{"name":"onyx_contract_audit","tier":"metered","price_usdc":"0.50","endpoint":"https://onyx-actions.onrender.com/v1/onyx_contract_audit","method":"POST","input_schema":{"type":"object","properties":{"address":{"type":"string","description":"Contract address on Base mainnet (0x... 20-byte hex)."},"deep":{"type":"boolean","default":true,"description":"Run the optional AI deep-pass for novel/business-logic bugs (only fires if the server has an AI key configured; degrades gracefully otherwise)."}},"required":["address"]},"description":"Full smart-contract security audit for any Base address — source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (tx.origin auth, delegatecall, selfdestruct, unchecked calls, unprotected init, owner mint/pause/blacklist, mutable fees), AND flags the live on-chain risks a static audit misses — upgradeable proxies (owner can swap logic post-audit) and self-destructed contracts. Optional Claude deep-pass for novel bugs. Returns ALLOW/REVIEW/BLOCK + 0-100 risk score, every finding Ed25519-signed. Cheaper than a manual audit, and unlike one it audits the contract as actually deployed.","when_to_use":"Before an agent (or its user) interacts with, swaps against, approves, or deploys capital into ANY Base contract. Use the verdict as a gate: BLOCK = abort, REVIEW = require human sign-off, ALLOW = proceed. Especially before trusting a third-party 'audited' contract — this catches the upgradeable-proxy and self-destruct realities a source-only audit certificate ignores.","vs_alternatives":"Source-only AI auditors (e.g. AgentLISA) analyze the code in isolation and miss that the DEPLOYED contract is an owner-upgradeable proxy or already self-destructed — the exact gaps that rug users after a clean audit. This fuses verified source + static detectors + an optional AI pass WITH live on-chain reality, returns a single ALLOW/REVIEW/BLOCK verdict, and Ed25519-signs it so the audit is provable, not a hallucinatable claim.","example_request":{"address":"0x4200000000000000000000000000000000000006"},"example_response":{"ok":true,"verdict":"REVIEW","risk_score":40,"is_proxy":true,"ai_deep_pass":true,"severity_breakdown":{"critical":0,"high":1,"medium":1,"low":2},"summary":"REVIEW (risk 40/100): 4 finding(s) — 0 critical, 1 high, 1 medium. AI deep-pass ON. UPGRADEABLE PROXY — audit doesn't bind future logic."},"settle_to":"0x3fD9ee1373562f894D322B37DFFAd7a5D2b2d78f","network":"base","facilitator":"https://facilitator.xpay.sh","payment_required":true,"free_introspection":true,"note":"GET this URL = free introspection card. POST with x402 payment header to call."}