# About BlockSec Full-Stack Blockchain Security and Compliance Provider BlockSec is a **full-stack blockchain security and crypto compliance provider**. We build products and services that help customers to [**perform code audit**](https://blocksec.com/audit) **(including smart contracts, blockchain and wallets)**, [**intercept attacks in real time**](https://blocksec.com/phalcon/security), [**analyze incidents**](https://blocksec.com/phalcon/explorer), [**trace illicit funds**](https://metasleuth.io/), and [**meet AML/CFT obligations**](https://blocksec.com/phalcon/compl)**,** across the full lifecycle of protocols and platforms. **BlockSec** [**has published multiple blockchain security papers**](https://blocksec.com/research) **in prestigious conferences,** [**reported several zero-day attacks**](https://app.blocksec.com/explorer/security-incidents) **of DeFi applications,** [**blocked multiple hacks to rescue more than 20 million dollars**](https://blocksec.com/phalcon)**, and** [**secured billions of cryptocurrencies**](https://blocksec.com/customers)**.** ## Services and Products
## Product map | Category | Product | What it’s for | | ------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | | **Security (Pre-launch)** | [**Security Audits**](https://blocksec.com/audit) | Smart contract + L1/L2 + Wallet security reviews to reduce exploit risk before deployment | | **Security (Interception)** | [**Phalcon Security**](https://blocksec.com/phalcon/security) | Real-time monitoring + alerts + automated blocking actions to stop hacks | | **Compliance (AML/CFT)** | [**Phalcon Compliance**](https://blocksec.com/phalcon/compliance) | Address screening + transaction monitoring + case workflows + STR/SAR exports | | **Investigations** | [**MetaSleuth**](https://metasleuth.io/) | Cross-chain fund tracing, graphs, collaboration, monitoring, and investigation tooling | | **Incident Analysis** | [**Phalcon Explorer**](https://blocksec.com/phalcon/explorer) | Transaction simulation + debugging + fund flow + state changes for deep incident analysis | | **Security (Interception)** | [**STOP for L2 Chains**](https://blocksec.com/stop) | Sequencer-level protection: detect malicious L2 txs before inclusion and quarantine them | | **Security (Asset Protection)** | [**Safe{Wallet} Monitor**](https://blocksec.com/safe-wallet-monitor) | Multisig / Safe protection: catch anomalies before signing/execution | | **Developer Tools** | [**MetaSuites**](https://blocksec.com/metasuites) | Browser extension with 20+ utilities: fund flow, labels, simulation, risk awareness, dev helpers | | **MEV Protection** | [**BlockSec Anti‑MEV RPC**](https://anti-mev.blocksec.com/) | Reduce sandwich/front-running risks by routing txs through MEV-protected RPC | {% hint style="info" %} If you’re building compliance workflows (KYA/KYT screening, monitoring, reporting), start with Phalcon Compliance and connect MetaSleuth for deep tracing when alerts escalate {% endhint %} ## Research BlockSec also [publishes security research](https://blocksec.com/research) and engineering work related to blockchain performance and threat detection, including areas such as: * Attack detection (e.g., DeFi manipulation detection frameworks) * Phishing detection * Faster transaction processing / node architectures ## Getting started Pick the path that matches your role: * **I’m launching a protocol, operate an L2, develop a crypto wallet and need a security audit** → Start with [**Security Audits**](https://blocksec.com/audit) * **I need real-time hack detection & blocking** → Start with [**Phalcon Security**](https://blocksec.com/phalcon/security) * **I need AML/CFT screening & monitoring** → Start with [**Phalcon Compliance**](https://blocksec.com/phalcon/compliance) (add [MetaSleuth](https://metasleuth.io/) for tracing) * **I’m analyzing an exploit or suspicious transaction** → Use [**Phalcon Explorer** ](https://docs.blocksec.com/phalcon/phalcon-explorer)+ [**Security Incidents Library**](https://blocksec.com/security-incident) * **I operate an L2 and want infrastructure-grade protection** → Explore [**STOP**](https://blocksec.com/stop) * **I manage a treasury and want to protect our Safe** → Use [**Safe{Wallet} Monitor**](https://blocksec.com/safe-wallet-monitor) * **I’m building transaction insights into my product** → Integrate [**Transaction Simulation API**](/transaction-insights/transaction-simulation-api) * **I want MEV protection for my swaps** → Configure [**Anti‑MEV RPC**](/blocksec-anti-mev-rpc) ## Community & official channels * Email: * Twitter * BlockSec: [@BlockSecTeam](https://twitter.com/BlockSecTeam) * BlockSec Phalcon: [@Phalcon\_xyz](https://twitter.com/phalcon_xyz/) * MetaSuites (Prev. MetaDock): [@MetaDockTeam](https://twitter.com/metadockteam) * MetaSleuth: [@MetaSleuth](https://twitter.com/metasleuth) * Telegram Group * Audit and Phalcon-related: * Scam, phishing, and crypto tracking: * LinkedIn: * YouTube: # BlockSec Anti-MEV RPC The "sandwich attack" is one of the most common frontrunning methods in the DeFi space, where attackers place two transactions around a trader's swap order on a DEX, aiming to manipulate asset prices through this sandwiching approach, causing the trader to incur asset losses. To address this, BlockSec has launched an MEV protection RPC, safeguarding users' DeFi journey. {% hint style="info" %} **RPC Endpoints** * **Ethereum: ** * **BSC:** **** {% endhint %} ## Wallet Users Users need to add the corresponding RPC endpoints into their wallets to use these RPC endpoints. In the following, we will show the steps for some popular wallets. ### MetaMask Step 1: click on the top left to show the networks.
Step 2: Edit the network
Step 3: Click to add the RPC URL
Input `https://bsc.rpc.blocksec.com`for BSC (or `https://eth.rpc.blocksec.com`for Ethereum). Ensure that the default RPC URL is the one we just set.
# Bundle API Our Anti-MEV RPC on BSC supports the method `eth_sendBundle`to send multiple private transactions in a bundle. {% hint style="success" %} RPC Endpoint: {% endhint %} ## eth\_sendBundle `POST` `/` Send private transactions in a bundle ### Request Parameters
ParameterMandatoryFormatExampleDescription
txsMandatoryarray[hex]["0x…35", "0x…4e"]List of signed raw transactions.
maxBlockNumberOptionaluint6447793530Maximum block number for the bundle's validity. Default is current block number + 100.
revertingTxHashesOptionalarray[hash]["0x…2c", "0x…3d"]List of transaction hashes allowed for revert.
### Request Example ```shell curl https://bsc.rpc.blocksec.com \ -X POST \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": "1", "method": "eth_sendBundle", "params": { ... } }' ``` One example of the detailed request. ```json { "jsonrpc": "2.0", "id": "1", "method": "eth_sendBundle", "params": [ { "txs":["0x…3e", "0x…1f"], // List of signed raw transactions "maxBlockNumber":47793594, // The maximum block number for the bundle to be valid, with the default set to the current block number + 100 "revertingTxHashes":[ "07c956724f0fd00a9fb1ea71e111d87dc8dae099c914b8b4859f1e6e667d4ea8" ], // List of transaction hashes allowed for revert } ] } ``` ### Response Example ```json { "jsonrpc":"2.0", "id":"1", "result":"0x1e5e……fbd1" //bundle hash } ``` ```json { "jsonrpc":"2.0", "id":"1", "error":{ "code":-38000, "message":"the maxBlockNumber should not be smaller than currentBlockNum" } } ``` # Phalcon Security A Platform to Monitor and Block Hacks [BlockSec Phalcon Security](#user-content-fn-1)[^1]is a new paradigm for securing protocols. It helps protocol detect hacks, operational, interaction and financial risks, get instant alerts, and take automatic action to prevent threats before they do any damage. [Its battle-tested capability has been proven](https://blocksec.com/blog/lead-in-phalcon-s-hack-blocking-saga) by successfully thwarting 20+ real-world hacks and rescuing over $20,000,000 worth of asset. **Highlights of BlockSec Phalcon** * Get early access to precise attack intelligence * Automated attack blocking with Customized Actions * No-code, flexible monitoring rules configuration * Meet both security and operational monitoring requirements ## How to Use You can [book a demo ](https://calendly.com/blocksec/phalcon-demo)to talk with our technical support engineers before subscribing to Phalcon. The *detailed user manual of Phalcon* can be accessed after subscribing to Phalcon. ## Use Cases ### DeFi Protocol Operator The protocol operator can use Phalcon to monitor attacks on its protocol (smart contracts) and configure Phalcon to automatically pause the protocol when an attack is detected in the mempool or on the blockchain to prevent further losses. **Also, the protocol operator can use Phalcon to monitor sensitive operations related to its protocol,** including updating critical configuration, changing admin roles, adding new owners to critical multisig wallets, withdrawing funds from the protocol by admins, and others. Awareness of such sensitive operations (can take corrective actions) is critical to maintaining the protocol's security since inside attackers (or private key leakage) can lead to significant loss to the protocol. ### LPs (Liquidity Providers) LPs are the people who deposit (or stake) many assets into some protocols. When a protocol is hacked, the LP's assets will be drained (not the protocols). Using Phalcon, LPs can get notifications when their investment protocols are hacked and automatically withdraw funds before others (or other strategies) to reduce loss. ### L2 Chains L2 chain operators can collaborate with BlockSec to support Phalcon in its L2 chains. This can help secure the top protocols on the L2 chains, which uphold a thriving ecosystem. Besides, L2 chains can integrate Phalcon deeply inside the chain (e.g., the sequencer) to create an even more secure ecosystem from the root. ### Centralized Exchanges Centralized exchanges (CEX) can automatically use Phalcon to delist tokens affected by hacks. Otherwise, the valueless tokens can be sold in exchanges, which causes loss. [^1]: # Phalcon Explorer Dive into transactions and Act Wisely [**Phalcon Explorer**](https://blocksec.com/explorer) is a powerful transaction explorer designed for the DeFi community. It provides comprehensive data on *invocation flow, source code, balance changes, transaction fund flows, gas profiler, and state changes*. It also supports transaction debugging and transaction simulation. This tool aims to help developers, security researchers, and traders intuitively understand transactions. {% hint style="info" %} **Visit the user manual for instructions on how to use Phalcon Explorer.