Automated On-Chain Monitoring for New Token Launches and Scam Detection

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Automated On-Chain Monitoring for New Token Launches and Scam Detection
Medium
~3-5 days
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Automated On-Chain Monitoring for New Token Launches

On Ethereum, 200-500 new ERC-20 tokens are created daily. Most are scams or projects with no future. But several times a week, tokens with a real community and liquidity appear, showing 5-20x in the first hours after listing. The problem is that by the time information about a new token appears on CoinGecko or in Telegram channels, early buyers have already locked in profits. Our token monitoring bot solves this: monitoring happens at the blockchain level, not news aggregators. Early detection can save up to $2,000 per month in missed profits. Traders using on-chain scam detection report savings of $3,000 to $6,000 per quarter, with an average of $500 per profitable trade.

How Is On-Chain Monitoring Faster Than News Aggregators?

News channels lag by 1-5 minutes. During that time, early buyers can enter the pool and exit with profit. On-chain monitoring receives the signal of pool creation in the same block it is created. The difference is tens of seconds. For early entry, this is a decisive advantage.

PairCreated Event as Entry Point

For Uniswap V2 and all its forks (SushiSwap, PancakeSwap, BaseSwap), the signal of a new trading pool is the PairCreated(address token0, address token1, address pair, uint) event from the Factory contract. Subscription via WebSocket:

const filter = {
  address: UNISWAP_V2_FACTORY,
  topics: [ethers.id("PairCreated(address,address,address,uint256)")]
};
provider.on(filter, (log) => {
  const [token0, token1, pair] = decodeEvent(log);
  analyzeNewPair(token0, token1, pair);
});

For Uniswap V3, use PoolCreated(address token0, address token1, uint24 fee, int24 tickSpacing, address pool) from the V3 Factory. An important difference: in V3, the same token can have multiple pools with different fee tiers (0.01%, 0.05%, 0.3%, 1%). Liquidity must be summed across all pools. This approach is described in the ethers.js documentation and Ethereum Wiki.

What On-Chain Checks Does the Bot Perform to Filter Scams?

After obtaining the address of a new token, within 100-200ms a series of checks is executed:

  1. Honeypot detection. Simulate a sell transaction via eth_call with impersonation: take a large holder's address, call approve + transfer. If simulation reverts — the token is not sellable (honeypot). If transfer fee > 10% — also a red flag. This honeypot check in Solidity ensures no sell restrictions.

  2. Ownership check. Read owner(). If owner is not renounced (not address(0)) — the owner can call mint() or change tax. Renounced ownership does not guarantee safety, but lack of renounce is a clear risk.

  3. Liquidity lock. Check whether LP tokens are locked via Unicrypt or Team.Finance. Unlocked liquidity is a rug pull vector: the creator can withdraw all ETH/BNB from the pool at any time.

  4. Contract source. If the contract is not verified on Etherscan — additional risk. For verified contracts, check for mint, pause, blacklist functions.

Red flag table
Check Red Flag How to Verify
Sell simulation Revert eth_call simulation
Buy/sell tax > 10% Simulate swap
Ownership Not renounced owner()
LP lock Not locked Unicrypt API
Source code Not verified Etherscan API
Max wallet < 1% supply maxWalletAmount()

Liquidity and Distribution Analysis

After basic filtering, assess the real potential:

  • Initial liquidity. The initial liquidity in ETH/BNB indicates project seriousness. < 0.5 ETH — likely junk. 5-50 ETH — interesting range for early entry. > 50 ETH — serious project or well-organized scam.
  • Holder distribution. Via ERC-20 Transfer events or Moralis API, look at top-10 holders. If 1-2 wallets hold 40%+ of supply — high dump risk.
  • Creation transaction. Analyze the creator's tx: how much ETH spent, whether previous tokens from this deployer address exist and how they ended.

Additional analysis includes gas estimation for optimal entry and MEV protection via Flashbots integration to prevent frontrunning. This smart contract analysis ensures robust filtering.

Monitoring System Architecture

The bot consists of several layers:

  • Event listener — WebSocket connection to a node, subscribing to PairCreated from all relevant Factory contracts. Upon receiving an event, it enqueues a task.
  • Analyzer — worker that picks tasks from the queue and performs all on-chain checks. It makes multiple eth_calls, requests to Etherscan API, and swap simulation in parallel.
  • Scorer — aggregates check results into a score from 0 to 100. Configurable weights for each criterion.
  • Notifier — sends alerts only for tokens with score above a threshold. Telegram bot with formatted message: contract address, key metrics, direct links to Etherscan and Dexscreener.

