Advanced security scanning
Enable advanced security scanning in the Portal Admin Dashboard to protect your users from malicious transactions and domain connections using Blockaid's robust security features.
Overview
Advanced security scanning enhances the security of your users' crypto transactions and their dApp connections by integrating Blockaid’s powerful threat detection directly into your Portal environment. This feature can be easily enabled or disabled through the Portal Admin Dashboard, under the Settings page in the "Security" section.
This feature is rate limited by default. If you require a higher rate limit, please contact Portal's support team for assistance.
Steps to get started:
Step 1: Access the Settings Page
To begin, log into your Portal Admin Dashboard. Navigate to the Settings page and locate the "Security" section.
Step 2: Enable Advanced Transaction Validation
Within the "Security" section, you will find an option to enable Advanced Security Scanning. By enabling this feature, Portal will automatically generate a Blockaid API Key specific to your current Portal environment ("Development" or "Production").
Transaction Validation
Once enabled, all eth_sendTransaction
requests made by your users on supported chains will be validated through Blockaid. They currently support the following chains:
Ethereum (ChainId:
1
)Optimism (ChainId:
10
)BSC (ChainId:
56
)Polygon (ChainId:
137
)Blast (ChainId:
238
)Base (ChainId:
8453
)Arbitrum (ChainId:
42161
)Avalanche (ChainId:
43114
)Linea (ChainId:
59144
)Zora (ChainId:
7777777
)
If a transaction is detected as malicious, it will be blocked and an error message will be returned: "Firewall: Transaction is malicious".
dApp Connection Validation
In addition to transaction validation, any attempt by your users to connect to a dApp via PortalConnect (WalletConnect) will trigger a URL validation through Blockaid when Advanced Security Scanning is enabled. Should the domain be identified as malicious, the connection attempt will be blocked with the error message: "Blocking connection attempt from malicious domain: [domain]."
Last updated