Back to App

IronNode Overview

IronNode is an AI-powered security utility agent designed specifically for the Base network. It provides real-time wallet security analysis, threat detection, and risk assessment to protect your crypto assets.

ℹ️
IronNode operates in read-only mode. It never requests your private keys, seed phrases, or transaction signatures.

What is IronNode?

IronNode combines on-chain blockchain data with machine learning models to analyze wallet addresses on the Base network. Our engine processes over 47 risk signals to produce actionable security insights.

Core Modules

  • Wallet Risk Scanner — Deep analysis of any Base wallet address
  • Transaction Monitor — Real-time activity monitoring
  • Contract Analyzer — Smart contract security inspection
  • Approval Manager — Token approval audit and revocation guidance
  • Phishing Shield — Cross-reference against threat databases
  • AI Risk Engine — Multi-model ensemble risk scoring (0–100)

Why Base Network?

Base is a secure, low-cost, builder-friendly Ethereum L2 built by Coinbase, offering low fees and Ethereum-grade security. As Base's ecosystem grows, so do the security risks. IronNode is purpose-built to address threats specific to the Base network including Base-deployed token exploits, cross-chain bridge risks, and Base-native phishing attacks.

Data Sources

  • Base Mainnet RPC (real-time on-chain data)
  • IronNode Threat Intelligence Database (128,000+ entries)
  • AI/ML Risk Models (47 detection signals)
  • Chainabuse & community reports (updated every 15 min)

Getting Started

IronNode is designed to be instantly usable — no registration, no wallet connection, and no installation required. Just visit the platform and start scanning.

Quick Start: Scan a Wallet

  1. Navigate to the Scanner section of the landing page.
  2. Enter any Base network wallet address (42 characters, starting with 0x).
  3. Select your analysis options (deep scan, phishing check, approval audit).
  4. Click Start Security Scan and wait ~3–5 seconds.
  5. Review your comprehensive security report.

Quick Start: Use the Terminal

The IronNode Terminal provides direct CLI access to all security functions. Open it on the landing page and type commands directly:

Terminal CLI Commands 
# Connect and check network status
network
 
# Scan a wallet for security issues
scan 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
 
# Check ETH balance
balance 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
 
# Get quick risk score
risk 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
 
# Check gas prices
gas
 
# See all commands
help
⚠️
Never enter your private key or seed phrase into any web interface, including IronNode. We only need your public wallet address.

Understanding Risk Scores

Score Range Risk Level Meaning
0 – 24 LOW No significant threats detected. Account appears safe.
25 – 49 MEDIUM Some anomalies found. Proceed with moderate caution.
50 – 74 HIGH Multiple risk signals. High caution recommended.
75 – 100 CRITICAL Known threat or severe on-chain risk pattern. Do not interact.

Wallet Scanner

The IronNode Wallet Scanner performs a comprehensive multi-layer security analysis of any Base network address. Results are generated in 3–5 seconds.

What Gets Analyzed

  • On-chain Identity — EOA vs. smart contract, creation block, deployer
  • Balance & Activity — ETH balance, transaction count, activity recency
  • Token Holdings — WETH, USDC, cbETH, DAI, AERO and more
  • Transaction Patterns — Unusual frequency, amounts, counterparties
  • Threat Database Match — 128,000+ known malicious addresses
  • AI Risk Scoring — 47 combined signals into a single score

Analysis Options

Option Description
Deep Scan Extends transaction history analysis back further.
Phishing Check Cross-references threat intelligence databases for known bad actors.
Approval Audit Scans for dangerous, unspent, or unlimited token approvals.

Security Flags

The scanner produces color-coded security findings:

  • Danger — Immediate threat, do not interact or send assets.
  • Warning — Elevated risk, verify details carefully.
  • Safe — Positive security signal (e.g. established history).
  • Info — Neutral on-chain metric (e.g. transaction counts).
💡
The scanner checks ETH balance, transaction count, contract status, and token holdings via direct RPC calls to the Base Mainnet. No third-party APIs required for basic analysis.

Limitations

  • Transaction history analysis is limited by public RPC node throughput.
  • Token approval scanning covers major ERC-20 tokens only.
  • NFT (ERC-721/1155) analysis requires BaseScan API access.
  • Results are probabilistic, not deterministic — always do your own research.

Terminal CLI Reference

The IronNode Terminal provides direct CLI access to the security engine and Base network. It supports command history (↑↓), Tab autocomplete, and Ctrl+L to clear.

Security Commands

Command Description Example
scan <address> Full AI security scan with detailed report scan 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
risk <address> Quick risk score (0–100) with risk bar risk 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
blacklist <address> Check against IronNode threat database blacklist 0xd8...6045

Wallet Commands

Command Description Example
balance <address> ETH balance on Base Mainnet balance 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
txcount <address> Total transaction count (nonce) txcount 0xd8...6045
tokens <address> Token balances (USDC, WETH, cbETH, DAI, AERO) tokens 0xd8...6045
iscontract <address> Check if address is smart contract or EOA iscontract 0xd8...6045

Network Commands

Command Description Example
network Base network status, latest block, gas info network
block [number] Block details (hash, txns, gas) block 12849200
gas Current gas prices (slow/standard/fast/instant) gas
check <txhash> Transaction details by hash check 0x3d4...a6f

Keyboard Shortcuts

Key Combination Action
/ Navigate command history
Tab Autocomplete command
Ctrl + L Clear terminal output
Enter Execute typed command

AI Risk Engine

The IronNode Risk Engine is an ensemble detection system that combines 47+ on-chain signals to produce a single risk score from 0–100 for any Base network address.