** {% endhint %} ## Supported Chains * Mainnet: [Ethereum](https://ethereum.org/en/), [Solana](https://solana.com/), [Binance Smart Chain](https://www.bnbchain.org/en), [Arbitrum](https://arbitrum.io/), [Base](https://base.org/), [Polygon](https://polygon.technology/), [Avalanche](https://www.avax.network/), [Optimism](https://www.optimism.io/), [Mantle](https://www.mantle.xyz/), [MegaETH](https://www.megaeth.com/), [Monad](https://www.monad.xyz/), [Plasma](https://www.plasma.to/), [Story](https://docs.story.foundation/introduction), [Linea](https://linea.build/), [Gnosis](https://www.gnosischain.com/), [Scroll](https://scroll.io/), [HyperEVM](https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/hyperevm) * Testnet: [Story Aeneid](https://docs.story.foundation/network/connect/aeneid), [Sepolia](https://sepolia.etherscan.io/), [Hoodi](https://hoodi.etherscan.io/) ## Feedback We value your input and would greatly appreciate any feedback or suggestions you may have. {% hint style="info" %} Please use [the link](https://github.com/blocksecteam/Phalcon/issues/new/choose) to submit any feature requests or report any issues. {% endhint %} ## Blogs Here is a list of blogs on how to use Phalcon Explorer * [Beyond 7 Days: Exploring the Endless Possibilities of Phalcon](https://blocksec.com/blog/beyond-7-days-exploring-the-endless-possibilities-of-phalcon-beyond-7-days-exploring-the-endless-possibilities-of-phalcon)[ Explorer](https://blocksec.com/blog/beyond-7-days-exploring-the-endless-possibilities-of-phalcon-beyond-7-days-exploring-the-endless-possibilities-of-phalcon) * [How to use Phalcon Explorer Debugger to dive into a transaction ](https://blocksec.com/blog/how-to-use-phalcon-debug-to-dive-into-a-transaction-1) {% hint style="info" %} Please use [the link](https://github.com/blocksecteam/Phalcon/issues/new/choose) to submit any feature requests or report any issues. {% endhint %} # Quick Start How to use Phalcon Explorer Link:
Input a transaction hash into the search box to start using Phalcon Explorer. Also, the history of the transactions searched is shown below. {% hint style="info" %} **The link to the** [**`Security Incidents`**](https://blocksec.com/security-incident) **list includes security incidents that have happened since 2023**. The list consists of the attack hash, vulnerability type, root cause, and PoC of the attack. This is a good resource for learning DeFi security. {% endhint %} In the following, we will use [this transaction](https://app.blocksec.com/explorer/tx/eth/0xe3f0d14cfb6076cabdc9057001c3fafe28767a192e88005bc37bd7d385a1116a) to show how to use Phalcon Explorer. ## Main GUI Input the transaction hash and click enter to show the main GUI of Phalcon Explorer.
The main GUI shows the following information for a transaction. * [Basic Info](#basic-information) * [Fund Flow](#fund-flow) * [Balance Changes](#balance-change) * [Gas Profiler](#gas-profiler) * [State Changes](#state-changes) * [Invocation Flow](#invocation-flow) {% hint style="info" %} Tips: Click the button on the top right to enter the full-screen mode of Phalcon Explorer. {% endhint %} ### Basic Information The `Basic Info` displays the basic information of the transaction, including the execution status (`Status`), the sender (`Sender`), and the recipient (`Receiver`). The internal transaction count indicates the number of internal transactions, which can be used to determine the transaction's complexity. The higher the value, the more complex the transaction. The **\[Simulator]** button in the top right corner allows you to quickly simulate the results of the current transaction at different Block Number \[`BlockNum`] and position \[`position in the block`] (The transaction simulation will be explained in this Section). ### Fund Flow The `Fund Flow` module illustrates the flow of tokens involved in the transaction as a directed graph. Different nodes represent different addresses, and a different background color distinguishes nodes representing the sender or recipient of a transaction.
The directed edge and the information on the edge show the transfer direction, the token, and the number of tokens transferred. * Different serial numbers on the edges are used to distinguish the chronological order of the token transfers. * Edges of the same color identify transfers of the same token, * The same directional flow of the same token between two addresses is merged to simplify the transaction's fund flow map while preserving the characteristics of the token transfer. ### Balance Change The `Balance Changes` shows the accounts that have a change in the token balance after the transaction is executed.
* The first column lists the addresses with a net inflow or outflow of tokens. * The second column lists the token information, including the names of the token that flows in or out of the address. * The third column shows the change in balance, i.e., the token inflow or outflow amount. * The last column shows the **value in USD** of the number of tokens flowing in or out of each account *when the transaction occurred*. ### Gas Profiler The gas profiler uses the [Flame Graph](https://www.brendangregg.com/flamegraphs.html) to show the gas used in each function invocation.
Each line in the graph denotes the gas used in each function. Click the function name to show the detailed gas used inside that function. ### State Changes The state changes show the changes in the storage in this transaction.
This feature is handy when you need an overview of the change to some critical states. For instance, in the recent [Tornado Cash Dao attack incident](https://app.blocksec.com/explorer/tx/eth/0x3274b6090685b842aca80b304a4dcee0f61ef8b6afee10b7c7533c32fb75486d), using this feature can quickly detect malicious proposals to change the locked Balance in `Governance` for 100 addresses directly.
Note that Phalcon Explorer supports complicated storage layouts. See [this blog](https://blocksec.com/blog/major-upgrades-to-block-sec-phalcon-s-storage-analysis-and-monitoring-functions) for more information. ### Invocation Flow Invocation Flow displays the sequence of function calls in a transaction as a tree structure. Each node represents a function call or event trigger and includes information such as call stack depth, call type, and call parameters. A search box and a drop-down selection box for call type and expansion are provided at the top of the module to assist users in interpreting the transaction execution flow.
Users can search for and filter desired call flow information by entering an address, function signature, or function selector in the search box. * Static Call: Whether the static call is shown in the flow. * Gas Used: Whether the gas used in each function call is shown. * Expand: How many levels in the invocation flow are to be shown? The following shows the invocation flow, which only shows two levels.
## Customization Phalcon Explorer supports features to facilitate the analysis. ### Custom Highlight Color The address, function, and event can be highlighted with a custom background color during the analysis.
### Custom Label The address, function, and event can be set with custom labels.
### Custom Function Signature For the `calldata` of a contract, a custom function signature can be provided to decode the `calldata`. ### Share The Analysis The line number is shown in the invocation flow, which helps to locate a particular function call inside the flow quickly. For instance, if you find that the root cause of the exploit is in line N, you can click this line. The URL shown will include this line number. You can directly share the URL with your friends or on Twitter. Others who click the same URL (with the line number) will directly go through that line. For instance, [this link](https://app.blocksec.com/explorer/tx/eth/0xe3f0d14cfb6076cabdc9057001c3fafe28767a192e88005bc37bd7d385a1116a?line=1250) will directly navigate you to line 1250 in the invocation flow. # Debugger Phalcon Explorer Debugger Phalcon Explorer supports transaction debugging, a powerful feature that can significantly improve the analysis efficiency of complex transactions. In the following, we will illustrate this feature using the transaction of the exploitation of [the Euler protocol.](https://twitter.com/BlockSecTeam/status/1635262150624305153) Click [the link for this transaction](https://app.blocksec.com/explorer/tx/eth/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d). {% hint style="info" %} Tx Hash: [0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d](https://app.blocksec.com/explorer/tx/eth/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d) {% endhint %} ## Enter the Debug Mode There are two different ways to enter the debug mode: from a specific line in the invocation flow view or by clicking the Debug button. ### Method-I: Though the execution trace The Invocation Flow in Phalcon provides a view that lets users take a complete picture of the hack transaction and identify possible exploitation locations. This is useful when hundreds of external calls and events may exist [in the transaction](https://app.blocksec.com/explorer/tx/eth/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d?line=90).
In the case of the Euler protocol exploitation, the hack transaction consists of many steps, including `borrowing Flashloan from Aave`, `depositing Dai into the Euler protocol`, etc. But in one of the steps, the exploiter called `donateToReserves()` to "donate" a massive fund to the Euler protocol, which warrants our vigilance. In this case, we can directly debug the transaction from this step by clicking the debug icon. ### Method II: Through the Debug button Another way to enter the debug mode is by clicking the Debug button in the upper right corner. ## Debugger View Layout After entering the Debug mode, we can see the following screen.
This screen has five panels, which are as follows. 1. **Call Trace Panel**: Showing the trace of external calls and events. 2. **Source Code Panel:** Providing the contract's source code and the current line (highlighted) referring to the call site of a function. 3. **Debug Console**: a call-level single-step debug console. 4. **Debug Trace Panel**: Showing the call stack of the current contract with a combination of internal and external calls. 5. **Parameters & Return Values Panel:** Showing call parameters and return values. Sometimes, you may notice that the source code panel does not show the code. This is because the panel shows the function's call site by default. The reason is that the hacking contract is not unverified (not open-sourced), so the source code cannot be shown. The `eDai` contract is verified so we can **Step In** to see the specific implementation of `donateToReserves()`. After clicking **Step In**, the current line becomes the call site inside the `eDai` contract. It’s a proxy contract, and the code is shown below.
After **Step In** again, we can finally see the concrete implementation of `donateToReserves()`.
