Base Blue-Chip Bytecode Snapshot

Scope

This snapshot was generated on 2026-03-09 for three notable Base contracts: WETH, USDC, and cbBTC.

• Contracts were analyzed on 2026-03-09 against Base mainnet using the current Augur engine.
• The embedded JSON below is intentionally shaped like the live /analyze response contract.
• This is bytecode triage, not a final trust verdict or a substitute for issuer, governance, or audit review.
• Future detector changes can move these scores; this page is a snapshot, not a permanent benchmark.

Bytecode size: 2041 bytes

Key findings

• Potential honeypot: conditional REVERT in transfer path honeypot - high - +25 points
  Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.

Augur assigns a low score, not a clean zero. That matters because it shows the engine is conservative around transfer-path control flow. For a blue-chip wrapped asset, this should trigger human review rather than automatic rejection.

Exact snapshot JSON

Snapshot captured on 2026-03-09. This block mirrors the live /analyze response shape but is not recomputed on page load.

{
  "address": "0x4200000000000000000000000000000000000006",
  "score": 25,
  "level": "low",
  "findings": [
    {
      "detector": "honeypot",
      "severity": "high",
      "title": "Potential honeypot: conditional REVERT in transfer path",
      "description": "Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.",
      "points": 25,
      "offset": 361
    }
  ],
  "category_scores": {
    "honeypot": 25
  },
  "bytecode_size": 2041,
  "implementation": null
}

Bytecode size: 1852 bytes

Resolved implementation: 0x2ce6311ddae708829bc0784c967b7d77d19fd779

Key findings

• DELEGATECALL in proxy pattern delegatecall - info - +10 points
  Contract uses DELEGATECALL with standard proxy storage slots (EIP-1967/1822). This is expected proxy behavior.
• Proxy contract detected proxy - info - +10 points
  Contract uses standard proxy storage slots (EIP-1967 or EIP-1822). The implementation contract should also be analyzed.
• Raw DELEGATECALL without proxy pattern impl_delegatecall - high - +15 points
  Contract uses DELEGATECALL without recognized proxy storage slots. This could allow arbitrary code execution.
• Potential honeypot: conditional REVERT in transfer path impl_honeypot - high - +25 points
  Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.
• Hidden mint capability detected impl_hidden_mint - critical - +25 points
  Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.

USDC scores as critical because Augur is measuring bytecode powers, not issuer reputation. Upgradeability, delegatecall, and mint-related selectors are real control surfaces. For agent policy, that means USDC should be treated as centrally managed and mutable, not as an immutable ERC-20.

Exact snapshot JSON

Snapshot captured on 2026-03-09. This block mirrors the live /analyze response shape but is not recomputed on page load.

{
  "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
  "score": 90,
  "level": "critical",
  "findings": [
    {
      "detector": "delegatecall",
      "severity": "info",
      "title": "DELEGATECALL in proxy pattern",
      "description": "Contract uses DELEGATECALL with standard proxy storage slots (EIP-1967/1822). This is expected proxy behavior.",
      "points": 10,
      "offset": 1325
    },
    {
      "detector": "proxy",
      "severity": "info",
      "title": "Proxy contract detected",
      "description": "Contract uses standard proxy storage slots (EIP-1967 or EIP-1822). The implementation contract should also be analyzed.",
      "points": 10,
      "offset": null
    },
    {
      "detector": "impl_delegatecall",
      "severity": "high",
      "title": "Raw DELEGATECALL without proxy pattern",
      "description": "Contract uses DELEGATECALL without recognized proxy storage slots. This could allow arbitrary code execution.",
      "points": 15,
      "offset": 18607
    },
    {
      "detector": "impl_honeypot",
      "severity": "high",
      "title": "Potential honeypot: conditional REVERT in transfer path",
      "description": "Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.",
      "points": 25,
      "offset": 872
    },
    {
      "detector": "impl_hidden_mint",
      "severity": "critical",
      "title": "Hidden mint capability detected",
      "description": "Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.",
      "points": 25,
      "offset": null
    }
  ],
  "category_scores": {
    "delegatecall": 10,
    "proxy": 10,
    "impl_delegatecall": 15,
    "impl_honeypot": 25,
    "impl_hidden_mint": 25,
    "impl_suspicious_selector": 5
  },
  "bytecode_size": 1852,
  "implementation": {
    "address": "0x2ce6311ddae708829bc0784c967b7d77d19fd779",
    "bytecode_size": 23464,
    "findings": [
      {
        "detector": "impl_delegatecall",
        "severity": "high",
        "title": "Raw DELEGATECALL without proxy pattern",
        "description": "Contract uses DELEGATECALL without recognized proxy storage slots. This could allow arbitrary code execution.",
        "points": 15,
        "offset": 18607
      },
      {
        "detector": "impl_honeypot",
        "severity": "high",
        "title": "Potential honeypot: conditional REVERT in transfer path",
        "description": "Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.",
        "points": 25,
        "offset": 872
      },
      {
        "detector": "impl_hidden_mint",
        "severity": "critical",
        "title": "Hidden mint capability detected",
        "description": "Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.",
        "points": 25,
        "offset": null
      }
    ],
    "category_scores": {
      "delegatecall": 15,
      "honeypot": 25,
      "hidden_mint": 25,
      "suspicious_selector": 5
    }
  }
}

