@aetherbytes/hoodwatch
v0.1.11
Published
Real-data memecoin auditor & rug/bundle/honeypot scanner for Robinhood Chain (chain 4663). Powers the Hoodwatch Rig on Rokha. Ships a prebuilt Rust binary — no toolchain needed.
Maintainers
Readme
Hoodwatch 🏹
Real-data memecoin auditor & rug/bundle/honeypot scanner for Robinhood Chain (chain id 4663).
Hoodwatch is the audit engine behind the Hoodwatch Rig on Rokha. It reads live on-chain data — the Robinhood Chain RPC, the Blockscout API, and DexScreener — and returns a structured risk report for any token on the chain. No mock data. No third-party audit API (GoPlus and Honeypot.is don't support chain 4663, so Hoodwatch runs its own sell-simulation locally).
Written in Rust (alloy + reqwest), shipped as a single ~2.7 MB static binary — no toolchain, no runtime deps. That's the reason it's Rust: the binary drops straight into the Rokha sandbox (or any host) with nothing to install and starts instantly.
Install / run
# The Rokha sandbox path — public npm wrapper ships the prebuilt binary, no toolchain:
npx -y @aetherbytes/hoodwatch audit 0x8e62F281f282686fCa6dCB39288069a93fC23F1c
# Rust devs:
cargo install hoodwatch
hoodwatch audit <0xTOKEN> --json
# Build from source:
git clone https://github.com/aetherBytes/hoodwatch && cd hoodwatch && cargo build --releaseUse it as a library too: hoodwatch = "0.1" then hoodwatch::audit_token(&client, addr, opts, now_ms, ts).await.
The original TypeScript engine is archived under
legacy-ts/— the Rust engine is canonical and has full parity (plus a more correct honeypot delta measurement).
Why it exists
Robinhood Chain went to mainnet on 2026-07-01 and the memecoin meta exploded (~6,700 tokens/day on the Noxa launchpad). Honeypots and rug pulls arrived with it, and no purpose-built scanner existed for the chain. Hoodwatch is the early mover.
Commands
| Command | What it does |
|---|---|
| hoodwatch audit <address> | Full audit of one token (human-readable). Add --json for machine output, --md for a Markdown report, --fast to skip the slower bundle/cluster/copycat passes, --deep to widen the cluster nets (more holder pages, more funder lookups, deeper hops). |
| hoodwatch tweet <address> | Emit the ≤280-char X post for a token (used by the Watcher Rig). |
| hoodwatch scan [--since <block>] | List recent launchpad launches — both eras (legacy Noxa Launched events + current V4 Initialize events). --json for machine output. |
| hoodwatch watch [--since <block>] [--limit N] | Audit each recent launch in a batch (JSON). Add --out <dir> to save a .md + .json report per token. |
| hoodwatch serve [--port N] [--out <dir>] | Launch the live dashboard (default port 4663): run audits from the browser, watch new launches, and browse the saved reports. |
Two launch eras (both supported)
The chain's memecoin plumbing MOVED (~2026-07, verified live 2026-07-13) — third-party contracts drift, so Hoodwatch supports both eras and re-verifies its assumptions against the live chain:
| | Era 1 — Noxa (legacy, DEAD for new launches) | Era 2 — current launchpad |
|---|---|---|
| Launchpad | 0xD9eC…FCcB, verified, emits Launched | 0xF193…7964, unverified, emits NO events |
| Token deploy | factory-created | CREATE2 — the full token bytecode rides the launch calldata (arbitrary per token) |
| Launch distribution | curve/pool seeded by factory | mint → ~77% burn → creator cut (observed 22%) → optional mass airdrop (observed ~140 wallets), all in the creation tx |
| DEX | Uniswap V3 per-pool contracts | Uniswap V4 singleton PoolManager (0x8366…0951); pools are poolId-keyed (native ETH / token, fee 10000, tickSpacing 200, no hooks); pool initialized by the creator via the PositionManager |
| Launch signal | factory Launched event | V4 Initialize on the PoolManager (the launchpad itself is event-silent) |
| Swap decoding | V3 Swap, pool-perspective signs (buy = amount1 < 0) | V4 Swap, swapper-delta signs (buy = token-side amount > 0) |
| LP lock | position NFT verified inside the Noxa locker | NO locker exists. The creator holds the position NFT and the launchpad ships a one-call withdraw (0xa0f7978d) that pulls the LP — the DEFAULT state is pullable. Hoodwatch replays the pool's ModifyLiquidity ledger: net-zero ⇒ LP PULLED (hard-fail), NFT in a burn address ⇒ verified locked, otherwise an honest owner-held / pullable warning. Never a false "LP locked". |
The last successful Noxa launch was ~block 6,880,646; every later launchToken call reverts. Era-1 tokens still audit through the legacy path.