## Debug Console The debug console helps understand the detailed call trace, including the internal function call (The **Jump** at the first of a line indicates that this is an internal call). Note that the Call Trace Panel does not have an internal call trace.
To traverse between the detailed execution, Phalcon provides four buttons on the **Debug Console**, and **Next** and **Previous** have slightly different logic under the two colors. * Next (Red Button): Go to the next call site in the whole call trace. * Next (Blue Button): Go to the next call site of the current function. * Previous(Red Button): Go to the previous call site in the whole call trace. * Previous(Blue Button): Go to the previous call site of the current function. * Step In: Go to the callee function. * Step Out: Return to the call site of the current function. For instance, we can click the **Next** button to analyze the implementation of `donateToReserves()`. We can find that the hacker donated 100 million eDAI, making the eDAI less than the dDAI and eligible for liquidation. Therefore, the root cause is that `donateToReserves()` lacks of liquidity check for eligible liquidation, and the exploiter liquidated himself/herself and took out 38 million `eDAI`.
## Debugger View Sharing A transaction's debug can be shared directly via [URL](https://app.blocksec.com/explorer/tx/eth/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d?line=471\&debugLine=471), which contains the trace’s row number. When others open the link, the same debug view will be shown. This is useful when you want to share the analysis result with others. Team members can use this to collaborate, analyze, and discuss together! In summary, the typical workflow of using Phalcon Explorer Debugger to analyze a hack transaction follows. * Find the possible issue in Invocation Flow and start debugging from there. * Debug the source code, check the parameters, and return values of internal calls. * Share your analysis with team members (or public readers) for collaboration. ## Other Features Phalcon Debug has many features to help you improve efficiency. * The Call Trace View can show the full parameters by turning on the `parameters` switch on the left top panel. * For external calls, click "Rawdata" can see the raw call parameters. # Simulator Phalcon simulator allows a user to simulate a transaction at an arbitrary position of an arbitrary block. The simulated transaction can be **viewed in Phalcon Explorer and shared with others.** This feature can be used in multiple scenarios. * Users: Understand the transaction before signing it * Developers: Debug a transaction * Security researchers: Simulate and debug an attack transaction ## Launch the Simulator The simulator can be launched inside a detailed transaction or the landing page of Phalcon Explorer. * ![](/files/dhqWVkYJ0ILgskKBoubw)Network: Select the network. Ethereum, BSC, Arbitrum, Optimism, Avalanche, and Polygon are currently supported. * Sender: The sender of the transaction (the `from` address) * Receiver: The target of this transaction (the `to` address) * Calldata: the detailed call data of this transaction. To facilitate the construction of the calldata, the call data can be specified using the contract ABI. * Value: the value of this transaction. * Gas Limit: The gas limit. * Gas Price: The gas price. * Use Pending Block: Whether the simulation occurs on the latest block or an old block specified in the `Block Number`. The default value is `False`. * Block Number: The block number where the transaction simulates. * Position in Block: The position inside the block. When launching inside the transaction page, the transaction data is automatically fed into the simulator (and can be changed) for a quick simulation. This is useful when you just want to slightly change the data of an existing transaction, e.g., changing the position inside the block.
## Examples In the following, we will use some examples to illustrate this feature. ### Sending Ether We can simulate a transaction to send 200 Ether to an address, e.g., from to `vitalik.eth` `0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045`to`0xdeadbeef40e59eb8582ff949afb313e09c5815c9.`
The simulated transaction can be viewed in Phalcon Explorer. The link to this simulated transaction can be shared with friends (the link is valid 48 hours after sharing).
### Sending USDC
When the `Receiver` is a contract, our system will get the ABI of the contract if it's verified and show the list of methods. Users can select a method to invoke in the transaction. For instance, the contract is `USDC` contract, and the method `transfer` is invoked to send USDC from the sender to the `to` value of the invocation. If the contract is not verified, a Local ABI can be uploaded. Of course, a raw calldata can also be used. # Phalcon Compliance Real-Time AML/CFT Solution for Crypto Compliance [Phalcon Compliance](https://blocksec.com/phalcon/compliance) is a **real-time AML solution for crypto compliance**, designed to help teams **identify illicit activity, manage risk, and meet AML/CFT obligations** using **crypto address screening and transaction monitoring**.
### What Phalcon Compliance helps with If you’re worried about **high-risk users**, **illicit transactions**, or **compliance penalties**, Phalcon Compliance is positioned to help you **detect risks**, **stay compliant**, and **safeguard your business**. ### Core capabilities #### 1) Address screening Use address screening to assess the risk of counterparties (e.g., deposit source addresses or withdrawal destination addresses). #### 2) Transaction monitoring Transaction monitoring is designed for **real-time detection** of suspicious behaviors and risk signals as activity happens on-chain—supporting operational controls like alerting, review queues, and escalation. #### 3) Customizable compliance risk engines For organizations operating across markets, Phalcon Compliance describes **customizable risk engines** that can be adapted to different regulatory environments, enabling **compliance automation at scale**. #### 4) One-click STR/SAR exports For teams that need reporting workflows, Phalcon Compliance highlights **one-click STR/SAR exports** to simplify reporting and documentation. #### 5) Fund tracing and investigations with MetaSleuth For deeper investigations—especially in exchange workflows—Phalcon Compliance references tracing illicit activity by using **MetaSleuth’s investigation tools** to follow funds and support case handling. ### Use cases #### A) Crypto payment platforms Recommended controls for payment workflows: * **Detect high-risk deposits in real time** across **mixers**, **exploits**, and **sanctioned sources** * **Block risky withdrawals** to prevent violations * **Simplify reporting** with **one-click STR/SAR exports** {% hint style="info" %} ### Resource: Crypto Payment Compliance Handbook The page also links to a [**Crypto Payment Compliance Handbook**](https://blocksec.com/compliance-handbook), positioned as a practical guide to navigating global regulations and securing crypto payments {% endhint %} #### B) Centralized exchanges (CEX) For exchange environments, Phalcon Compliance highlights: * **Uncover illicit activity** by tracing funds using **MetaSleuth** * **Automate compliance at scale** with **customizable risk engines** aligned to global regulations ### Getting started **Start Free Trial** via the [Phalcon Compliance](https://blocksec.com/phalcon/compliance) For full pricing details, refer to the [pricing plan link](https://app.blocksec.com/phalcon/v2/billing/pricing) in the Phalcon app. # Security Incident List Dive into our collection of hack incidents driven by vulnerability exploits, uncover their underlying causes, and explore PoC codes. This is an essential reference to bolster your defenses against hackers! The attack incidents causing losses exceeding $100K will be documented. {% hint style="info" %} {% endhint %}
# Overview MetaSleuth is a crypto tracking and investigation platform. It can help monitor market movements, track fund flow of criminal activities, and DYOR to avoid scams. :detective:**Everyone can become a sleuth in the crypto world and DYOR!** {% hint style="info" %} Visit -> for the full documents {% endhint %} {% hint style="info" %} MetaSleuth resources * {% endhint %} # Phishing Attack Steps to be taken for phishing attack victims {% hint style="warning" %} Please read carefully to understand actions that need to be performed to prevent further loss**.** {% endhint %} {% embed url="" %} 3 Minutes Guidance After Being Phished {% endembed %} ## What should I do if my assets are stolen? **First**, identify the cause and take appropriate measures to prevent further losses. **Second**, attempt to recover the losses through tracking and investigation. **It is important to note** that recovering losses often requires significant time and effort (and it's nearly impossible to recover funds in most cases), so it is advisable to prioritize minimizing further damage promptly. **Third**, [read this document](/metasleuth/avoid-being-a-phishing-victim) to become aware of phishing attacks and avoid becoming a victim of phishing. ## How to avoid further losses? If it is a case of private key compromise, it is recommended to **immediately** transfer the remaining assets from that address to a **secure** wallet on **all relevant blockchains**. If your passphrase has been leaked, use a new passphrase to generate new addresses and transfer all remaining assets in the addresses generated by the leaked passphrase to new ones. If it is a phishing incident, use [Approval Diagnosis ](/metasuites/user-security-features/approval-diagnosis)to revoke unnecessary approvals immediately to prevent further loss (**very important!!!**). Then, use [MetaSleuth](https://metasleuth.io) to track the fund flow and monitor the stolen funds if needed. Report to law enforcement and corresponding crypto exchanges. ## Can I recover my losses? Recovering stolen funds is generally difficult in most cases. Here are some suggestions: * If you have suffered significant losses, file a report with your local law enforcement agency. You can provide them with a phishing report or fund flow chart generated by [MetaSleuth](https://docs.blocksec.com/metasleuth/introduction) to help them understand the situation you have encountered. * If you urgently need to recover stolen funds, consider seeking assistance from professional investigation agencies or firms specializing in asset recovery. {% hint style="danger" %} DO NOT give sensitive information like your passphrase to anyone claiming they can recover your lost funds. **DO NOT trust anyone who claims to represent BlockSec to recover your loss.** See our Twitter thread. {% endhint %} ## What can I do with MetaSleuth? MetaSleuth primarily assists you in two ways. **Firstly, you can use** [**MetaSleuth**](https://metasleuth.io/) **to track stolen funds.