# Augur — Full Documentation

> EVM smart contract risk scoring API. Analyzes bytecode for 8 risk patterns and returns a 0-100 score. Pay $0.10/call via x402 in USDC on Base. No API key needed.

## Overview

Augur is an agent-to-agent API that scores smart contract risk on Base (EIP-155:8453). It uses deterministic bytecode pattern matching (no LLM) for fast, reliable results. Payment is via the x402 HTTP payment protocol — no API key, no signup, no subscription.

## Endpoint

```
GET https://augurrisk.com/analyze?address={contract_address}
POST https://augurrisk.com/analyze  (body: {"address": "{contract_address}"})
```

**Payment:** $0.10 USDC on Base via x402. Send a request, receive 402 with payment details, sign USDC authorization, retry with `PAYMENT-SIGNATURE` header.

## Request Parameters

| Parameter | Type   | Required | Description |
|-----------|--------|----------|-------------|
| address   | string | Yes      | EVM contract address, 0x-prefixed, 40 hex chars |

## Example: Safe Contract

```json
{
  "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
  "score": 0,
  "level": "safe",
  "bytecode_size": 2846,
  "findings": [],
  "category_scores": {}
}
```

## Example: High-Risk Proxy Contract

```json
{
  "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
  "score": 60,
  "level": "high",
  "bytecode_size": 1485,
  "findings": [
    {
      "detector": "proxy",
      "severity": "medium",
      "title": "EIP-1967 Proxy Detected",
      "description": "Contract uses the EIP-1967 transparent proxy pattern.",
      "points": 20
    },
    {
      "detector": "delegatecall",
      "severity": "medium",
      "title": "Delegatecall Usage",
      "description": "Contract uses DELEGATECALL to execute code from another contract.",
      "points": 15
    }
  ],
  "category_scores": {
    "proxy": 20,
    "delegatecall": 15,
    "impl_delegatecall": 15,
    "impl_hidden_mint": 10
  },
  "implementation": {
    "address": "0x2cE6409Bc2Ff3E36834E44e15bbE83e4aD02d779",
    "bytecode_size": 24576,
    "findings": [
      {
        "detector": "impl_delegatecall",
        "severity": "medium",
        "title": "Implementation Uses Delegatecall",
        "points": 15
      },
      {
        "detector": "impl_hidden_mint",
        "severity": "medium",
        "title": "Implementation Has Hidden Mint",
        "points": 10
      }
    ],
    "category_scores": {
      "impl_delegatecall": 15,
      "impl_hidden_mint": 10
    }
  }
}
```

## Response Schema

| Field            | Type    | Description |
|------------------|---------|-------------|
| address          | string  | The analyzed contract address |
| score            | integer | Composite risk score, 0-100 |
| level            | string  | Risk level: safe, low, medium, high, critical |
| bytecode_size    | integer | Contract bytecode size in bytes |
| findings         | array   | List of risk findings from detectors |
| category_scores  | object  | Risk points by detector category |
| implementation   | object  | Proxy implementation analysis (only for proxy contracts) |

### Finding Object

| Field       | Type    | Description |
|-------------|---------|-------------|
| detector    | string  | Detector name (e.g. proxy, reentrancy, selfdestruct) |
| severity    | string  | info, low, medium, high, or critical |
| title       | string  | Human-readable finding title |
| description | string  | Detailed explanation |
| points      | integer | Risk points contributed to composite score |

## Risk Levels

| Level    | Score Range | Meaning |
|----------|-------------|---------|
| safe     | 0-15        | No significant risks detected |
| low      | 16-35       | Minor concerns, generally safe |
| medium   | 36-55       | Notable risks, review before interacting |
| high     | 56-75       | Significant risks detected |
| critical | 76-100      | Severe risks, avoid interaction |

## Detectors

1. **Proxy Detection** — EIP-1967, EIP-1822, and OpenZeppelin proxy slots. Proxy contracts auto-resolve implementation (max 1 hop).
2. **Reentrancy** — CALL before state update patterns that enable reentrancy attacks.
3. **Selfdestruct** — Contract contains SELFDESTRUCT opcode, allowing destruction.
4. **Honeypot** — Transfer restriction patterns that prevent token selling.
5. **Hidden Mint** — Unauthorized token creation functions not visible in the ABI.
6. **Fee Manipulation** — Dynamic fee extraction patterns that can drain value.
7. **Delegatecall** — External code execution that can change contract state.
8. **Deployer Reputation** — Basescan deployer wallet history analysis.

## Error Responses

**422 — Invalid request:**
```json
{"error": "Missing 'address' query parameter"}
{"error": "Invalid Ethereum address: 0x1234"}
```

**402 — Payment required:** Returned with x402 payment instructions. Use an x402-compatible client to handle payment automatically.

**502 — RPC error:** Upstream Base RPC node error. Retry after a moment.

## Integration

Use any x402-compatible HTTP client. The flow is:

1. `GET /analyze?address=<addr>` → receives 402 with payment details
2. Client signs USDC `transferWithAuthorization` on Base
3. Client retries with `PAYMENT-SIGNATURE: <proof>` header
4. Receives 200 with risk analysis JSON

## Links

- [OpenAPI Spec](https://augurrisk.com/openapi.json)
- [A2A Agent Card](https://augurrisk.com/.well-known/agent-card.json)
- [AI Plugin Manifest](https://augurrisk.com/.well-known/ai-plugin.json)
- [x402 Discovery](https://augurrisk.com/.well-known/x402)
- [API Catalog (RFC 9727)](https://augurrisk.com/.well-known/api-catalog)
- [Agent Metadata](https://augurrisk.com/agent-metadata.json)
- [ERC-8004 Registry](https://8004scan.io/agents/base/19074)
- [Summary](https://augurrisk.com/llms.txt)