What it checks (all real, all on-chain)
- Contract security — verified source, upgradeable proxy, self-destruct, owner renounced, and a static scan of the verified source/ABI for
mint/blacklist/pause/ fee-setter / max-tx functions. - Sell simulation (the moat) — a self-hosted honeypot test via
eth_callstate overrides + Multicall3: detects the ERC-20 balance slot, synthetically funds a caller, and simulates a transfer toward the live LP pool. A revert ⇒ sell blocked (honeypot);received < sent⇒ fee-on-transfer tax. GoPlus/Honeypot.is can't do this on chain 4663 — Hoodwatch can. - Holder distribution — top-10 concentration with LP pools, lockers, burn addresses, AND protocol reserves (the V4 PoolManager custodies every v4 pool's tokens; the launchpad's router float) excluded; single-whale detection.
- Launch bundle / snipers — anchors the snipe window on the pool's first Swap (anti-snipe trading delays are detected and reported), resolves the real buyers (tx sender — never the router; unattributed buys are reported as coverage, so sniping figures are honest floors), and reports % of supply sniped, % the snipers still hold, same-block bundles, and fresh-wallet ratio. Works on both pool types (V3 per-pool events / V4 singleton
poolIdevents); the era-2 window is ~30 s of blocks (the chain mints ~10 blocks/s). - Launch allocation (era 2) — decodes the creation tx's own Transfer logs: creator cut, burn tranche, pool seed, and the pre-trading mass airdrop (allocations the swap window can never see).
- Wallet clustering (the anti-evasion layer) — builds a funding/transfer graph over {top holders ∪ launch snipers ∪ deployer}: each wallet's first funder (regular + internal txs, so disperse-style funding contracts count), direct token transfers between scoped wallets, and same-block adjacent-index co-buys. Union-find on weighted evidence (transfer 1.0 · shared funder 0.8 · same-block 0.5; union at ≥1.0) merges wallets into entities; CEX/bridge/hub stop-nodes (Blockscout metadata labels + a degree heuristic) are never merged through, dust transfers can't forge links, and coverage is reported honestly (
full/partial/unavailable). Yieldseffective_concentration(raw vs clustered top-10),cluster_dominance,deployer_funded_snipers, andinsider_holdersflags — and an interactive bubblemap in the HTML report. - LP lock / liquidity-state verification — era 1: the Uniswap v3 position NFT must actually sit in the Noxa locker. Era 2: the pool's
ModifyLiquidityledger is replayed — LP PULLED (net-zero liquidity, the launchpad-assisted rug) hard-fails the score, a burned position NFT is a verified lock, and the default creator-held position gets an explicit pullable warning. Lookup failure ⇒ an honest "unverifiable", never a lying Good. - Liquidity — total liquidity, liquidity-vs-FDV ratio, pair age, socials presence (DexScreener).
- Deployer — real dev EOA (the
Launchedevent topic in era 1; the pool-Initializetx sender in era 2 — the explorer's contract creator is the factory either way), wallet age, explorer scam label, and serial-launch history (factory logs in era 1; the deployer's launch-selector txs to the launchpad in era 2, floor-honest when paginated). - Copycats — same-symbol impersonator tokens elsewhere on the chain.