** If you discover that the stolen funds have entered centralized exchanges or flash exchanges, you can seek assistance from these platforms and gather evidence (usually with the help of law enforcement) to further the investigation. **Secondly, you can utilize MetaSleuth's** [**monitoring**](https://metasleuth.io/monitor) **feature** to continuously monitor the stolen funds, enabling you to stay informed about the movement of funds and follow up on any leads. Here are some contact information for exchanges (updating): * Binance * [Binance Court Orders Portal (For Freezing/Disclosure Orders) ](https://www.binance.com/en/binance-legal) * [Government Law Enforcement Request System](https://www.binance.com/en/support/law-enforcement) * [Coinbase](https://help.coinbase.com/en/coinbase/other-topics/legal-policies/who-do-i-contact-for-a-subpoena-request-or-dispute-or-to-send-a-legal-document) * OKX: [Law Enforcement Request Guide](https://www.okx.com/support/hc/en-us/articles/360021858931-Law-Enforcement-Request-Guide) * Bitfinex: [Bitfinex Law Enforcement Requests Policy](https://www.bitfinex.com/legal/general/law-enforcement-requests-policy) * Crypto.com: [How can Law Enforcement Agencies get in touch with Crypto.com](https://help.crypto.com/en/articles/1360625-how-can-law-enforcement-agencies-get-in-touch-with-crypto-com) * Huobi: [How to Contact Customer Service](https://www.huobi.com/support/en-us/detail/360000674851) * Kucoin: [Law Enforcement Request Guidelines](https://www.kucoin.com/zh-hant/news/law-enforcement-request-guidelines) * Fixedfloat: * ChangeNow: * StealthEX: # Avoid Being a Phishing Victim {% hint style="info" %} See [**our blog**](https://blocksec.com/blog/how-to-avoid-being-a-web3-phishing-victim) for more information on avoiding being a phishing victim. {% endhint %} # Transaction Simulation API Understand a transactoin before signing it See exactly what a transaction will do—*before* it’s signed. Our API runs a full on‑chain simulation and returns clear, USD‑denominated balance changes, so users of custodial platform such as [Cobo](https://www.cobo.com/) and [Fireblocks](https://www.fireblocks.com/) can approve or reject transfers with confidence. **Why it matters** * **Pre‑sign insights** – Know the outcome of any transaction in advance. * **Seamless integration** – A lightweight REST endpoint that drops straight into your existing workflow. * **Actionable data** – Balance deltas presented in familiar USD terms. **Supported chains**\ Ethereum · BNB Smart Chain · Base · Optimism · Polygon · Story · Story Aeneid Testnet **Get started**\ [Fill out the form](https://blocksec.com/expert-contact) to receive your API key and start simulating in minutes. ## Balance Change ## Raw Transaction Simulation > Simulate raw transaction and get balance changes ```json {"openapi":"3.0.3","info":{"title":"Transaction Simulation API","version":"1.0.3"},"servers":[{"url":"https://api.blocksec.com/simulation/v1"}],"paths":{"/raw/balancechange":{"post":{"summary":"Raw Transaction Simulation","description":"Simulate raw transaction and get balance changes","parameters":[{"name":"API-Key","in":"header","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RawTransactionRequest"}}}},"responses":{"200":{"description":"Simulation result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimulationResponse"}}}}}}}},"components":{"schemas":{"RawTransactionRequest":{"type":"object","required":["blockNumber","transaction"],"properties":{"blockNumber":{"type":"integer","format":"uint64","description":"The block number on which the transaction simulation is based. If this value is 0, transaction simulation will be based on the latest block."},"transaction":{"type":"string","description":"Raw transaction hex string"},"enableCodeOverwrite":{"type":"boolean","description":"Enable Safe-signature-bypass for the simulation. Defaults to false."},"overwriteAddresses":{"type":"array","items":{"type":"string"},"description":"Addresses on which Safe-signature-bypass should be applied. Only used when enableCodeOverwrite is true. Duplicates are ignored. If omitted or empty, falls back to the top-level `tx.to` decoded from the raw transaction; for contract-creation transactions nothing is applied."}}},"SimulationResponse":{"type":"object","required":["code","message","data"],"properties":{"code":{"type":"integer","format":"int32","enum":[0,1,2,3,4,5,6,7,8],"description":"Status codes:\n- 0: Success\n- 1: Unexpected error (contact phalcon_support@blocksec.com)\n- 2: Invalid request body format\n- 3: Invalid raw transaction\n- 4: Unsupported chain ID\n- 5: Chain-gateway error (contact phalcon_support@blocksec.com)\n- 6: RPC node error (contact phalcon_support@blocksec.com)\n- 7: Invalid chain ID\n- 8: The check of transaction simulation failed\n"},"message":{"type":"string","description":"Human-readable description of the status code"},"data":{"$ref":"#/components/schemas/TransactionData"}}},"TransactionData":{"type":"object","required":["status","blockNumber","txnHash","sender","receiver","timestamp","callData","gasLimit","gasPrice","gasUsed","baseFee","transactionFee","nonce","value","errorInfo","balanceChanges","viewLink"],"properties":{"status":{"type":"boolean","description":"Transaction execution status (true/false)"},"blockNumber":{"type":"integer","format":"uint64","description":"Block number"},"txnHash":{"type":"string","description":"Transaction hash"},"sender":{"type":"string","description":"Transaction initiator address"},"receiver":{"type":"string","description":"Transaction recipient address"},"timestamp":{"type":"string","format":"date-time","description":"Transaction timestamp"},"callData":{"type":"string","description":"Transaction calldata in hex format"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction"},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string)"},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas used in the transaction"},"baseFee":{"type":"string","pattern":"^\\d+$","description":"Base fee for EIP-1559 transactions in wei (as integer string)"},"transactionFee":{"type":"string","pattern":"^\\d+$","description":"Total transaction fee in wei (as integer string)"},"nonce":{"type":"integer","format":"uint64","description":"Sender's nonce (equal to number of transactions sent by sender)"},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"errorInfo":{"type":"string","description":"Error information when status is false"},"balanceChanges":{"type":"array","items":{"$ref":"#/components/schemas/BalanceChange"},"description":"List of account balance changes"},"viewLink":{"type":"string","description":"Phalcon Explorer view link for the transaction simulation"}}},"BalanceChange":{"type":"object","required":["account","assets"],"properties":{"account":{"type":"string","description":"Account address (asset holder)"},"assets":{"type":"array","items":{"$ref":"#/components/schemas/Asset"},"description":"List of asset changes"}}},"Asset":{"type":"object","required":["address","tokenId","rawAmount","amount","iconUrl","isERC1155","isERC721","sign","value"],"properties":{"address":{"type":"string","description":"Token contract address"},"tokenId":{"type":"string","description":"Token ID for ERC721/ERC1155 (empty string for ERC20)"},"rawAmount":{"type":"string","pattern":"^\\d+$","description":"Raw amount (unprocessed by decimals) as integer string"},"amount":{"type":"string","description":"Formatted amount (rawAmount / 10^decimals), empty if decimals missing"},"iconUrl":{"type":"string","description":"URL for token icon (empty if unavailable)"},"isERC1155":{"type":"boolean","description":"Indicates ERC1155 token"},"isERC721":{"type":"boolean","description":"Indicates ERC721 token"},"sign":{"type":"boolean","description":"Indicates sign of rawAmount/amount (positive/negative)"},"value":{"type":"string","description":"USD value of asset in decimal format.\nEmpty if missing token price or decimals information.\nExamples: \n- \"22.94604\" (with USD value)\n- \"\" (no pricing data)\n"}}}}}} ``` ## Custom Transaction Simulation > Simulate custom transaction parameters and get balance changes ```json {"openapi":"3.0.3","info":{"title":"Transaction Simulation API","version":"1.0.3"},"servers":[{"url":"https://api.blocksec.com/simulation/v1"}],"paths":{"/custom/balancechange":{"post":{"summary":"Custom Transaction Simulation","description":"Simulate custom transaction parameters and get balance changes","parameters":[{"name":"API-Key","in":"header","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomTransactionRequest"}}}},"responses":{"200":{"description":"Simulation result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimulationResponse"}}}}}}}},"components":{"schemas":{"CustomTransactionRequest":{"type":"object","required":["chainId","transaction"],"properties":{"chainId":{"type":"integer","format":"uint64","description":"Chain ID for the transaction"},"blockNumber":{"type":"integer","format":"uint64","description":"The block number on which the transaction simulation is based. If this value is 0, transaction simulation will be based on the latest block."},"transaction":{"type":"object","required":["sender","receiver","gasLimit","gasPrice","value","input"],"properties":{"sender":{"type":"string","description":"Transaction sender address"},"receiver":{"type":"string","description":"Transaction recipient address"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction. If this value is zero, then the simulation will be based on the gasLimit returned by eth_estimateGas."},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string). If this value is zero, then the simulation will be based on the gasPrice returned by eth_gasPrice."},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"input":{"type":"string","description":"Transaction calldata in hex format"}}},"enableCodeOverwrite":{"type":"boolean","description":"Enable Safe-signature-bypass for the simulation. Defaults to false."},"overwriteAddresses":{"type":"array","items":{"type":"string"},"description":"Addresses on which Safe-signature-bypass should be applied. Only used when enableCodeOverwrite is true. Duplicates are ignored. If omitted or empty, falls back to transaction.receiver."