On-chain risk registry
The TxGuardian SDK reads confirmed entries from this on-chain feed at scan time and folds them into the deterministic rule engine. Anyone can submit a flag; an admin keypair confirms or revokes. The update_admin instruction supports rotation to a multisig.
Program ID
Confirmed entries
2
Total submissions
4
Entries
| Target program | Severity | Status | Reason (untrusted) | Submitted |
|---|---|---|---|---|
| J2xccRtu…Q9BsJVaf | high | Confirmed | Pattern matches known wallet drainer (demo entry) | 2026-05-09 |
| 8SFqwqnq…SBx3WKwe | medium | Confirmed | Unverified contract used by suspicious aggregator (demo) | 2026-05-09 |
| FMUEmtxh…RWSrqTpV | high | Pending | Reported by community; pending admin review | 2026-05-09 |
| 6TcyBfPd…Ur9VA5YD | low | Revoked | Initially flagged, cleared after review | 2026-05-09 |
How to flag a program
The submit instruction is permissionless — anyone can flag a program for review by paying rent for the attestation account (~0.002 SOL on devnet). The admin keypair confirms or revokes; only confirmed entries flow into TxGuardian's verdicts (scanner, extension, and SDK).
// Server-side, with @coral-xyz/anchor and the program IDL
import { Program, AnchorProvider } from "@coral-xyz/anchor";
import { deriveRegistryPda, deriveAttestationPda, TXGUARDIAN_REGISTRY_PROGRAM_ID } from "@txguardian/sdk";
const [registry] = deriveRegistryPda();
const [attestation] = deriveAttestationPda(targetProgramPubkey);
const reason = Buffer.alloc(64);
reason.write("Drainer reported on 2026-04-15", "utf8");
await program.methods
.submit(targetProgramPubkey, 3, Array.from(reason))
.accounts({ registry, attestation, submitter, systemProgram })
.rpc();See /docs for the full instruction reference, or the program on Solana Explorer.
Reason text is untrusted. Anyone can submit any string up to 64 bytes. The scanner never quotes reason text into LLM prompts, and treats it as display-only here. Do not act on a reason field as if it's authoritative — verify the target program independently.