About TestMachine

The TestMachine Token Custody API provides exchanges and infrastructure providers with systematic evaluation and monitoring of ERC-20 tokens for custody risks.

Rather than focusing on general-purpose vulnerabilities, the API identifies purposeful code behaviors that directly affect the ability to safely receive, store, and transfer balances. These behaviors may be legitimate in some contexts, but represent critical custody considerations that must be documented and managed.

Purpose and scope

The API scans ERC-20 contracts to build a structured profile of their behaviors and risk factors.

Its focus is custodiability: the expectation that an account can send, receive, and store balances without undue limitations.

By surfacing privileged functions, hidden state changes, or deviations from ERC-20 standards, the system provides the operational intelligence needed for:

onboarding
ongoing monitoring
incident prevention

TestMachine’s Predator™ Engine

Using artificial intelligence and high-fidelity blockchain simulation, Predator™ probes contracts dynamically to detect behaviors that static review or manual audits often miss.

The API exposes this intelligence in a machine-readable format suitable for dashboards, risk scoring, and automated workflows.

Architecture and modes of use

Pull mode (Exchange API)

Ad-hoc scans initiated by the customer, typically for onboarding workflows.

Each scan usually completes in about 70 seconds.
Complex contracts may require longer.

Push mode (Monitoring)

Continuous listening to live network transactions.

When token behaviors change or new risks emerge, results are pushed to the customer in real time. This supports rapid mitigation in fast-moving environments (for example, decentralized exchange onboarding).

Supported environments

The Custody API works exclusively with EVM-based networks, leveraging ERC-20 methods and EVM semantics for its analyses.

Ethereum
Base
Arbitrum
Optimism
BNB Chain
Avalanche
Polygon
Sonic

Need another chain? Additional EVM-compatible chains can be added to TestMachine's coverage. The integration process is straightforward and typically requires minimal setup time.

If you need coverage for a specific chain not listed above, contact TestMachine to discuss integration requirements and timeline.

Limitations

ERC-20 only
- The system is tailored to the ERC-20 standard. Other token formats are out of scope.
EVM-based chains only
- Non-EVM ecosystems are unsupported.
Best-effort scans
- Contracts with missing ABIs, source code, or transaction history may yield incomplete results.
Custody-focused
- This is not a general vulnerability scanner; it focuses on purposeful code behaviors relevant to custody.

Mission alignment

By operationalizing token security through a programmable API, TestMachine bridges the gap between raw contract logic and real-world custody requirements.

This reduces manual review effort, lowers the incidence of post-listing surprises, and strengthens trust in the assets hosted on exchanges.

Ready to integrate?

Start using the TestMachine Token Custody API to enhance your ERC-20 token evaluation workflows.

See API Reference
Start with Authentication

PreviousQuickstart NextBehaviors

Last updated 2 months ago

Good evening

hashtagAbout TestMachine

hashtagPurpose and scope

hashtagTestMachine’s Predator™ Engine

hashtagArchitecture and modes of use

hashtagPull mode (Exchange API)

hashtagPush mode (Monitoring)

hashtagSupported environments

hashtagLimitations

hashtagMission alignment

hashtagReady to integrate?