}}},"SimulationResponse":{"type":"object","required":["code","message","data"],"properties":{"code":{"type":"integer","format":"int32","enum":[0,1,2,3,4,5,6,7,8],"description":"Status codes:\n- 0: Success\n- 1: Unexpected error (contact phalcon_support@blocksec.com)\n- 2: Invalid request body format\n- 3: Invalid raw transaction\n- 4: Unsupported chain ID\n- 5: Chain-gateway error (contact phalcon_support@blocksec.com)\n- 6: RPC node error (contact phalcon_support@blocksec.com)\n- 7: Invalid chain ID\n- 8: The check of transaction simulation failed\n"},"message":{"type":"string","description":"Human-readable description of the status code"},"data":{"$ref":"#/components/schemas/TransactionData"}}},"TransactionData":{"type":"object","required":["status","blockNumber","txnHash","sender","receiver","timestamp","callData","gasLimit","gasPrice","gasUsed","baseFee","transactionFee","nonce","value","errorInfo","balanceChanges","viewLink"],"properties":{"status":{"type":"boolean","description":"Transaction execution status (true/false)"},"blockNumber":{"type":"integer","format":"uint64","description":"Block number"},"txnHash":{"type":"string","description":"Transaction hash"},"sender":{"type":"string","description":"Transaction initiator address"},"receiver":{"type":"string","description":"Transaction recipient address"},"timestamp":{"type":"string","format":"date-time","description":"Transaction timestamp"},"callData":{"type":"string","description":"Transaction calldata in hex format"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction"},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string)"},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas used in the transaction"},"baseFee":{"type":"string","pattern":"^\\d+$","description":"Base fee for EIP-1559 transactions in wei (as integer string)"},"transactionFee":{"type":"string","pattern":"^\\d+$","description":"Total transaction fee in wei (as integer string)"},"nonce":{"type":"integer","format":"uint64","description":"Sender's nonce (equal to number of transactions sent by sender)"},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"errorInfo":{"type":"string","description":"Error information when status is false"},"balanceChanges":{"type":"array","items":{"$ref":"#/components/schemas/BalanceChange"},"description":"List of account balance changes"},"viewLink":{"type":"string","description":"Phalcon Explorer view link for the transaction simulation"}}},"BalanceChange":{"type":"object","required":["account","assets"],"properties":{"account":{"type":"string","description":"Account address (asset holder)"},"assets":{"type":"array","items":{"$ref":"#/components/schemas/Asset"},"description":"List of asset changes"}}},"Asset":{"type":"object","required":["address","tokenId","rawAmount","amount","iconUrl","isERC1155","isERC721","sign","value"],"properties":{"address":{"type":"string","description":"Token contract address"},"tokenId":{"type":"string","description":"Token ID for ERC721/ERC1155 (empty string for ERC20)"},"rawAmount":{"type":"string","pattern":"^\\d+$","description":"Raw amount (unprocessed by decimals) as integer string"},"amount":{"type":"string","description":"Formatted amount (rawAmount / 10^decimals), empty if decimals missing"},"iconUrl":{"type":"string","description":"URL for token icon (empty if unavailable)"},"isERC1155":{"type":"boolean","description":"Indicates ERC1155 token"},"isERC721":{"type":"boolean","description":"Indicates ERC721 token"},"sign":{"type":"boolean","description":"Indicates sign of rawAmount/amount (positive/negative)"},"value":{"type":"string","description":"USD value of asset in decimal format.\nEmpty if missing token price or decimals information.\nExamples: \n- \"22.94604\" (with USD value)\n- \"\" (no pricing data)\n"}}}}}} ``` ## Trace ## Raw Transaction Simulation > Simulate raw transaction and return execution trace ```json {"openapi":"3.0.3","info":{"title":"Transaction Simulation API","version":"1.0.3"},"servers":[{"url":"https://api.blocksec.com/simulation/v1"}],"paths":{"/raw/trace":{"post":{"summary":"Raw Transaction Simulation","description":"Simulate raw transaction and return execution trace","parameters":[{"name":"API-Key","in":"header","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RawTransactionRequest"}}}},"responses":{"200":{"description":"Simulation result with trace","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimulationTraceResponse"}}}}}}}},"components":{"schemas":{"RawTransactionRequest":{"type":"object","required":["blockNumber","transaction"],"properties":{"blockNumber":{"type":"integer","format":"uint64","description":"The block number on which the transaction simulation is based. If this value is 0, transaction simulation will be based on the latest block."},"transaction":{"type":"string","description":"Raw transaction hex string"},"enableCodeOverwrite":{"type":"boolean","description":"Enable Safe-signature-bypass for the simulation. Defaults to false."},"overwriteAddresses":{"type":"array","items":{"type":"string"},"description":"Addresses on which Safe-signature-bypass should be applied. Only used when enableCodeOverwrite is true. Duplicates are ignored. If omitted or empty, falls back to the top-level `tx.to` decoded from the raw transaction; for contract-creation transactions nothing is applied."}}},"SimulationTraceResponse":{"type":"object","required":["code","message","data"],"properties":{"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"data":{"$ref":"#/components/schemas/TransactionTraceData"}}},"TransactionTraceData":{"allOf":[{"$ref":"#/components/schemas/TransactionData"},{"type":"object","properties":{"trace":{"$ref":"#/components/schemas/Call"}},"required":["trace"]}]},"TransactionData":{"type":"object","required":["status","blockNumber","txnHash","sender","receiver","timestamp","callData","gasLimit","gasPrice","gasUsed","baseFee","transactionFee","nonce","value","errorInfo","balanceChanges","viewLink"],"properties":{"status":{"type":"boolean","description":"Transaction execution status (true/false)"},"blockNumber":{"type":"integer","format":"uint64","description":"Block number"},"txnHash":{"type":"string","description":"Transaction hash"},"sender":{"type":"string","description":"Transaction initiator address"},"receiver":{"type":"string","description":"Transaction recipient address"},"timestamp":{"type":"string","format":"date-time","description":"Transaction timestamp"},"callData":{"type":"string","description":"Transaction calldata in hex format"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction"},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string)"},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas used in the transaction"},"baseFee":{"type":"string","pattern":"^\\d+$","description":"Base fee for EIP-1559 transactions in wei (as integer string)"},"transactionFee":{"type":"string","pattern":"^\\d+$","description":"Total transaction fee in wei (as integer string)"},"nonce":{"type":"integer","format":"uint64","description":"Sender's nonce (equal to number of transactions sent by sender)"},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"errorInfo":{"type":"string","description":"Error information when status is false"},"balanceChanges":{"type":"array","items":{"$ref":"#/components/schemas/BalanceChange"},"description":"List of account balance changes"},"viewLink":{"type":"string","description":"Phalcon Explorer view link for the transaction simulation"}}},"BalanceChange":{"type":"object","required":["account","assets"],"properties":{"account":{"type":"string","description":"Account address (asset holder)"},"assets":{"type":"array","items":{"$ref":"#/components/schemas/Asset"},"description":"List of asset changes"}}},"Asset":{"type":"object","required":["address","tokenId","rawAmount","amount","iconUrl","isERC1155","isERC721","sign","value"],"properties":{"address":{"type":"string","description":"Token contract address"},"tokenId":{"type":"string","description":"Token ID for ERC721/ERC1155 (empty string for ERC20)"},"rawAmount":{"type":"string","pattern":"^\\d+$","description":"Raw amount (unprocessed by decimals) as integer string"},"amount":{"type":"string","description":"Formatted amount (rawAmount / 10^decimals), empty if decimals missing"},"iconUrl":{"type":"string","description":"URL for token icon (empty if unavailable)"},"isERC1155":{"type":"boolean","description":"Indicates ERC1155 token"},"isERC721":{"type":"boolean","description":"Indicates ERC721 token"},"sign":{"type":"boolean","description":"Indicates sign of rawAmount/amount (positive/negative)"},"value":{"type":"string","description":"USD value of asset in decimal format.\nEmpty if missing token price or decimals information.\nExamples: \n- \"22.94604\" (with USD value)\n- \"\" (no pricing data)\n"}}},"Call":{"type":"object","description":"Represents a single EVM execution step, including nested calls and logs.","properties":{"id":{"type":"integer","description":"Represents the execution order of the transaction."},"status":{"type":"boolean","description":"Execution status of the call (true if successful, false otherwise)."},"error":{"type":"string","description":"Error message when the call failed (empty if successful)."},"type":{"type":"string","description":"Type of call (e.g., CALL, DELEGATECALL, STATICCALL, CREATE, CREATE2)."},"from":{"type":"string","description":"Address of the caller (sender of this call)."},"to":{"type":"string","description":"Address of the callee (recipient of this call)."},"value":{"type":"string","description":"ETH value (in wei) transferred in this call."},"input":{"type":"string","description":"Input calldata (hex-encoded) provided to this call."},"output":{"type":"string","description":"Return data (hex-encoded) produced by this call."},"gasLimit":{"type":"integer","format":"uint64","description":"Gas provided for this call."},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas consumed by this call."},"calls":{"type":"array","description":"Nested sub-calls triggered during this call.","items":{"$ref":"#/components/schemas/Call"}},"logs":{"type":"array","description":"Logs emitted during this call.","items":{"$ref":"#/components/schemas/Log"}}}},"Log":{"type":"object","description":"Represents an Ethereum log event emitted during execution.","properties":{"id":{"type":"integer","description":"Represents the execution order of the transaction."},"address":{"type":"string","description":"Address of the contract that emitted the log."},"topics":{"type":"array","items":{"type":"string"},"description":"Indexed event topics (up to 4), hex-encoded."},"data":{"type":"string","description":"Non-indexed event data payload (hex-encoded)."}}}}}} ``` ## Custom Transaction Simulation > Simulate custom transaction parameters and return execution trace ```json {"openapi":"3.0.3","info":{"title":"Transaction Simulation API","version":"1.0.3"},"servers":[{"url":"https://api.blocksec.com/simulation/v1"}],"paths":{"/custom/trace":{"post":{"summary":"Custom Transaction Simulation","description":"Simulate custom transaction parameters and return execution trace","parameters":[{"name":"API-Key","in":"header","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomTransactionRequest"}}}},"responses":{"200":{"description":"Simulation result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimulationTraceResponse"}}}}}}}},"components":{"schemas":{"CustomTransactionRequest":{"type":"object","required":["chainId","transaction"],"properties":{"chainId":{"type":"integer","format":"uint64","description":"Chain ID for the transaction"},"blockNumber":{"type":"integer","format":"uint64","description":"The block number on which the transaction simulation is based. If this value is 0, transaction simulation will be based on the latest block."},"transaction":{"type":"object","required":["sender","receiver","gasLimit","gasPrice","value","input"],"properties":{"sender":{"type":"string","description":"Transaction sender address"},"receiver":{"type":"string","description":"Transaction recipient address"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction. If this value is zero, then the simulation will be based on the gasLimit returned by eth_estimateGas."},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string). If this value is zero, then the simulation will be based on the gasPrice returned by eth_gasPrice."