@pioneer-platform/pioneer-discovery-service 0.2.0 → 0.2.2

package/src/workers/dapp-investigator.worker.ts

@@ -0,0 +1,379 @@
+/**
+ * DApp Investigator Worker
+ * 
+ * Deep investigation of dApps including:
+ * 1. Contract verification and audits
+ * 2. Social media presence validation
+ * 3. Community sentiment analysis
+ * 4. TVL and usage metrics
+ * 5. Security incident history
+ * 6. Team transparency check
+ * 
+ * This runs as part of the discovery service to provide comprehensive dApp analysis
+ */
+
+import axios from 'axios';
+import type { DappDiscoveryRecord, DappAnalysis } from '../types';
+
+const log = require('@pioneer-platform/loggerdog')();
+const TAG = ' | dapp-investigator | ';
+
+interface DAppInvestigationResult {
+    dappId: string;
+    dappName: string;
+    investigationComplete: boolean;
+    findings: {
+        contractVerification?: {
+            verified: boolean;
+            auditor?: string;
+            auditDate?: string;
+            auditUrl?: string;
+        };
+        socialPresence?: {
+            twitter?: {
+                handle?: string;
+                followers?: number;
+                verified?: boolean;
+                lastPost?: string;
+            };
+            discord?: {
+                serverSize?: number;
+                active?: boolean;
+            };
+            github?: {
+                repos?: number;
+                stars?: number;
+                lastCommit?: string;
+                contributors?: number;
+            };
+        };
+        metrics?: {
+            tvl?: number;
+            dailyActiveUsers?: number;
+            transactionVolume?: number;
+            source?: string;
+        };
+        security?: {
+            incidents?: Array<{
+                date: string;
+                type: string;
+                severity: string;
+                description: string;
+            }>;
+            bugBounty?: boolean;
+            bugBountyUrl?: string;
+        };
+        team?: {
+            public?: boolean;
+            kyc?: boolean;
+            experience?: string;
+        };
+    };
+    riskScore: number; // 0-100, higher = more risky
+    recommendWhitelist: boolean;
+    investigatedAt: number;
+}
+
+// Free data sources for dApp investigation
+const DAPP_DATA_SOURCES = {
+    defillama: 'https://api.llama.fi',
+    coingecko: 'https://api.coingecko.com/api/v3',
+    github: 'https://api.github.com',
+    etherscan: 'https://api.etherscan.io/api',
+    bscscan: 'https://api.bscscan.com/api',
+    polygonscan: 'https://api.polygonscan.com/api',
+};
+
+export class DAppInvestigatorWorker {
+    /**
+     * Main investigation run
+     */
+    async run(dapps: DappDiscoveryRecord[]): Promise<DAppInvestigationResult[]> {
+        const tag = TAG + 'run | ';
+        log.info(tag, `🔍 Starting deep investigation of ${dapps.length} dApps...`);
+
+        const results: DAppInvestigationResult[] = [];
+
+        for (const dapp of dapps) {
+            try {
+                log.debug(tag, `Investigating: ${dapp.name}`);
+                const result = await this.investigateDApp(dapp);
+                results.push(result);
+
+                // Log findings
+                if (result.riskScore > 70) {
+                    log.warn(tag, `⚠️ HIGH RISK: ${dapp.name} (score: ${result.riskScore})`);
+                } else if (result.recommendWhitelist) {
+                    log.info(tag, `✅ WHITELIST RECOMMENDED: ${dapp.name}`);
+                }
+
+                // Rate limiting delay
+                await new Promise(resolve => setTimeout(resolve, 1000));
+            } catch (error) {
+                log.error(tag, `Failed to investigate ${dapp.name}:`, error);
+            }
+        }
+
+        log.info(tag, `✅ Investigation complete: ${results.length} dApps analyzed`);
+        return results;
+    }
+
+    /**
+     * Investigate a single dApp comprehensively
+     */
+    private async investigateDApp(dapp: DappDiscoveryRecord): Promise<DAppInvestigationResult> {
+        const tag = TAG + 'investigateDApp | ';
+
+        const result: DAppInvestigationResult = {
+            dappId: dapp.id,
+            dappName: dapp.name,