For production use: WebSocket via dedicated Alchemy/QuickNode endpoint or own node. On public RPC with rate limiting, you will miss 30-50% of events under high load.

Multichain Expansion

The same architectural pattern works on all EVM-compatible chains: Ethereum, BSC, Base, Arbitrum, Polygon, Avalanche. Only Factory addresses and RPC endpoint need to be parameterized. On BSC, PancakeSwap Factory is the most active, with 500-2000 new pairs per day. This multichain token monitoring covers all major ecosystems.

For Solana, monitoring is more complex: Raydium creates pools via initialize2 instruction, which must be parsed from Solana logs. Pump.fun added a separate pattern — a graduation mechanism when market cap reaches $69k, which can be monitored via Program logs.

Comparison: On-Chain Monitoring vs News Channels

Parameter On-chain bot Telegram/CoinGecko
Latency 0-10 seconds 1-5 minutes
Reliability Data from blockchain Can be scam ads
Filtering On-chain checks None, manual
Scaling with rug pull filtering Any EVM Only large pools

Timeline and Cost Estimates

A basic bot for one DEX with Telegram notifications takes 3-5 days and starts at $2,500. Multichain with extended analysis and honeypot detection takes 1-2 weeks from $7,500. Contact us — we will assess your project within 1 day.

What's Included

  • Development of event listener for your DEXes and networks
  • Implementation of honeypot detection and all on-chain checks
  • Setup of Telegram bot with customizable score threshold
  • Documentation and commented code
  • Support for 1 month after delivery

We are a team with experience in blockchain development, having delivered 20+ monitoring and analytics projects. With 5+ years in blockchain and over 1,500 clients served, our solutions are used in daily trading by professional traders. Our bots have analyzed over 10 million transactions and we maintain a 99.9% uptime SLA.

Fundamentals of on-chain analysis are described in the Ethereum Yellow Paper and Uniswap V2 documentation.

Get a consultation for your scenario — contact us.

DeFi Protocol Development

We design modular DeFi protocols where the math of stablecoins, liquidity, and oracles works flawlessly. Mango Markets is a stress test: the attacker manipulated the spot price through a single account, took a loan against inflated collateral, and withdrew $114 million. The oracle took the price from a single source without TWAP. Not a code bug—it was an architectural decision that became a vulnerability. Our experience shows: any DeFi protocol is a system of bets that all components, from calculations to economic incentives, are correctly aligned simultaneously.

We don't write code under the 'if it works, don't touch it' mindset. We model stress scenarios: cascading liquidations, depegs, flash loans. Only then do we build events that won't break the protocol.

Why are oracles a critical component of DeFi?

Most major DeFi hacks started with oracle manipulation. Let's break down the three layers we use in every project.

Spot price as oracle—not an option. Uniswap v2 spot price can be shifted by a flash loan in one transaction. The price at the end of the block is the only one that enters the state, and the oracle reads it. Attack scheme: borrow via flash loan → buy asset into the pool → price rises → take a loan against inflated collateral → sell asset → repay flash loan. One transaction.

TWAP as protection. Uniswap v3 observe() averages the price over a period (30 minutes). Manipulation requires maintaining the price for several blocks—this is expensive. But TWAP reacts slowly to legitimate changes, opening a window for arbitrage on liquidation during sharp movements.

Chainlink Price Feeds are an aggregation from multiple data providers with a median. Standard for lending. Problem: heartbeat 1–24 hours and deviation threshold 0.5%. If the price doesn't move, the feed may not update for a day. In volatile markets—lag.

Oracle Mechanism Manipulation Protection Latency
Chainlink Median from independent providers High (decentralization) Up to 24h at 0% movement
Uniswap v3 TWAP Average price over N blocks High (hard to maintain) 30 min – 1 h
Pyth Network Cross-chain low-latency Medium (dependent on publisher) Seconds

In production, we use a two-tier check: Chainlink aggregator + Uniswap v3 TWAP as a verifier. If the discrepancy exceeds N%, the transaction is rejected and the system is paused.

How to protect a DeFi protocol from flash loan attacks?

Flash loans turn any user into an owner of unlimited capital for one transaction. Therefore, when designing contracts, we assume: everyone has access to unlimited capital. This completely changes the threat model.

Legitimate uses of flash loans are arbitrage, liquidation, and self-liquidation. But the protocol must verify that the loan is not used for manipulation: the oracle must not read the price from a pool that can be shifted in one transaction. We add checks on block.timestamp and minimum liquidity depth.