Detection Signals

Our engine analyzes the following categories of signals:

🔴 High-Weight Signals (Critical Risk)

  • Blacklist database match (known exploit contracts, phishing wallets)
  • Tornado Cash or mixer service interactions
  • OFAC sanctioned address match
  • Honeypot contract pattern in bytecode

🟡 Medium-Weight Signals (Anomalies)

  • Account age < 7 days
  • Transaction count < 5 (new wallet)
  • Smart contract without verified source code
  • Unusual token approval patterns
  • High-value transfers to/from unknown wallets
  • Address entropy anomaly (vanity address patterns)

🟢 Positive Signals (Score Reducers)

  • Transaction count > 100 (established account)
  • Known token holdings on Base
  • Interaction with verified DeFi protocols (Uniswap, Aerodrome, Aave)
  • Base Name (BASENAME) or ENS linked address
  • Consistent on-chain activity history

Scoring Formula

Ensemble Formula 
RiskScore = Σ(signal_weight × signal_value)
           + DeterministicNoise(address)
           - Σ(positive_weight × positive_value)
           
Normalized to range [0, 100]
Level: LOW (0-24) | MEDIUM (25-49) | HIGH (50-74) | CRITICAL (75+)
⚠️
The risk score is probabilistic, not absolute. A score of 0 does not guarantee safety. Always perform your own due diligence before executing large transactions.

Model Updates

The risk models are updated continuously. Threat database entries are synced every 15 minutes. New machine learning model weights are deployed weekly after validation against test datasets of known-good and known-bad addresses.

Base Network

IronNode is purpose-built for the Base network — a secure, low-cost, builder-friendly Ethereum L2 built on the OP Stack.

Network Parameters

Parameter Value
Network Name Base Mainnet
Chain ID 8453
Native Currency ETH
RPC URL https://mainnet.base.org
Block Explorer https://basescan.org
L1 (Settlement) Ethereum (Base is L2)
Technology EVM-compatible Optimistic Rollup (OP Stack)
Block Time ~2 seconds

Adding Base to MetaMask

RPC Parameters 
Network Name:      Base
RPC URL:           https://mainnet.base.org
Chain ID:          8453
Currency Symbol:   ETH
Block Explorer:    https://basescan.org

Key Tokens on Base

Token Symbol Contract Address
WETH 0x4200000000000000000000000000000000000006
USDC 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
cbETH 0x2Ae3F1Ec7F1F5012CFEab0185bfc7aa3cf0DEc22
DAI 0x50c5725949A6F0c72E6C4a641F24049A917DB0Cb
AERO 0x940181a94A35A4569E4529A3CDfB74e38FD98631

IronNode RPC Fallbacks

IronNode automatically cycles through multiple Base RPC endpoints for reliability:

  1. https://mainnet.base.org (primary)
  2. https://base.publicnode.com (fallback 1)
  3. https://1rpc.io/base (fallback 2)

Frequently Asked Questions

Is IronNode free to use?

Yes, the core scanning and terminal features are completely free with no sign-up required. You only need a wallet address to scan.

Does IronNode store my data?

IronNode does not store wallet addresses, scan results, or any user data. All analysis is performed client-side or via read-only blockchain queries. No personal data is ever collected.

Do I need to connect my wallet?

No. IronNode only requires a public wallet address. You never need to connect your wallet, approve a transaction, or share your private key. All analysis is 100% read-only.

What does a LOW risk score mean?

A LOW risk score (0–24) means our AI found no significant threat indicators. The address has no blacklist matches, shows normal activity patterns, and has no unusual behavioral anomalies. However, a low score does not guarantee the address is safe — always verify independently for large transactions.

Can IronNode detect rugpulls?

IronNode can detect several rugpull warning signs: concentrated ownership in contract, hidden fee mechanisms in bytecode, renounced liquidity locks, and deployer address history. However, no tool can predict future actions with 100% certainty.

Why does my own wallet have a non-zero risk score?

Risk scores incorporate many signals. New wallets, wallets with low activity, or wallets with unusual balance patterns may score in the MEDIUM range even without being malicious. The risk score is designed to flag anomalies, not determine guilt.

How often is the threat database updated?

The IronNode threat database is updated every 15 minutes with new entries from community reports, on-chain monitoring, and partner threat intelligence feeds.

Can I scan contracts?

Yes. IronNode detects and flags smart contract addresses. When scanning a contract, the report includes a warning to review the verified source code on BaseScan before interacting. Use the iscontract terminal command for a quick check.

What networks does IronNode support?

Currently, IronNode is optimized for the Base Mainnet (Chain ID 8453). Support for other EVM-compatible networks is planned in future versions.

© 2025 IronNode Security. All rights reserved. For informational purposes only.