Advanced security scanning

Enable advanced security scanning in the Portal Admin Dashboard to protect your users from malicious transactions and domain connections using Blockaid's robust security features.

Overview

Advanced security scanning enhances the security of your users' crypto transactions and their dApp connections by integrating Blockaid’s powerful threat detection directly into your Portal environment. This feature can be easily enabled or disabled through the Portal Admin Dashboard, under the Settings page in the "Security" section.

This feature is rate limited by default. If you require a higher rate limit, please contact Portal's support team for assistance.

Steps to get started:

Step 1: Access the Settings Page

To begin, log into your Portal Admin Dashboard. Navigate to the Settings page and locate the "Security" section.

Step 2: Enable Advanced Transaction Validation

Within the "Security" section, you will find an option to enable Advanced Security Scanning. By enabling this feature, Portal will automatically generate a Blockaid API Key specific to your current Portal environment ("Development" or "Production").

Transaction Validation

Once enabled, all eth_sendTransaction requests made by your users on supported chains will be validated through Blockaid. They currently support the following chains:

  • Ethereum (ChainId: 1)

  • Optimism (ChainId: 10)

  • BSC (ChainId: 56)

  • Polygon (ChainId: 137)

  • Blast (ChainId: 238)

  • Base (ChainId: 8453)

  • Arbitrum (ChainId: 42161)

  • Avalanche (ChainId: 43114)

  • Linea (ChainId: 59144)

  • Zora (ChainId: 7777777)

If a transaction is detected as malicious, it will be blocked and an error message will be returned: "Firewall: Transaction is malicious".

dApp Connection Validation

In addition to transaction validation, any attempt by your users to connect to a dApp via PortalConnect (WalletConnect) will trigger a URL validation through Blockaid when Advanced Security Scanning is enabled. Should the domain be identified as malicious, the connection attempt will be blocked with the error message: "Blocking connection attempt from malicious domain: [domain]."

Last updated