The TestMachine Token Custody API provides exchanges and
infrastructure providers with systematic evaluation and monitoring
of ERC-20 tokens for custody risks.
Rather than focusing
on general-purpose vulnerabilities, the API identifies purposeful
code behaviors that directly affect the ability to safely receive,
store, and transfer balances. These behaviors may be legitimate in
some contexts but represent critical custody considerations that
must be documented and managed.
The API scans ERC-20 contracts to build a structured profile of their behaviors and risk factors. Its focus is on custodiability: the guarantee that an account can send, receive, and store balances without undue limitations.
By surfacing privileged functions, hidden state changes, or deviations from ERC-20 standards, the system provides the operational intelligence needed for onboarding, ongoing monitoring, and incident prevention.
Using artificial intelligence and high-fidelity blockchain simulation, Predator™ probes contracts dynamically to detect behaviors that static review or manual audits often miss. The API exposes this intelligence in a machine-readable format suitable for dashboards, risk scoring, and automated workflows.
Ad-hoc scans initiated by the customer, typically for onboarding workflows. Each scan usually completes in about 70 seconds, though complex contracts may require longer.
Continuous listening to live network transactions. When token behaviors change or new risks emerge, results are pushed to the customer in real time, enabling rapid mitigation in fast-moving environments such as decentralized exchange onboarding.
The Custody API works exclusively with EVM-based networks, leveraging ERC-20 methods and EVM semantics for its analyses.
Additional EVM-compatible chains can be easily added to TestMachine's coverage. The integration process is straightforward and typically requires minimal setup time.
If you need coverage for a specific chain not listed above, simply contact TestMachine to discuss integration requirements and timeline.
ERC-20 only
The system is tailored to the ERC-20 standard. Other token formats are out of scope.
EVM-based chains only
Non-EVM ecosystems are unsupported.
Best-effort scans
Contracts with missing ABIs, source code, or transaction history may yield incomplete results.
Custody-focused
Not a general vulnerability scanner; focuses on purposeful code behaviors relevant to custody.
By operationalizing token security through a programmable API, TestMachine bridges the gap between raw contract logic and real-world custody requirements. This reduces manual review effort, lowers the incidence of post-listing surprises, and strengthens trust in the assets hosted on exchanges.
Start using the TestMachine Token Custody API to enhance your ERC-20 token evaluation workflows. Check out our comprehensive documentation and code examples.