TL;DR: Enhanced security detection using advanced static source code analysis, plus real-time data invalidation for security and DexScreener updates.
Static Code Analysis
Mobula now performs deep static analysis on verified smart contracts, detecting vulnerabilities that traditional scanners miss.
What’s Detected
| Risk | Description |
|---|
| Balance Mutable | Hidden mint/burn functions, balance manipulation |
| Transfer Pausable | Owner can freeze transfers |
| Blacklist/Whitelist | Hidden address restrictions |
| Hidden Fees | Tax functions obfuscated in code |
| Self Destruct | Contract can be destroyed by owner |
How It Works
- Fetches verified source code from blockchain explorers
- Smart truncation prioritizes main contracts over library code
- Advanced pattern matching analyzes for security risks
- Results stored in
security field with detailed breakdowns in security_sources.static_analysis
Response Structure
{
"security": {
"balanceMutable": true,
"transferPausable": false,
"isBlacklisted": true
},
"security_sources": {
"static_analysis": {
"detectedIssues": [
{
"field": "balanceMutable",
"severity": "high",
"reason": "Owner can modify balances via _mint function",
"functionName": "_mint",
"codeSnippet": "function _mint(address to, uint256 amount)..."
}
],
"analyzedAt": "2026-01-09T10:30:00Z"
},
"goplus": { ... }
}
}
Real-Time Cache Invalidation
Token data updates now trigger real-time cache flushes across all API instances via Redis pub/sub.
Affected Data Types
| Field | Source | Trigger |
|---|
security | Static Analysis | Security scan completes |
security | GoPlus | External security data updated |
dexscreener | DexScreener | Ad/boost status changes |
i18n | Token Handler | Localization updated |
Benefits
- API responses reflect latest data within seconds
- No stale security flags after re-analysis
- DexScreener paid status updates immediately
Static analysis is performed once per token (persisted in database) for efficiency. Re-analysis only occurs if source code changes.
