RektWatch

Protocol incident history, audit reports, bug bounties, and risk scores. Pay per call in USDC on Base via x402.

500+ protocols USDC on Base x402 Rekt · DeFiLlama · Immunefi · Audits

Endpoints

Method	Path	Description	Price
GET	/health	DB status and per-source scraper freshness	free
GET	/protocols	All tracked protocols with TVL, incident count, audit count	free
GET	/alerts/recent-24h	All incidents from the last 24 hours	$0.02
GET	/protocol/{name}/incidents	Paginated incident history — amounts, attack types, dates	$0.05
GET	/protocol/{name}/risk-score	0–100 score with per-factor breakdown	$0.10
GET	/protocol/{name}/audits	All audit reports with finding counts by severity	$0.10
GET	/compare?a={a}&b={b}	Side-by-side security comparison of two protocols	$0.10
GET	/protocol/{name}/security-summary	Risk score + incidents + audits + bounty in one call	$0.15

Quick setup

Free endpoints — no wallet needed:

curl https://rektwatch.dev/protocols
curl https://rektwatch.dev/health

Paid calls — TypeScript with x402:

import { createPaymentHeader, selectPaymentRequirements } from "x402/client"
import { privateKeyToAccount } from "viem/accounts"

const signer = privateKeyToAccount("0xYOUR_PRIVATE_KEY")

async function fetch402(url: string) {
  const res = await fetch(url)
  if (res.status !== 402) return res.json()
  const reqs  = await res.json()
  const sel   = selectPaymentRequirements(reqs.accepts, "base", "exact")
  const proof = await createPaymentHeader(signer, reqs.x402Version, sel)
  return (await fetch(url, { headers: { "X-Payment": proof } })).json()
}

const score   = await fetch402("https://rektwatch.dev/protocol/aave-v3/risk-score")
const compare = await fetch402("https://rektwatch.dev/compare?a=aave-v3&b=compound-v3")

Python agent:

from x402.client import X402Client

client = X402Client(private_key="0xYOUR_PRIVATE_KEY")
summary = client.get("https://rektwatch.dev/protocol/uniswap-v3/security-summary")
print(summary["risk_score"], summary["incidents"]["total"])

Protocol slugs come from /protocols. Common ones: aave-v3 uniswap-v3 compound-v3 lido curve-dex gmx maker

Example responses

GET /health

{
  "db": "ok",
  "sources": {
    "rekt": {
      "last_success_at": "2026-05-08T13:00Z",
      "stale": false
    },
    "defillama": {
      "last_success_at": "2026-05-08T14:10Z",
      "stale": false
    },
    "immunefi": {
      "last_success_at": "2026-05-08T11:45Z",
      "stale": false
    }
  },
  "data_freshness_utc": "2026-05-08T14:23Z"
}

GET /protocols

[
  {
    "slug":           "aave-v3",
    "display_name":   "Aave V3",
    "tvl_usd":        "12400000000",
    "chain":          "Ethereum",
    "coverage_tier":  "full",
    "incident_count": 2,
    "audit_count":    7
  },
  {
    "slug":           "uniswap-v3",
    "display_name":   "Uniswap V3",
    "tvl_usd":        "4800000000",
    "chain":          "Ethereum",
    "coverage_tier":  "full",
    "incident_count": 0,
    "audit_count":    4
  }
  // … 500+ more
]

GET /alerts/recent-24h — $0.02

{
  "window_hours": 24,
  "count": 2,
  "incidents": [
    {
      "protocol": "euler-finance",
      "title": "Flash Loan Attack",
      "amount_usd": 197000000,
      "attack_type": "flash-loan",
      "detected_at": "2026-05-08T09:12Z",
      "source_url": "https://rekt.news/euler-finance-rekt"
    }
  ]
}

GET /protocol/{name}/incidents — $0.05

{
  "protocol": "compound-v2",
  "total": 3,
  "incidents": [
    {
      "title": "Oracle Price Manipulation",
      "amount_usd": 89000000,
      "attack_type": "oracle-manipulation",
      "date": "2023-11-28",
      "source_url": "https://rekt.news/..."
    }
  ],
  "limit": 50,
  "offset": 0
}

GET /protocol/{name}/risk-score — $0.10

{
  "protocol": "aave-v3",
  "score": 68,
  "factors": [
    { "name": "base",                    "delta": 50 },
    { "name": "tier1_audit_12m",         "delta": 3  },
    { "name": "active_bug_bounty_500k",  "delta": 5  },
    { "name": "unresolved_high_findings", "delta": -9 }
  ],
  "staleness_warning": false,
  "data_freshness_utc": "2026-05-08T14:23Z"
}

GET /protocol/{name}/audits — $0.10

{
  "protocol": "aave-v3",
  "audit_count": 7,
  "audits": [
    {
      "auditor": "Trail of Bits",
      "date": "2023-09-15",
      "critical": 0,
      "high": 1,
      "medium": 4,
      "low": 9,
      "report_url": "https://..."
    }
  ]
}

GET /compare — $0.10

{
  "a": {
    "protocol": "aave-v3",
    "score": 68,
    "incident_count": 2,
    "audit_count": 7,
    "bug_bounty_max_usd": 2000000
  },
  "b": {
    "protocol": "compound-v3",
    "score": 61,
    "incident_count": 3,
    "audit_count": 5,
    "bug_bounty_max_usd": 150000
  }
}

GET /protocol/{name}/security-summary — $0.15

{
  "protocol": "uniswap-v3",
  "risk_score": 74,
  "risk_factors": [ /* same as /risk-score */ ],
  "incidents": {
    "total": 0,
    "recent_90d": 0
  },
  "audits": {
    "count": 4,
    "latest_date": "2024-01-20",
    "open_criticals": 0
  },
  "bug_bounty": {
    "active": true,
    "max_usd": 2250000,
    "platform": "immunefi"
  },
  "data_freshness_utc": "2026-05-08T14:23Z"
}

Data sources

DeFiLlama

500+ protocols seeded by TVL. Hacks database. Refreshed every hour.

Rekt News

300+ historical incidents with amounts, attack types, and narratives. Refreshed every 2 hours.

Immunefi

224+ live bug bounty programs with max payout amounts. Refreshed every 6 hours.

Audit Reports

PDFs from Trail of Bits, OpenZeppelin, Spearbit, Crytic — parsed by Claude Sonnet. Refreshed every 24 hours.