Quick Start
How to use Phalcon Explorer
Last updated
How to use Phalcon Explorer
Last updated
Link: https://app.blocksec.com/explorer
Input a transaction hash into the search box to start using Phalcon Explorer. Also, the history of the transactions searched is shown below.
The link to the Security Incidents
list includes security incidents that have happened since 2023. The list consists of the attack hash, vulnerability type, root cause, and PoC of the attack. This is a good resource for learning DeFi security.
In the following, we will use this transaction to show how to use Phalcon Explorer.
Input the transaction hash and click enter to show the main GUI of Phalcon Explorer.
The main GUI shows the following information for a transaction.
The Basic Info
displays the basic information of the transaction, including the execution status (Status
), the sender (Sender
), and the recipient (Receiver
).
The internal transaction count indicates the number of internal transactions, which can be used to determine the transaction's complexity. The higher the value, the more complex the transaction.
The [Simulator] button in the top right corner allows you to quickly simulate the results of the current transaction at different Block Number [BlockNum
] and position [position in the block
] (The transaction simulation will be explained in this Section).
The Fund Flow
module illustrates the flow of tokens involved in the transaction as a directed graph. Different nodes represent different addresses, and a different background color distinguishes nodes representing the sender or recipient of a transaction.
The directed edge and the information on the edge show the transfer direction, the token, and the number of tokens transferred.
Different serial numbers on the edges are used to distinguish the chronological order of the token transfers.
Edges of the same color identify transfers of the same token,
The same directional flow of the same token between two addresses is merged to simplify the transaction's fund flow map while preserving the characteristics of the token transfer.
The Balance Changes
shows the accounts that have a change in the token balance after the transaction is executed.
The first column lists the addresses with a net inflow or outflow of tokens.
The second column lists the token information, including the names of the token that flows in or out of the address.
The third column shows the change in balance, i.e., the token inflow or outflow amount.
The last column shows the value in USD of the number of tokens flowing in or out of each account when the transaction occurred.
The gas profiler uses the Flame Graph to show the gas used in each function invocation.
Each line in the graph denotes the gas used in each function. Click the function name to show the detailed gas used inside that function.
The state changes show the changes in the storage in this transaction.
This feature is handy when you need an overview of the change to some critical states. For instance, in the recent Tornado Cash Dao attack incident, using this feature can quickly detect malicious proposals to change the locked Balance in Governance
for 100 addresses directly.
Note that Phalcon Explorer supports complicated storage layouts. See this blog for more information.
Invocation Flow displays the sequence of function calls in a transaction as a tree structure.
Each node represents a function call or event trigger and includes information such as call stack depth, call type, and call parameters. A search box and a drop-down selection box for call type and expansion are provided at the top of the module to assist users in interpreting the transaction execution flow.
Users can search for and filter desired call flow information by entering an address, function signature, or function selector in the search box.
Static Call: Whether the static call is shown in the flow.
Gas Used: Whether the gas used in each function call is shown.
Expand: How many levels in the invocation flow are to be shown? The following shows the invocation flow, which only shows two levels.
Phalcon Explorer supports features to facilitate the analysis.
The address, function, and event can be highlighted with a custom background color during the analysis.
The address, function, and event can be set with custom labels.
For the calldata
of a contract, a custom function signature can be provided to decode the calldata
.
The line number is shown in the invocation flow, which helps to locate a particular function call inside the flow quickly. For instance, if you find that the root cause of the exploit is in line N, you can click this line. The URL shown will include this line number. You can directly share the URL with your friends or on Twitter. Others who click the same URL (with the line number) will directly go through that line.
For instance, this link will directly navigate you to line 1250 in the invocation flow.
Tips: Click the button on the top right to enter the full-screen mode of Phalcon Explorer.