},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"input":{"type":"string","description":"Transaction calldata in hex format"}}},"enableCodeOverwrite":{"type":"boolean","description":"Enable Safe-signature-bypass for the simulation. Defaults to false."},"overwriteAddresses":{"type":"array","items":{"type":"string"},"description":"Addresses on which Safe-signature-bypass should be applied. Only used when enableCodeOverwrite is true. Duplicates are ignored. If omitted or empty, falls back to transaction.receiver."}}},"SimulationTraceResponse":{"type":"object","required":["code","message","data"],"properties":{"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"data":{"$ref":"#/components/schemas/TransactionTraceData"}}},"TransactionTraceData":{"allOf":[{"$ref":"#/components/schemas/TransactionData"},{"type":"object","properties":{"trace":{"$ref":"#/components/schemas/Call"}},"required":["trace"]}]},"TransactionData":{"type":"object","required":["status","blockNumber","txnHash","sender","receiver","timestamp","callData","gasLimit","gasPrice","gasUsed","baseFee","transactionFee","nonce","value","errorInfo","balanceChanges","viewLink"],"properties":{"status":{"type":"boolean","description":"Transaction execution status (true/false)"},"blockNumber":{"type":"integer","format":"uint64","description":"Block number"},"txnHash":{"type":"string","description":"Transaction hash"},"sender":{"type":"string","description":"Transaction initiator address"},"receiver":{"type":"string","description":"Transaction recipient address"},"timestamp":{"type":"string","format":"date-time","description":"Transaction timestamp"},"callData":{"type":"string","description":"Transaction calldata in hex format"},"gasLimit":{"type":"integer","format":"uint64","description":"Maximum gas allowed for transaction"},"gasPrice":{"type":"string","pattern":"^\\d+$","description":"Gas price in wei (as integer string)"},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas used in the transaction"},"baseFee":{"type":"string","pattern":"^\\d+$","description":"Base fee for EIP-1559 transactions in wei (as integer string)"},"transactionFee":{"type":"string","pattern":"^\\d+$","description":"Total transaction fee in wei (as integer string)"},"nonce":{"type":"integer","format":"uint64","description":"Sender's nonce (equal to number of transactions sent by sender)"},"value":{"type":"string","pattern":"^\\d+$","description":"Transaction value in wei (as integer string)"},"errorInfo":{"type":"string","description":"Error information when status is false"},"balanceChanges":{"type":"array","items":{"$ref":"#/components/schemas/BalanceChange"},"description":"List of account balance changes"},"viewLink":{"type":"string","description":"Phalcon Explorer view link for the transaction simulation"}}},"BalanceChange":{"type":"object","required":["account","assets"],"properties":{"account":{"type":"string","description":"Account address (asset holder)"},"assets":{"type":"array","items":{"$ref":"#/components/schemas/Asset"},"description":"List of asset changes"}}},"Asset":{"type":"object","required":["address","tokenId","rawAmount","amount","iconUrl","isERC1155","isERC721","sign","value"],"properties":{"address":{"type":"string","description":"Token contract address"},"tokenId":{"type":"string","description":"Token ID for ERC721/ERC1155 (empty string for ERC20)"},"rawAmount":{"type":"string","pattern":"^\\d+$","description":"Raw amount (unprocessed by decimals) as integer string"},"amount":{"type":"string","description":"Formatted amount (rawAmount / 10^decimals), empty if decimals missing"},"iconUrl":{"type":"string","description":"URL for token icon (empty if unavailable)"},"isERC1155":{"type":"boolean","description":"Indicates ERC1155 token"},"isERC721":{"type":"boolean","description":"Indicates ERC721 token"},"sign":{"type":"boolean","description":"Indicates sign of rawAmount/amount (positive/negative)"},"value":{"type":"string","description":"USD value of asset in decimal format.\nEmpty if missing token price or decimals information.\nExamples: \n- \"22.94604\" (with USD value)\n- \"\" (no pricing data)\n"}}},"Call":{"type":"object","description":"Represents a single EVM execution step, including nested calls and logs.","properties":{"id":{"type":"integer","description":"Represents the execution order of the transaction."},"status":{"type":"boolean","description":"Execution status of the call (true if successful, false otherwise)."},"error":{"type":"string","description":"Error message when the call failed (empty if successful)."},"type":{"type":"string","description":"Type of call (e.g., CALL, DELEGATECALL, STATICCALL, CREATE, CREATE2)."},"from":{"type":"string","description":"Address of the caller (sender of this call)."},"to":{"type":"string","description":"Address of the callee (recipient of this call)."},"value":{"type":"string","description":"ETH value (in wei) transferred in this call."},"input":{"type":"string","description":"Input calldata (hex-encoded) provided to this call."},"output":{"type":"string","description":"Return data (hex-encoded) produced by this call."},"gasLimit":{"type":"integer","format":"uint64","description":"Gas provided for this call."},"gasUsed":{"type":"integer","format":"uint64","description":"Actual gas consumed by this call."},"calls":{"type":"array","description":"Nested sub-calls triggered during this call.","items":{"$ref":"#/components/schemas/Call"}},"logs":{"type":"array","description":"Logs emitted during this call.","items":{"$ref":"#/components/schemas/Log"}}}},"Log":{"type":"object","description":"Represents an Ethereum log event emitted during execution.","properties":{"id":{"type":"integer","description":"Represents the execution order of the transaction."},"address":{"type":"string","description":"Address of the contract that emitted the log."},"topics":{"type":"array","items":{"type":"string"},"description":"Indexed event topics (up to 4), hex-encoded."},"data":{"type":"string","description":"Non-indexed event data payload (hex-encoded)."}}}}}} ``` # Overview MetaSuites (previously MetaDock) is the Builders' Swiss Army Knife. It enhances experiences by integrating **innovative features and connecting 30+ useful tools** to blockchain explorers and dApps. MetaSuites **supports** [**Chrome**](https://chrome.google.com/webstore/detail/metadock/fkhgpeojcbhimodmppkbbliepkpcgcoo)**,** [**Edge**](https://chrome.google.com/webstore/detail/metadock/fkhgpeojcbhimodmppkbbliepkpcgcoo)**,** [**Firefox**](https://addons.mozilla.org/en-US/firefox/addon/metadock/)**,** [**Safari**](https://apps.apple.com/cn/app/metadock/id6448738932?l=en\&mt=12)**, and** [**Brave**](https://chrome.google.com/webstore/detail/metadock/fkhgpeojcbhimodmppkbbliepkpcgcoo) **browsers**. :tada: **Roam with** MetaSuites**!** {% embed url="" %} ## Installation Chrome and Edge users, please go to the [Chrome Web Store ](https://chrome.google.com/webstore/detail/metadock/fkhgpeojcbhimodmppkbbliepkpcgcoo)to install MetaSuites. Other users can go to [our landing page](https://blocksec.com/meatadock) to get the installation instructions. Pin to Chrome to have a better experience.
{% hint style="info" %} ### Donation **Please support us to help us do better. Our wallet address is:** [**0x1220D3c0d62929DD970C411413FC854f7FeD00C6**](https://etherscan.io/address/0x1220D3c0d62929DD970C411413FC854f7FeD00C6) {% endhint %} ## Supported Websites & Dapps * [BTC.com](https://explorer.btc.com) * [OpenSea](https://opensea.io) * [EtherScan](https://etherscan.io/) * [BscScan](https://bscscan.com/) * [PolygonScan](https://polygonscan.com/) * [zkEVM PolygonScan](https://zkevm.polygonscan.com/) * [FtmScan](https://ftmscan.com/) * [ArbiScan](https://arbiscan.io/) * [CronoScan](https://cronoscan.com/) * [MoonScan](https://moonscan.io/) * [AvaScan](https://snowtrace.io/) * [OP Mainnet Explorer](https://optimistic.etherscan.io/) * [BTTCScan](https://bttcscan.com/) * [CeloScan](https://celoscan.io/) * [GnosisScan](https://gnosisscan.io/) * [BaseScan](https://basescan.org/) * [LineaScan](https://lineascan.build/) * [WemixScan](https://wemixscan.com/) * [TRONSCAN](https://tronscan.org/#/) * and more # Fund Flow Graph **MetaSuites** (Prev. MetaDock) allows users to get a crypto address's fund flow map quickly. Users can **analyze high-value correlated addresses and substantial fund flows** without entangling complex raw transaction data. 🙌 If you need a comprehensive fund flow analysis for a couple of addresses, try the enhanced version [**MetaSleuth**](https://metasleuth.io)! ### Show Fund Flow Map
The fund flow map presents the most significant transactions and addresses for analysis, rather than every transaction. To access the fund flow map, you should locate the button on the address page. The fund flow map may **NOT** show every transaction when addresses engage in numerous interactions. This is to maintain clarity and focus on the most relevant data for analysis. **Transactions are merged on the fund flow map to provide a more streamlined view**. For example, if address A sends 100 Token A to address B and then another 200 Token A to address B in two separate transactions at times A and B, the fund flow map will consolidate these into one transaction. It will display a single transfer of 300 Token A from address A to address B, with the timestamp from the first transaction, time A, on the chart. {% hint style="info" %} Try this [address](https://etherscan.io/address/0xbefe4f86f189c1c817446b71eb6ac90e3cb68e60). {% endhint %}
For example, related addresses are shown in the fund flow map of *Alameda Research*, and some **cross-chain transactions** are also included. You can **filter interested addresses and tokens** (① on the following figure) by clicking and choosing on the top right corner, then get a streamlined chart like this:
### Save the map Moreover, after the analysis, you can click the download icon(② in Fig.2 ) to export the chart as an **SVG/PNG** file and share it with others. ### Further analysis If you need further analysis, try the enhanced version of the fund flow map, [**MetaSleuth**](https://metasleuth.io)! # User Experience Enhancement ## Explain Transactions **MetaSuites** (Prev. MetaDock) offers concise and informative explanations for most transactions displayed on the Transaction Details page of Etherscan. These explanations encompass the main actions taken and provide essential security-related information. This intelligent service, powered by GPT, serves as a valuable reference for on-chain analysis, providing insightful explanations for most transactions and enhancing your understanding of the blockchain ecosystem. * Try these transactions: [1](https://etherscan.io/tx/0x8eb65ef100eb65273e42f227fb4b4b639531c2c892f4aa60c118c84dc677f98b), [2](https://etherscan.io/tx/0x763aecf12ef7cbe8c70cf30d0bb83bb8a088e9edf93b7983dc9efea2e1826556), [3](https://etherscan.io/tx/0x9c3a6dfd79c5a4faa0341d284805ff770440b6f2059d69d42ec16a1fc08566ec), [4](https://etherscan.io/tx/0x0767d2217dd6e8d2207017d0eaea0bedd551da233e1c047890f3a2e47478b489).

