This repo collects cross-chain smart contract ABIs to protect the Web3 community against phishing attacks targeting average Web3 users and sophisticated remote attacks on whales.
Ethereum and other blockchain decentralized networks are trying to rebuild trust through trustless computational systems. One of the most important mantras in the blockchain community is “Don’t trust. Verify!”.
To apply this mantra to signing a normal transaction on a software or hardware wallet, the user needs to fully verify at least the amount of crypto, destination address (sometimes change address with UTXO model blockchains) and transaction fees. Otherwise an attacker can perform a ransom attack to steal crypto assets without gaining access to the user’s recovery phrase (seed) or private keys. With the booming of Tokenization in 2017 and DeFi projects in 2020, blockchain transactions have become much more complex than just sending coins on mainnet. Transactions that are interacting with smart contracts require software and hardware wallets to be able to do ABI decoding to avoid blind signing.
This repo is a community effort to collect ABIs to protect users against phishing attacks and sophisticated remote attacks. Any software and hardware wallets can use the data in this repo to decode corresponding smart contracts to enhance signing security for the Web3 community.
The repo is a collection of contract data such as names, contract metadata and other data fields.
All of the contract metadata is grouped by chain. For each contract, it has a json file with the contract address as its name.
For each json file, there are these fields:
{
"name": string, // contract name optional
"chainId": number, // for evm chain, this is the chainId of the deployed chain.
"address": string, // contract address required
"metadata": json, // contract metadata required
"version": number // contract version number required
"checkPoints": [], // reserved field optional
"isProxy": boolean, // whether this is an proxy contract which follows [EIP-1967](https://eips.ethereum.org/EIPS/eip-1967) optional
"principalAddress": the principal contract address if this is an proxy contract optinal.
}
The “Address” and “metadata” are two required fields. The address follows the EIP 55 address checksum format.
The “metadata” field follows the contract metadata.The output field in the metadata are required which should including the abi, userdoc and devdoc three fields.
{
....
// Required: Generated information about the contract.
output:
{
// Required: ABI definition of the contract
abi: [ ... ],
// Required: NatSpec user documentation of the contract
userdoc: [ ... ],
// Required: NatSpec developer documentation of the contract
devdoc: [ ... ],
}
}
For proxy contract which follows the EIP-1967, please fill the abi of your origin contract instead of the proxy contract and set the isProxy
field to true
and set the your origin contract address to the principalAddress
field.
-
Sourcify (Ethereum Only)
MIT