> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Source Code Analysis for a Contract

> Retrieves source code security analysis results for a given contract address. If analysis is not yet available but verified source exists, the source will be queued for processing.



## OpenAPI

````yaml GET /contracts/{contractAddress}/code-analysis
openapi: 3.0.1
info:
  title: Risk Score API
  description: API definition for Webacy Risk Scores
  version: 1.2.0
servers:
  - url: https://api.webacy.com
    description: Webacy Risk Score API (Production)
  - url: https://api-development.webacy.com
    description: Webacy Risk Score API (Development)
  - url: http://0.0.0.0:3030/api/v1/risk-score
    description: Webacy Risk Score API - Local
security:
  - api_key: []
tags:
  - name: Threat Risks
    description: Analyze addresses for security threats and malicious activity
  - name: Sanction Checks
    description: Check addresses against OFAC and other sanction lists
  - name: Approval Risks
    description: Analyze token approvals and associated risks
  - name: Transaction Risks
    description: Assess risk details for blockchain transactions
  - name: Exposure Risk
    description: Understand risk profile and exposure of addresses
  - name: Contract Risk
    description: Real-time smart contract security analysis
  - name: URL Risks
    description: Analyze URLs for phishing and security threats
  - name: API Usage
    description: Monitor and manage API consumption
  - name: Holder Analysis
    description: Token holder distribution and sniper detection
  - name: Address Poisoning
    description: Detect address poisoning attack patterns
  - name: Token Analysis
    description: Comprehensive token security and market analysis
  - name: Pool Analysis
    description: Liquidity pool data and analysis
  - name: Transaction Scanning
    description: Scan and simulate transactions for risks
  - name: trading-lite
    description: Lightweight trading risk assessment
  - name: RWA & Pegged Tokens
    description: >-
      Real-world asset and pegged-token analytics (supply flows, mint/burn
      velocity)
  - name: Vault Risk v3
    description: >-
      Webacy-native v3 vault risk surface — composite grade, categories,
      coverage, and the framework taxonomy (RFC-019).
  - name: RWA Risk v3
    description: >-
      Webacy-native v3 RWA / stablecoin risk surface — composite grade,
      structural-health criteria, and batch (RFC-019).
paths:
  /contracts/{contractAddress}/code-analysis:
    get:
      tags:
        - Contract Risk
      summary: Get source code analysis for a contract
      description: >-
        Retrieves source code security analysis results for a given contract
        address. If analysis is not yet available but verified source exists,
        the source will be queued for processing.
      operationId: getContractCodeAnalysis
      parameters:
        - name: contractAddress
          in: path
          description: Contract address to analyze
          required: true
          schema:
            type: string
          example: '0x1234567890123456789012345678901234567890'
        - in: query
          name: chain
          description: >-
            Selected chain. This includes 'eth', 'base', 'bsc', 'pol', 'opt' and
            'arb'.
          schema:
            $ref: '#/components/schemas/ChainType'
          required: true
        - in: query
          name: refreshCache
          description: Re-analyze contract address and retrieve fresh data
          schema:
            type: boolean
          required: false
      responses:
        '200':
          description: >-
            Success - Returns analysis results, an informational message, or an
            error message for unsupported chains
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/SolidityAnalysisResponse'
                  - $ref: '#/components/schemas/MessageResponse'
                  - $ref: '#/components/schemas/ErrorResponse'
        '400':
          description: Bad Request - Invalid contract address or chain parameter
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                    example: Invalid contract address format
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '404':
          description: Not Found - Contract not found or analysis not available
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Contract analysis not found
        '429':
          description: Too Many Requests - Rate limit exceeded
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Rate limit exceeded. Please try again later.
      security:
        - api_key: []
components:
  schemas:
    ChainType:
      type: string
      enum:
        - eth
        - base
        - bsc
        - pol
        - opt
        - arb
        - hedera
      description: Supported blockchain networks
    SolidityAnalysisResponse:
      type: object
      properties:
        analysis:
          $ref: '#/components/schemas/AnalysisResponse'
      required:
        - analysis
    MessageResponse:
      type: object
      properties:
        message:
          type: string
          description: Informational message
      required:
        - message
    ErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Error message
      required:
        - error
    AnalysisResponse:
      type: object
      properties:
        contract_address:
          type: string
          description: Address of the analyzed contract
          example: '0x1234567890123456789012345678901234567890'
        chain:
          type: string
          description: Blockchain network where the contract is deployed
          example: eth
        analysis_date:
          type: string
          format: date-time
          description: Date when the analysis was performed
          example: '2023-11-15T10:30:00Z'
        status:
          type: string
          description: Status of the analysis
          enum:
            - completed
            - in_progress
            - failed
            - pending
          example: completed
        findings:
          type: array
          description: Security analysis findings with associated risk tags
          items:
            $ref: '#/components/schemas/DetectorResult'
        urls:
          type: array
          description: Associated URLs related to the analysis
          items:
            $ref: '#/components/schemas/AnalysisUrl'
      required:
        - contract_address
        - chain
        - analysis_date
        - status
        - findings
        - urls
    DetectorResult:
      type: object
      properties:
        risk:
          type: string
          description: Risk tag mapped from the security detector
          example: reentrancy
        details:
          type: object
          description: Detailed information about the detector findings
          additionalProperties: true
        function_signatures:
          type: array
          description: Function signatures where issues were detected
          items:
            $ref: '#/components/schemas/FunctionSignature'
        statements:
          type: array
          description: Specific statements that triggered the detector
          items:
            $ref: '#/components/schemas/Statement'
      required:
        - risk
        - details
        - function_signatures
        - statements
    AnalysisUrl:
      type: object
      properties:
        url:
          type: string
          description: URL related to the analysis
          example: https://example.com/analysis-report
      required:
        - url
    FunctionSignature:
      type: object
      properties:
        function_name:
          type: string
          description: Name of the function
          example: withdraw
        function_signature:
          type: string
          description: Complete function signature
          example: function withdraw(uint256 amount) external
      required:
        - function_name
        - function_signature
    Statement:
      type: object
      properties:
        statement_type:
          type: string
          description: Type of the statement
          example: call
        statement_text:
          type: string
          description: Text of the statement
          example: 'msg.sender.call{value: amount}("")'
      required:
        - statement_type
        - statement_text
  responses:
    UnauthorizedError:
      description: Authorization information is missing or invalid
      content:
        application/json:
          example:
            message: Unauthorized
  securitySchemes:
    api_key:
      type: apiKey
      in: header
      name: x-api-key

````