extracts indicators from Solidity like:
Mint Authority
function mint() public onlyOwner {}
Huge rugpull signal.
Trading Locks
bool public tradingOpen;
Blacklisting
mapping(address => bool) public isBlacklisted;
Fee Manipulation
function setFee(uint256 fee) external onlyOwner {}
Sell Restriction
uint256 public maxTxAmount;
Owner-Controlled Liquidity
Owner can drain liquidity after listing.
These convert into binary features:
has_mint = 1
has_blacklist = 1
hastradinglock = 1
hassetfee = 1
...
Combined with structural features:
- number of lines
- number of functions
- number of
publickeywords - number of modifiers
- complexity metrics
Layer 3, Machine Learning Classification (Token-Level)
This is where the AI comes in.
Given a feature vector:
[
n_lines,
n_public,
has_mint,
has_blacklist,
hastradinglock,
hassetfee,
...
]
A model like RandomForestClassifier can learn patterns such as:
โWhen a contract has mint + blacklist + trading lock, it is usually a rugpull.โ
Model Outputs:
- risk_score (0โ100)
- risk_level (Low / Medium / High)
- label (
safe,suspicious,rugpull_candidate) - Optional: feature importance
Layer 4, Deployer Reputation Engine
A scammer rarely deploys only one malicious token.
They repeat the pattern.
So the pipeline aggregates:
# number of deployed tokens
n_contracts
how many were safe / suspicious / rugpull
n_safe
n_suspicious
n_rugpull
portfolio ratios
fracsafe = nsafe / n_contracts
fracrugpull = nrugpull / n_contracts
This becomes a second ML feature vector:
[ncontracts, nsafe, nsuspicious, nrugpull, fracsafe, fracrugpull]
Then the model computes:
ML-based Deployer Trust Score (0โ100)
Risk class: Low / Medium / High
Label: trusted / watchlist / high_risk
This is extremely effective at detecting serial rugpull deployers.
Layer 5, Orchestration: The End-to-End Pipeline
A real-time system must:
- Monitor new deployments (WS or Etherscan)
- Fetch code immediately
- Run the auditor
- Run ML classifier
- Attach the deployer reputation
- Output a full JSON report
- Optionally publish to on-chain registry
{
"contract": "0xABC...",
"deployer": "0xDEAD...",
"token_risk": {
"score": 87,
"level": "High",
"label": "rugpull_candidate"
},
"deployer_reputation": {
"score": 92,
"risk_class": "High",
"label": "high_risk"
}
}
This can be:
- saved
- streamed
- alerted
- visualized
- or pushed on-chain
Mathematical Insight: Why This Pipeline Works
The idea behind ML-enhanced smart contract scanning is simple:
**Tokens reveal behavior.
Deployers reveal intent.
Combined, they reveal risk.**
Mathematically:
Where:
- g is rule-based + ML token classifier
- f is ML over deployer feature distributions
Security Benefits
Detect rugpulls before liquidity is added
Identify serial scam deployers
Monitor new contracts in real time
Reduce human workload
Build automated alerts
Generate transparent scoring for end users
Create on-chain trust registries
This is exactly the direction real-world Web3 security companies are moving toward.
Future Upgrades
You can enhance this system with:
- Graph neural networks for contract similarity
- Code embeddings (CodeBERT, GPT, StarCoder)
- Real-time honeypot transaction simulation
- Multi-chain support (BSC, Arbitrum, Base)
- On-chain oracles that publish reputation scores
- Browser extensions that warn users instantly
- Telegram/Discord alert bots
Conclusion
Real-time smart contract scanning is not science fiction. It is a practical, achievable system, especially when powered by:
- Machine learning
- Static analysis
- Blockchain data
- Etherscan V2
- Deployer history
- Fetches fresh contracts
- Audits their code
- Scores their deployers
- Outputs risk intelligence
- Enables on-chain trust registries
If you build and share a system like this, youโre operating at the level of real Web3 security teams.