A robust API for detecting dusting attacks and address poisoning on Solana wallets. This API analyzes wallet transactions and SNS (Solana Name Service) data to identify suspicious patterns associated with dusting attacks.
- Transaction pattern analysis
- SNS (Solana Name Service) monitoring
- Emoji detection in domain names
- TPS (Transactions Per Second) monitoring
- Dust transaction detection
- Unique recipient tracking
- Risk level assessment
Analyzes a wallet address for dusting patterns.
Query Parameters:
address: Solana wallet address to analyze
Response:
{
"isDustingWallet": boolean,
"confidence": number,
"metrics": {
"tps": number,
"dustTransactions": number,
"totalTransactionsChecked": number,
"uniqueRecipients": number,
"averageDustAmount": number,
"suspiciousSNS": {
"name": string,
"hasSuspiciousPattern": boolean,
"containsEmojis": boolean
}
},
"suspiciousPatterns": string[],
"riskLevel": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
}Analyzes a specific transaction for dusting patterns.
Query Parameters:
address: Transaction ID to analyze
Response:
{
"isDustingTransaction": boolean,
"confidence": number,
"transaction": {
"signature": string,
"timestamp": number,
"amount": number,
"sender": string,
"receiver": string,
"type": "SEND" | "RECEIVE",
"assetType": "SOL" | "TOKEN"
},
"senderSNS": {
"name": string,
"hasSuspiciousPattern": boolean,
"containsEmojis": boolean
} | null,
"suspiciousPatterns": string[],
"riskLevel": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
}- Checks last 10 transactions
- Calculates TPS (Transactions Per Second)
- Identifies dust transactions (amount < 0.0001 SOL)
- Tracks unique recipients
- Fetches domains associated with the wallet
- Checks for suspicious patterns in domain names
- Detects emojis in domain names
- Monitors for known dusting-related keywords
- Combines multiple factors to determine risk level
- Assigns confidence scores based on detected patterns
- Categorizes risk as LOW, MEDIUM, HIGH, or CRITICAL
The API makes the following RPC calls:
getSignaturesForAddress: Fetches recent transaction signaturesgetTransaction: Retrieves transaction details for each signature- SNS API call to Solana.fm for domain information
Total RPC calls per request: 2 + (number of transactions checked)
const DUSTING_THRESHOLDS = {
MIN_TPS: 5, // Minimum TPS to be considered suspicious
MIN_DUST_TRANSACTIONS: 9, // Minimum number of dust transactions
MIN_DUST_AMOUNT: 0.0001, // Maximum amount to be considered dust (in SOL)
MIN_UNIQUE_RECIPIENTS: 9, // Minimum number of unique recipients
MIN_TRANSACTIONS_CHECKED: 10 // Minimum number of transactions to analyze
};- Gambling/Casino related keywords
- Airdrop/Free token related keywords
- Scam indicators
- Urgency/Time pressure keywords
- Financial incentives
- Suspicious actions
- Common scam domains
- High TPS (> 5 transactions/second)
- Multiple dust transactions (> 9)
- Multiple unique recipients (> 9)
- Small transaction amounts (< 0.0001 SOL)
- CRITICAL: Confidence ≥ 80, High TPS, Multiple dust transactions
- HIGH: Confidence ≥ 60, High TPS or Multiple dust transactions
- MEDIUM: Confidence ≥ 30, High TPS or Multiple dust transactions
- LOW: Default level, no significant suspicious patterns
The API includes comprehensive error handling:
- Optional chaining for all object properties
- Null checks with default values
- Try-catch blocks with error logging
- "BUSY" status for service unavailability
The API implements rate limiting to prevent abuse:
- 100 requests per minute per IP
- Returns 429 status with "BUSY" message when limit exceeded
Required environment variables:
HELIUS_RPC_API_KEY=your_api_key_here
Feel free to submit issues and enhancement requests!