I built DEXorado to address a specific blind spot in crypto security: phishing via front-end replicas. While tools like Token Sniffer focus on smart contract analysis, there wasn't a systematic way to verify the DEX URL itself before connecting a wallet.
Attackers clone sites like Uniswap perfectly. The only difference is the domain and the contract behind the "Swap" button. To catch this, I built a weighted scoring system (0–100) that runs a URL through 6 independent checks:
Whitelist Cross-Reference (20%): Matches against a curated list of 200+ legit domains. Uses Levenshtein distance to flag typosquatting (e.g., uniswap-pro).
Threat Intelligence (20%): Aggregates VirusTotal and URLhaus data, with logic to suppress false positives for whitelisted domains.
Smart Contract Router (20%): Verifies the router contract via Etherscan against known deployments (Uniswap/PancakeSwap).
Domain Analysis (15%): Penalizes domains < 30 days old and high-risk hosting providers.
TX Simulation (15%): Analyzes 24h transaction patterns to distinguish legitimate routers from wallet drainers.
SSL Inspection (10%): Checks TLS validity and issuer reputation.
The output is a verdict: SAFE, CAUTION, SUSPICIOUS, or DANGER. I also built a Token Scanner that aggregates GoPlus and DEXScreener data into a unified risk score.
I’m currently iterating on the weighting logic—specifically, whether Domain Age (15%) should weigh more than TX Simulation (15%) given the speed of new scams.
Would love technical feedback from the HN community.
Hi HN,
I built DEXorado to address a specific blind spot in crypto security: phishing via front-end replicas. While tools like Token Sniffer focus on smart contract analysis, there wasn't a systematic way to verify the DEX URL itself before connecting a wallet.
Attackers clone sites like Uniswap perfectly. The only difference is the domain and the contract behind the "Swap" button. To catch this, I built a weighted scoring system (0–100) that runs a URL through 6 independent checks:
Whitelist Cross-Reference (20%): Matches against a curated list of 200+ legit domains. Uses Levenshtein distance to flag typosquatting (e.g., uniswap-pro). Threat Intelligence (20%): Aggregates VirusTotal and URLhaus data, with logic to suppress false positives for whitelisted domains. Smart Contract Router (20%): Verifies the router contract via Etherscan against known deployments (Uniswap/PancakeSwap). Domain Analysis (15%): Penalizes domains < 30 days old and high-risk hosting providers. TX Simulation (15%): Analyzes 24h transaction patterns to distinguish legitimate routers from wallet drainers. SSL Inspection (10%): Checks TLS validity and issuer reputation. The output is a verdict: SAFE, CAUTION, SUSPICIOUS, or DANGER. I also built a Token Scanner that aggregates GoPlus and DEXScreener data into a unified risk score.
I’m currently iterating on the weighting logic—specifically, whether Domain Age (15%) should weigh more than TX Simulation (15%) given the speed of new scams.
Would love technical feedback from the HN community.