Bytecode size: 1550 bytes

Resolved implementation: 0x7458bfdc30034eb860b265e6068121d18fa5aa72

Key findings

• DELEGATECALL in proxy pattern delegatecall - info - +10 points
  Contract uses DELEGATECALL with standard proxy storage slots (EIP-1967/1822). This is expected proxy behavior.
• Proxy contract detected proxy - info - +10 points
  Contract uses standard proxy storage slots (EIP-1967 or EIP-1822). The implementation contract should also be analyzed.
• Potential honeypot: conditional REVERT in transfer path impl_honeypot - high - +25 points
  Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.
• Hidden mint capability detected impl_hidden_mint - critical - +25 points
  Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.

cbBTC lands below USDC but still high for the same structural reason: it is an upgradeable, admin-controlled asset rather than an immutable token. The report is useful precisely because it separates that code-level reality from the market assumption that a known issuer automatically means low technical risk.

Exact snapshot JSON

Snapshot captured on 2026-03-09. This block mirrors the live /analyze response shape but is not recomputed on page load.

{
  "address": "0xcbb7c0000ab88b473b1f5afd9ef808440eed33bf",
  "score": 75,
  "level": "high",
  "findings": [
    {
      "detector": "delegatecall",
      "severity": "info",
      "title": "DELEGATECALL in proxy pattern",
      "description": "Contract uses DELEGATECALL with standard proxy storage slots (EIP-1967/1822). This is expected proxy behavior.",
      "points": 10,
      "offset": 1062
    },
    {
      "detector": "proxy",
      "severity": "info",
      "title": "Proxy contract detected",
      "description": "Contract uses standard proxy storage slots (EIP-1967 or EIP-1822). The implementation contract should also be analyzed.",
      "points": 10,
      "offset": null
    },
    {
      "detector": "impl_honeypot",
      "severity": "high",
      "title": "Potential honeypot: conditional REVERT in transfer path",
      "description": "Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.",
      "points": 25,
      "offset": 721
    },
    {
      "detector": "impl_hidden_mint",
      "severity": "critical",
      "title": "Hidden mint capability detected",
      "description": "Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.",
      "points": 25,
      "offset": null
    }
  ],
  "category_scores": {
    "delegatecall": 10,
    "proxy": 10,
    "impl_honeypot": 25,
    "impl_hidden_mint": 25,
    "impl_suspicious_selector": 5
  },
  "bytecode_size": 1550,
  "implementation": {
    "address": "0x7458bfdc30034eb860b265e6068121d18fa5aa72",
    "bytecode_size": 16328,
    "findings": [
      {
        "detector": "impl_honeypot",
        "severity": "high",
        "title": "Potential honeypot: conditional REVERT in transfer path",
        "description": "Contract has transfer functions with conditional REVERT patterns that could selectively block token transfers for certain addresses.",
        "points": 25,
        "offset": 721
      },
      {
        "detector": "impl_hidden_mint",
        "severity": "critical",
        "title": "Hidden mint capability detected",
        "description": "Contract contains mint function selectors (mint(address,uint256)) that could allow unlimited token minting.",
        "points": 25,
        "offset": null
      }
    ],
    "category_scores": {
      "honeypot": 25,
      "hidden_mint": 25,
      "suspicious_selector": 5
    }
  }
}

What this report proves

• Augur is sensitive to upgradeability, mint authority, and transfer-guard patterns, even on legitimate widely used assets.
• That behavior is useful for agent guardrails because centrally controlled or mutable contracts really do carry code-level powers.
• At the same time, the output still needs context. High score does not mean fraud, and low score does not mean audited safety.

Reuse the live API

If you want the same response shape for your own contract list, call the canonical paid endpoint:

curl -s "https://augurrisk.com/analyze?address=0x4200000000000000000000000000000000000006" \
  -H "PAYMENT-SIGNATURE: <x402-payment-proof>" | jq

Payment is per-call in USDC on Base via x402. For the payment flow details, see How Augur payment works.