> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mobula.io/llms.txt
> Use this file to discover all available pages before exploring further.

# ✨ January 9, 2026 - Enhanced Security Analysis

> Advanced static code analysis for smart contract security with real-time cache invalidation

**TL;DR**: Enhanced security detection using advanced static source code analysis, plus real-time data invalidation for security and DexScreener updates.

***

## Static Code Analysis

Mobula now performs deep static analysis on verified smart contracts, detecting vulnerabilities that traditional scanners miss.

### What's Detected

| Risk                | Description                                      |
| ------------------- | ------------------------------------------------ |
| Balance Mutable     | Hidden mint/burn functions, balance manipulation |
| Transfer Pausable   | Owner can freeze transfers                       |
| Blacklist/Whitelist | Hidden address restrictions                      |
| Hidden Fees         | Tax functions obfuscated in code                 |
| Self Destruct       | Contract can be destroyed by owner               |

### How It Works

1. Fetches verified source code from blockchain explorers
2. Smart truncation prioritizes main contracts over library code
3. Advanced pattern matching analyzes for security risks
4. Results stored in `security` field with detailed breakdowns in `security_sources.static_analysis`

### Response Structure

```json theme={null}
{
  "security": {
    "balanceMutable": true,
    "transferPausable": false,
    "isBlacklisted": true
  },
  "security_sources": {
    "static_analysis": {
      "detectedIssues": [
        {
          "field": "balanceMutable",
          "severity": "high",
          "reason": "Owner can modify balances via _mint function",
          "functionName": "_mint",
          "codeSnippet": "function _mint(address to, uint256 amount)..."
        }
      ],
      "analyzedAt": "2026-01-09T10:30:00Z"
    },
    "goplus": { ... }
  }
}
```

***

## Real-Time Cache Invalidation

Token data updates now trigger real-time cache flushes across all API instances via Redis pub/sub.

### Affected Data Types

| Field         | Source          | Trigger                        |
| ------------- | --------------- | ------------------------------ |
| `security`    | Static Analysis | Security scan completes        |
| `security`    | GoPlus          | External security data updated |
| `dexscreener` | DexScreener     | Ad/boost status changes        |
| `i18n`        | Token Handler   | Localization updated           |

### Benefits

* API responses reflect latest data within seconds
* No stale security flags after re-analysis
* DexScreener paid status updates immediately

<Note>
  Static analysis is performed once per token (persisted in database) for efficiency. Re-analysis only occurs if source code changes.
</Note>