Transaction Explaination, you can copy, like and dislike as feedback to help us improve the quality of transaction explanations.

## Local Labels Users can add their local labels to addresses on supported Blockchain browsers. These labels are stored in users' local storage. These labels can be used in the Phalcon Explorer in the same browser when the option is enabled. See:
## Use Local Time **MetaDock** has another feature (It's turned off by default; you can turn it on in the `settings` panel) that shows **the timestamp on the blockchain explorers using your local time zone** rather than UTC.

Local Time

## Export Current Page Data **MetaSuites** (Prev. MetaDock) **lets users download the current page's data as a JSON/CSV file.** For example, the user can download the latest 25 transactions on this [page](https://etherscan.io/address/0xba399a2580785a2ded740f5e30ec89fb3e617e6e).
## Show Enhanced Copy Icon **MetaSuites** (Prev. MetaDock) helps all blockchain explorers add copy icons in some places to facilitate crypto users in conducting their own investigations and research**.** Try these pages: [1](https://etherscan.io/address/0x86fd4673527f9d5999c5e490ab98766c0cfa8801) [2](https://etherscan.io/tx/0x1a98e8ca0ae83c0e06103f6bc78c96a8c447393f333e5b8d9eacb13e9382e2c4)
## Link to DeBank If you want to explore the **portfolio of an address**, you can click the `DeBank` button near the `Fund Flow` button.
## All-in-one Dock **MetaSuites** (Prev. MetaDock) provides users with an **all-in-one dock** to search for **ENS, address, transaction hash, and selector (function signature)**.
* **ENS:** **MetaSuites** automatically resolves it and turns to the E*therscan* page of the corresponding address. * **Address:** it goes to the *Blockscan* page of this address that lists multi-chain links. * **Transaction hash:** it redirects to the transaction page of this hash. * **Function** **selector:** it utilizes [4byte](https://www.4byte.directory/) to retrieve the function signature. **MetaSuites** (Prev. MetaDock) allows users to launch blockchain explorers quickly. Each icon leads you to the corresponding blockchain browser. Pin the **MetaSuites** (Prev. MetaDock) extension for more convenience.
# User-security Features # Approval Diagnosis **MetaSuites** (Prev. MetaDock) enhanced a token approvals management tool by ***Etherscan*** that can **help you identify and avoid risky approvals to phishing addresses or vulnerable contracts**. ## What are risky approvals? The approval mechanism in token transactions allows users to grant permission to other entities, such as smart contracts or other users, to spend their tokens on their behalf. For example, a user can approve a smart contract to use their USDC tokens, enabling the smart contract to perform operations like swapping USDC for other tokens without requiring further confirmation from the user. Once the tokens are approved for use by the smart contract, no additional signed messages are needed from the token owner for the smart contract to execute transactions with those tokens. This streamlines the transaction process by reducing the need for multiple confirmations. However, the approval can be risky if the spender is a phishing address or a spender is a vulnerable contract. In both cases, the user's tokens can be stolen. {% hint style="danger" %} [See Twitter for how the user was tricked to lose 70 WBTC.](https://twitter.com/MetaSleuth/status/1638812482021228544) {% endhint %} ## How Approval Diagnosis helps **MetaSuites** flags suspicious approvals to vulnerable contracts and EOAs (phishing accounts, unsafe accounts, etc.) **Users can review the approvals here and revoke all risky approvals immediately to prevent further loss**. ### Step 1: Click the Approval Diagnosis button After [installing the **MetaSuites** extension](https://chromewebstore.google.com/detail/metadock-builders-swiss-a/fkhgpeojcbhimodmppkbbliepkpcgcoo), the `Approval Diagnosis` button will be shown on the [address page of the Etherscan](https://etherscan.io/address/0xfab576ff46bd27b095a4eee4a293ecb0c41d5a85).