Findings fold into a 0-100 score (deduction model with hard-fail caps: honeypot or unverified/self-destructed caps the score) and a verdict — AVOID / HIGH_RISK / CAUTION / FAIR / LOW_RISK.
Chain facts (era-1 addresses verified live 2026-07-10; era-2 verified live 2026-07-13)
| | |
|---|---|
| Chain id | 4663 |
| Stack | Arbitrum Nitro (Orbit "Dedicated Blockchain"), settles to Ethereum L1 |
| RPC | https://rpc.mainnet.chain.robinhood.com (supports eth_call state overrides; no debug_traceCall) |
| Explorer | https://robinhoodchain.blockscout.com (Blockscout API v2, no auth) |
| Market data | DexScreener, chain slug robinhood |
| Noxa launch factory (era 1, dead ~block 6.88M) | 0xD9eC2db5f3D1b236843925949fe5bd8a3836FCcB |
| Launchpad (era 2, unverified, event-silent) | 0xF193EDe778a92dc37CB450A1eF1565Ed1e8b7964 (from block 7,481,853; selectors: launch 0x68e79a41, buy 0xc1120e3d/0xf3f77a0e, LP withdraw 0xa0f7978d) |
| Uniswap V4 PoolManager (singleton) | 0x8366a39CC670B4001A1121B8F6A443A643e40951 (from block 9,070) |
| Uniswap V4 PositionManager | 0x58daEC3116AAe6d93017BAaeA7749052E8a04FA7 (ModifyLiquidity.salt == position NFT id) |
| Uniswap v3 factory | 0x1f7d7550B1b028f7571E69A784071F0205FD2EfA |
| WETH | 0x0Bd7D308f8E1639FAb988df18A8011f41EAcAD73 |
Override the RPC/explorer via HOODWATCH_RPC_URL / HOODWATCH_BLOCKSCOUT; HOODWATCH_OUT sets the default report directory and HOODWATCH_PORT the dashboard port.
For agents
Every command supports --json and returns the same AuditResult shape the library exports. The report is deterministic and self-describing (score, verdict, flags[] with machine ids + severities, and per-section detail under sections). Use audit --json for a single token, scan --json to enumerate new launches, watch --json to batch-audit them. Each AuditResult also carries a rokhaUrl deep link (https://rokha.ai/?app=hoodwatch&token=<addr>) that opens the same audit in Rokha's APP view — act on the JSON, hand a human the UI.
Known limitations (honest)
- Sell simulation tests a transfer toward the pool, not a full router swap — catches transfer-blocking, blacklist-all, and fee-on-transfer honeypots; a full buy→sell swap sim is a documented v2.
- Same-block bundles are reported as suspected — the EVM has no Jito-style bundle oracle, so same-block + adjacent tx index + common funder is the strongest available signal, never proof.
- Cluster coverage is budget-bounded (funder lookups, transfer-scan windows) and says so: a
partialscope means the numbers are floors, not a clean bill. - No external cross-chain reputation feed — deployer history covers this chain's launchpads only.
- Era-2 LP is pullable by design unless the position NFT is burned — a "not pulled yet" state is not safety, and DexScreener liquidity/volume can trail a pull by hours (Hoodwatch reads the chain, not the aggregator, for the verdict).
- The era-2 launchpad is unverified and every token's bytecode is caller-supplied — the contract scan and sell-sim are the only defenses against per-token custom logic.
- These third-party contracts MOVE. The Noxa era ended silently (its factory reverts every launch while the chain stays busy) — if
scangoes quiet while DexScreener shows fresh pairs, re-verify the addresses insrc/config.rsagainst the live chain before trusting any "no launches" answer.
Not financial advice
Hoodwatch surfaces on-chain risk signals. It cannot prove a token is safe. Always do your own research.
MIT © aetherBytes