+            investigationComplete: false,
+            findings: {},
+            riskScore: 50, // Start neutral
+            recommendWhitelist: false,
+            investigatedAt: Date.now(),
+        };
+
+        try {
+            // Phase 1: Check contract verification
+            result.findings.contractVerification = await this.checkContractVerification(dapp);
+
+            // Phase 2: Analyze social presence
+            result.findings.socialPresence = await this.analyzeSocialPresence(dapp);
+
+            // Phase 3: Fetch metrics (TVL, users, volume)
+            result.findings.metrics = await this.fetchDAppMetrics(dapp);
+
+            // Phase 4: Check security history
+            result.findings.security = await this.checkSecurityHistory(dapp);
+
+            // Phase 5: Team transparency check
+            result.findings.team = await this.checkTeamTransparency(dapp);
+
+            // Calculate final risk score
+            result.riskScore = this.calculateRiskScore(result.findings);
+
+            // Whitelist recommendation
+            result.recommendWhitelist = this.shouldWhitelist(result);
+
+            result.investigationComplete = true;
+        } catch (error) {
+            log.error(tag, `Error during investigation of ${dapp.name}:`, error);
+        }
+
+        return result;
+    }
+
+    /**
+     * Check if contracts are verified on block explorers
+     */
+    private async checkContractVerification(dapp: DappDiscoveryRecord): Promise<any> {
+        const tag = TAG + 'checkContractVerification | ';
+
+        // TODO: Extract contract addresses from dapp data
+        // TODO: Query Etherscan/BSCScan/Polygonscan APIs
+
+        log.debug(tag, `Checking contract verification for ${dapp.name}`);
+
+        // Placeholder implementation
+        return {
+            verified: false,
+            // auditor: 'CertiK',
+            // auditDate: '2024-01-01',
+            // auditUrl: 'https://certik.com/audit/...'
+        };
+    }
+
+    /**
+     * Analyze social media presence
+     */
+    private async analyzeSocialPresence(dapp: DappDiscoveryRecord): Promise<any> {
+        const tag = TAG + 'analyzeSocialPresence | ';
+
+        const presence: any = {};
+
+        try {
+            // Check if URL contains social links
+            // TODO: Crawl dapp website for social links
+            // TODO: Verify Twitter/Discord/GitHub presence
+
+            // GitHub check (if we can find a repo)
+            if (dapp.url && dapp.url.includes('github.com')) {
+                try {
+                    const repoPath = new URL(dapp.url).pathname;
+                    const response = await axios.get(`${DAPP_DATA_SOURCES.github}/repos${repoPath}`, {
+                        timeout: 5000,
+                        headers: {
+                            'User-Agent': 'Pioneer-Discovery-Service',
+                        },
+                    });
+
+                    presence.github = {
+                        repos: 1,
+                        stars: response.data.stargazers_count,
+                        lastCommit: response.data.pushed_at,
+                        contributors: null, // Would need separate API call
+                    };
+                } catch (error) {
+                    log.debug(tag, `GitHub check failed for ${dapp.name}`);
+                }
+            }
+
+            log.debug(tag, `Social presence analysis for ${dapp.name}:`, presence);
+        } catch (error) {
+            log.debug(tag, `Error analyzing social presence for ${dapp.name}:`, error);
+        }
+
+        return presence;
+    }
+
+    /**
+     * Fetch dApp metrics from DeFiLlama and other sources
+     */
+    private async fetchDAppMetrics(dapp: DappDiscoveryRecord): Promise<any> {
+        const tag = TAG + 'fetchDAppMetrics | ';
+
+        try {
+            // Try DeFiLlama first
+            const response = await axios.get(`${DAPP_DATA_SOURCES.defillama}/protocols`, {
+                timeout: 5000,
+            });
+
+            // Find matching protocol
+            const protocols = response.data;
+            const match = protocols.find((p: any) =>
