Security / Audit·EVM · Multi-chain
Phalcon
BlockSec's transaction-debugging, simulation, and real-time monitoring suite. Phalcon Explorer renders call traces with linked source code and step-through debugging; Phalcon Security monitors protocol contracts and can auto-block transactions via on-chain Guardian; Phalcon Compliance covers AML/CTF address screening. Used to investigate exploits, instrument production protocols, and gate sensitive flows.
- 01transaction trace + debugging
- 02protocol monitoring + auto-block
- 03incident response + post-mortem
- 04AML/CFT address screening
- 05fork-based simulation for proposals
| Variable | Scope | Description |
|---|---|---|
| PHALCON_API_KEY | Server | BlockSec Phalcon API key, sent in the `X-API-Key` header for Explorer/Simulation/Compliance APIs. |
| PHALCON_WEBHOOK_SECRET | Server | Shared secret used to verify Phalcon Security webhook deliveries (HMAC over raw body). |
Use Phalcon for transaction debugging and protocol monitoring. Explorer: link to a tx with `https://app.blocksec.com/explorer/tx/{chain}/{txHash}` to render call traces, source-mapped step-through, and asset diffs. Programmatic simulation: `POST https://phalcon.blocksec.com/api/v1/simulation/create` with `X-API-Key: ${PHALCON_API_KEY}` and `{ chainId, blockNumber, from, to, data, value, gasLimit }` returns `{ traces, balanceChanges, logs, status }`. Compliance/address screening: `POST /api/v1/compliance/address` with `{ chainId, address }` returns `{ riskLevel: 'low'|'medium'|'high'|'critical', tags: [...], sanctions, exposure }`. Phalcon Security monitors are configured in the dashboard (import addresses by protocol or CSV; rules combine value-thresholds, function calls, oracle deviation); deliveries POST a JSON event to your webhook signed with `X-Phalcon-Signature` HMAC-SHA256(raw body, `PHALCON_WEBHOOK_SECRET`). For pre-broadcast enforcement, integrate the Phalcon Guardian on-chain hooks and gate critical functions on the verdict.
- ⚑Phalcon's debug step-through requires verified contract source — for unverified contracts you only get raw bytecode traces, which are useful but far harder to diagnose; verify on Etherscan/Sourcify first.
- ⚑Webhook signatures are HMAC over the EXACT raw request body — Next.js App Router handlers must read `await req.text()` before parsing JSON, otherwise the HMAC will not match and you will silently drop alerts.
- ⚑Protocol monitor rules are powerful but produce noise on legitimate flash-loan rebalances, oracle catch-ups, and bridge inflows — run a 1–2 week shadow-mode rollout with `severity` tuning before enabling auto-pause.
- ⚑Compliance dataset skews toward US/EU (OFAC, EU, UK) and major exchange clusters; jurisdictional coverage for APAC/LatAm enforcement lists is partial — pair with Chainalysis or TRM if you need global AML/CFT.
- ⚑Simulation latency varies with block depth and trace length (typically 200ms–2s); never block a signing UI on simulation, run it in parallel with the user-confirmation step and short-circuit if it returns first.
- ⚑Chain support is uneven across products — Explorer covers more EVM chains than Security/Guardian; verify your specific (chain, product) pair in the dashboard before designing your integration.