The Approval Diagnosis Button

### Step 2: Check the risky approval After clicking the button, the detailed approval results will be shown. Risky approval will be displayed in red with notes!

Approval to the phishing address

We can see the approval of the phishing address. Unfortunately, the user did not notice this approval, and the attacker transferred 70 WBTC from this address (see the following figure).
### Step 3: Revoke the approval If there is any risky approval, the user needs to remove the approval immediately. Just connect to the Web3 wallet and revoke all approvals flagged by **MetaSuites**.

When you find risky approvals, please ①connect your wallet and ②revoke as soon as possible

Risky approval has been a significant threat to users, and **MetaSuites** helps users know of their risky approval. To stay safe, don't forget to make an approved **diagnosis regularly.** # Address Labels and Compliance Score {% hint style="info" %} We offer Address Label and Compliance APIs. Click for more information. {% endhint %} ## Address Labels **MetaSuites** (Prev. MetaDock) identifies deposit addresses of CEXs, scammer and hacker addresses, and other addresses we collected and verified (especially those not tagged by the blockchain explorers). It helps users better understand the participants of transactions and track the flow of funds. ### CEX Deposit Addresses **MetaSuites** identifies several addresses on *BTC.com* as `Binance Wallets.` This makes the identification of CEX transfers easier. * **Try this** [**address**](https://explorer.btc.com/btc/address/19aaLsPkiJuFZck7U4mryKFiUg633UJDhm)
### Proxy Contract Labels For proxy contracts, **MetaSuites** gives you a hook to their implementation contracts in the label, which means you can click on the latter half of the label and directly turn to the implementation contract!
### Other Address Labels
Try these addresses: [1](https://etherscan.io/address/0xbefe4f86f189c1c817446b71eb6ac90e3cb68e60) [2](https://etherscan.io/address/0x792a0ac6c73a9882c9fa2becc832ccbf3fe37183#tokentxns) **Note that MetaSuites does not collect and upload users' private tags.** ## Address Compliance Score **MetaSuites** provides the ***address compliance score*** to help **estimate the likelihood of an address associated with illegal activities**. Specifically, an address will fall into one of the five categories: * ***No risk***: almost impossible to be related to illegal activities; * ***Low risk***: the low possibility of being related to illegal activities; * ***Medium risk***: the medium probability of being related to illegal activities; * ***High risk***: high likelihood of being related to illegal activities; * ***Critical risk***: those who are involved in illicit activities. The **compliance scores are provided for reference only and do not constitute any investment advice**. Learn more about the methodology to calculate the risk scores. Try this [address](https://etherscan.io/address/0xba399a2580785a2ded740f5e30ec89fb3e617e6e).

Address Compliance Score

# Developer-Friendly Features ## Smart Contract Related ### Query Private Variables While the blockchain is inherently immutable and transparent, **obtaining the actual state of complete contract variables** remains challenging, even for developers. **MetaSuites** enhances the functionality of the Reading Contract Tab on blockchain explorers by enabling the **query of private variables**. For example, there is a private mapping called \`\_holderTokens\` in the [BAYC contract](https://etherscan.io/address/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d#code) (0xbc4ca0...a936f13d), which stores the IDs of BAYC tokens held by each address. Previously, accessing this information on blockchain explorers like Etherscan was not possible. However, with **MetaSuites**, you can effortlessly query and retrieve such data in the appropriate location provided. * Try this [contract](https://etherscan.io/address/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d#readContract).

_holderTokens of the BAYC contract is accessible via MetaSuites.

### Query Variable Logs Variables within a contract are subject to frequent changes as the blockchain progresses. While some variables remain immutable and constant, others are often updated, creating a complex landscape for developers and onchain detectives tracing their evolution. **MetaSuites** offers a solution by **facilitating log queries for a specific variable within a designated time frame.** This can be defined by either timestamps or block heights. The system conveniently presents the time of the update, the new value after update, and the transaction hash, all in a versatile table. Furthermore, **MetaSuites** provides an option to **export these logs into a CSV file**, allowing for deeper investigation. Please note that you can adjust the time range from the top right corner of the interface. The system intelligently limits the scope to a feasible time period - from the contract's deployment to the present moment. Given the intricacy of some variables, the list is capped at 300 records. For more focused results, consider narrowing down the time range. * Try this [contract](https://etherscan.io/address/0x6982508145454ce325ddbe47a25d4ec3d2311933#readContract).

Question: When did $PEPE's developer renounce its admin privileges?

### Download and View Source Code **MetaSuites** allows users to easily download verified contracts' source code and ABI files. It is pretty helpful for downloading contracts with multiple files. For a proxy contract, it will download the implementation contract simultaneously. * Try this [contract.](https://etherscan.io/address/0x316f9708bB98af7dA9c68C1C3b5e79039cD336E3#code)

View and Download Source Code

If you want to view the project's source code directly on your browser in the VSCode style, just click `View in DethCode.` ### Proxy Upgrade Log There are numerous proxy contracts that can be upgraded when necessary, but they are also susceptible to exploitation by scammers. For developers and security researchers, it is highly beneficial to swiftly **review the proxy upgrade log on the contract page**. **MetaSuites** has integrated [Cergyk](https://twitter.com/cergyk1337)'s [upgrade hub](https://upgradehub.xyz/), and you can simply click on "Proxy Upgrade Log" to access a comprehensive log of typical proxy contracts. * Try this [contract](https://etherscan.io/address/0x2e1db01f87ab645321cb12048bbab8a9538c61cc#code).

The Proxy Upgrade Log displays the upgrade transactions and provides links to the code differential view (on Upgradehub) of the modified implementations.

**MetaSuites allows users to easily interact with popular developer-friendly tools such as Dedaub, Phalcon, Tenderly, Forta, etc.** ### Decompilers If you meet an **unverified contract** like this [contract](https://ftmscan.com/address/0xcd38c2f1b91482e0cd6a1051819483bb81fdd142#code), you can push the button `Decomplile in Dedaub` or `Decompile in ethervm.io` to get a better understanding of the contract.

Decompilers for unverified contracts

### Funding Source of Contract Deployers **MetaSuites** intelligently presents the funding source of contract deployment to users, offering great assistance in executing compliance-related investigations. Try this [address](https://etherscan.io/address/0x1f9840a85d5af5bf1d1762f925bdaddc4201f984).

Funding source of contract deployers

### Function Signatures **MetaSuites** provides a more comprehensive function signature library to complement the *\*scan*'s signature parsing. * [**Click to try**](https://etherscan.io/txs?block=15758642)

Function Signatures

For example, **MetaSuites** replaces the function signature`0x13d79a0b` with `settle`, which makes more sense for users. ## Transaction Explorers If you want to **dive deeply into a transaction**, **MetaSuites** assists you with multiple shortcuts to popular transaction browsers. * ***Phalcon*** provides many innovative features, such as invocation flow, balance changes, and transaction simulations. * ***Transaction Tracer*** and ***Tenderly*** are also very useful and popular among crypto users. *Top EVM-compatible blockchains* are supported. Try this [transaction](https://etherscan.io/tx/0x0fe2542079644e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92).

Transaction Explorers

## Flashbot Explorers If you are an MEV searcher, you may be interested in the bundles in the blocks, and you can utilize *Flashbots Explorer* near the block height. * Try this [block](https://etherscan.io/block/16269398).
## Forta Forta comprises a decentralized network of independent bots that scan all transactions and block-by-block state changes for threats and anomalies. **MetaSuites** is strengthened by the detection support of Forta, displaying additional labels and flagging suspicious transactions. * Try these links: [1](https://bscscan.com/address/0xA254F8fe7d3f9f58B50d140B24b995435EA2F76d) [2](https://arbiscan.io/tx/0xc5d79b2375028f0cefc9224d010e520016d947da8e6360d77dfde286569e0293)

MetaSuites displays additional labels based on Forta bots

MetaSuites flags suspicious transactions based on Forta bots

# Contacts Please let us know if you have any questions about us and our products. * Email * * Twitter * BlockSec: [@BlockSecTeam](https://twitter.com/BlockSecTeam) * BlockSec Phalcon: [@Phalcon\_xyz](https://twitter.com/phalcon_xyz/) * MetaDock: [@MetaDockTeam](https://twitter.com/metadockteam) * MetaSleuth: [@MetaSleuth](https://twitter.com/metasleuth) * Telegram Group * Audit and Phalcon-related * * Scam, phishing and crypto tracking *