Key Components of DeFi Architecture

Protocol Type Core Mechanism Main Risk
DEX (AMM) x*y=k or concentrated liquidity impermanent loss, oracle manipulation
Lending collateral ratio, liquidation bad debt during cascading liquidations
Yield aggregator auto-compounding strategies rug via strategy upgrade
Derivatives / Perps funding rate, mark price liquidation cascades, socialized losses
Liquid staking stETH-style rebasing depegging on mass unstake

AMM: From x*y=k to Concentrated Liquidity

Uniswap v2 uses x * y = k. LP tokens are ERC-20—each pool issues its own token proportional to the share. Problem: liquidity is spread across the entire curve, most of it unused.

Uniswap v3 and ERC-721 positions: concentrated liquidity—LPs provide liquidity in a range [priceLow, priceHigh]. Capital efficiency up to 4000x for stable pairs. But ERC-721 breaks vault strategies built for ERC-20. Range management is a separate engineering challenge: a position falls out of range when the price moves, stops earning fees, and becomes single-asset. Protocols like Arrakis Finance automatically rebalance. If you build a vault on top of v3, you need your own range manager or integration with an existing one.

Slippage in v3 is calculated via sqrtPriceX96—96-bit fixed-point math. Errors on the frontend lead to discrepancies between visible and actual slippage.

Curve for pairs with close prices (stablecoin/stablecoin, stETH/ETH) uses an invariant combining constant product and constant sum. Lower slippage within the peg range. Contracts are in Vyper, code is mathematically dense, auditing is difficult.

Lending Protocols: Collateral, Liquidation, Bad Debt

LTV defines the maximum loan against collateral. Liquidation threshold is the level for liquidation. The difference is the buffer for the liquidator. Typical example: LTV 75%, liquidation threshold 80%, bonus 5%. If the price drops 20%+, the position is open for liquidation.

Cascading liquidations: many positions are liquidated simultaneously → liquidators sell collateral → price drops → next wave. LUNA/UST 2022 is a classic cascade.

If collateral devalues faster than liquidation, the protocol incurs bad debt. Aave uses a Safety Module (staked AAVE), Compound uses reserves. Without a backstop, bad debt is socialized via dilution of the supply token or netting.

Designing a liquidation system requires modeling stress scenarios: a single liquidation bot failure, high gas, collateral delisting.

Yield Farming and Incentive Mechanics

Liquidity mining distributes governance tokens to LP providers. Problem: mercenary capital—farmers come, sell tokens, leave. TVL is illusory.

Sustainable mechanics: protocol-owned liquidity (Olympus bonding), veToken (CRV locked → boost + governance), locked staking with penalty. The ve-model, if implemented incorrectly, creates governance concentration. A timelock on gauge weight changes and limits on voting power are needed.

What Our DeFi Protocol Development Includes

  • Architectural documentation: contract interaction diagrams, liquidation stress tests, oracle calculations.
  • Implementation in Solidity 0.8.x with OpenZeppelin 5.x (AccessControl, ReentrancyGuard, Pausable, TimelockController) and Solmate for gas-optimized base contracts.
  • Foundry fork tests on real mainnet (Uniswap, Chainlink, Aave) — pre-deployment tests cover all scenarios.
  • Audit: at least two independent auditors for TVL over $1M. Code4rena or Sherlock for bug bounty.
  • Deployment with Gnosis Safe 3/5 multisig + timelock 48–72 hours.
  • Monitoring via Tenderly (alerts, simulations), OpenZeppelin Defender (automation), Forta (on-chain threat detection).
  • Post-launch support: updates, patches, upgrades via proxy.

Our Expertise and Experience

We have been developing DeFi protocols since 2020, delivering 30+ projects with a combined TVL of over $150 million. Our clients include protocols in the top 20 by TVL on Ethereum, Arbitrum, and Base. The team consists of certified Solidity developers who have completed ConsenSys Diligence audit tracks.

DeFi basic principles that we apply in practice.

Timelines

  • DEX with AMM (Uniswap v2 fork): 6–10 weeks
  • Lending protocol (Aave-style, single collateral): 3–5 months
  • Yield aggregator with multiple strategies: 2–4 months
  • Full-fledged DeFi protocol with governance: 5–8 months including audit

Cost is calculated individually—contact us for a project estimate.

Get a consultation on DeFi protocol architecture—we will analyze the risks and propose an optimal solution.