+                p.name.toLowerCase() === dapp.name.toLowerCase() ||
+                p.url?.toLowerCase().includes(dapp.url.toLowerCase())
+            );
+
+            if (match) {
+                log.info(tag, `Found DeFiLlama data for ${dapp.name}`);
+                return {
+                    tvl: match.tvl,
+                    dailyActiveUsers: null, // Not available from DeFiLlama
+                    transactionVolume: null,
+                    source: 'DeFiLlama',
+                };
+            }
+
+            log.debug(tag, `No DeFiLlama data found for ${dapp.name}`);
+        } catch (error) {
+            log.debug(tag, `Error fetching metrics for ${dapp.name}:`, error);
+        }
+
+        return {};
+    }
+
+    /**
+     * Check security incident history
+     */
+    private async checkSecurityHistory(dapp: DappDiscoveryRecord): Promise<any> {
+        const tag = TAG + 'checkSecurityHistory | ';
+
+        // TODO: Query security databases:
+        // - Rekt News API
+        // - Immunefi (bug bounties)
+        // - CertiK Security Oracle
+        // - SlowMist
+
+        log.debug(tag, `Checking security history for ${dapp.name}`);
+
+        return {
+            incidents: [],
+            bugBounty: false,
+        };
+    }
+
+    /**
+     * Check team transparency
+     */
+    private async checkTeamTransparency(dapp: DappDiscoveryRecord): Promise<any> {
+        const tag = TAG + 'checkTeamTransparency | ';
+
+        // TODO: Check:
+        // - Team page on website
+        // - LinkedIn profiles
+        // - Previous projects
+        // - KYC badges (CertiK, etc.)
+
+        log.debug(tag, `Checking team transparency for ${dapp.name}`);
+
+        return {
+            public: false,
+            kyc: false,
+        };
+    }
+
+    /**
+     * Calculate overall risk score (0-100)
+     */
+    private calculateRiskScore(findings: DAppInvestigationResult['findings']): number {
+        let score = 50; // Start neutral
+
+        // Contract verification: -20 points if verified
+        if (findings.contractVerification?.verified) {
+            score -= 20;
+        } else {
+            score += 10; // +10 if not verified
+        }
+
+        // Social presence: -10 points if strong
+        const social = findings.socialPresence;
+        if (social?.twitter?.verified || (social?.github?.stars && social.github.stars > 100)) {
+            score -= 10;
+        } else if (!social || Object.keys(social).length === 0) {
+            score += 15; // +15 if no social presence
+        }
+
+        // TVL: -15 points if high TVL
+        if (findings.metrics?.tvl && findings.metrics.tvl > 1000000) {
+            score -= 15;
+        }
+
+        // Security incidents: +25 per incident
+        const incidents = findings.security?.incidents?.length || 0;
+        score += incidents * 25;
+
+        // Bug bounty: -5 points
+        if (findings.security?.bugBounty) {
+            score -= 5;
+        }
+
+        // Team transparency: -10 points if public
+        if (findings.team?.public) {
+            score -= 10;
+        }
+
+        // KYC: -10 points
+        if (findings.team?.kyc) {
+            score -= 10;
+        }
+
+        // Clamp to 0-100
+        return Math.max(0, Math.min(100, score));
+    }
+
+    /**
+     * Determine if dApp should be whitelisted
+     */
+    private shouldWhitelist(result: DAppInvestigationResult): boolean {
+        // Whitelist criteria:
+        // - Risk score < 30
+        // - Contract verified OR high TVL
+        // - Some social presence
+        // - No major security incidents
+
+        if (result.riskScore >= 30) return false;
+
+        const verified = result.findings.contractVerification?.verified || false;
+        const highTVL = (result.findings.metrics?.tvl || 0) > 1000000;
+        const hasSocial = !!(result.findings.socialPresence && Object.keys(result.findings.socialPresence).length > 0);
+        const noIncidents = (result.findings.security?.incidents?.length || 0) === 0;
+
+        return (verified || highTVL) && hasSocial && noIncidents;
+    }
+}
+
+// Export singleton instance
+export const dappInvestigatorWorker = new DAppInvestigatorWorker();
+