2026-02-10 11:32:49 -08:00
|
|
|
package analytics
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
2026-04-07 23:22:12 -07:00
|
|
|
"math"
|
|
|
|
|
"math/big"
|
2026-02-10 11:32:49 -08:00
|
|
|
|
|
|
|
|
"github.com/jackc/pgx/v5/pgxpool"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TokenDistribution provides token distribution analytics
|
|
|
|
|
type TokenDistribution struct {
|
2026-04-07 23:22:12 -07:00
|
|
|
db *pgxpool.Pool
|
2026-02-10 11:32:49 -08:00
|
|
|
chainID int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewTokenDistribution creates a new token distribution analyzer
|
|
|
|
|
func NewTokenDistribution(db *pgxpool.Pool, chainID int) *TokenDistribution {
|
|
|
|
|
return &TokenDistribution{
|
|
|
|
|
db: db,
|
|
|
|
|
chainID: chainID,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DistributionStats represents token distribution statistics
|
|
|
|
|
type DistributionStats struct {
|
2026-04-07 23:22:12 -07:00
|
|
|
Contract string
|
|
|
|
|
Symbol string
|
|
|
|
|
TotalSupply string
|
|
|
|
|
Holders int
|
|
|
|
|
Distribution map[string]string
|
|
|
|
|
TopHolders []HolderInfo
|
2026-02-10 11:32:49 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// HolderInfo represents holder information
|
|
|
|
|
type HolderInfo struct {
|
|
|
|
|
Address string
|
|
|
|
|
Balance string
|
|
|
|
|
Percentage string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetTokenDistribution gets token distribution for a contract
|
|
|
|
|
func (td *TokenDistribution) GetTokenDistribution(ctx context.Context, contract string, topN int) (*DistributionStats, error) {
|
chore(ci): align Go to 1.23.x, add staticcheck/govulncheck/gitleaks gates
.github/workflows/ci.yml:
- Go version: 1.22 -> 1.23.4 (matches go.mod's 'go 1.23.0' declaration).
- Split into four jobs with explicit names:
* test-backend: go vet + go build + go test
* scan-backend: staticcheck + govulncheck (installed from pinned tags)
* test-frontend: npm ci + eslint + tsc --noEmit + next build
* gitleaks: full-history secret scan on every PR
- Branches triggered: master + main + develop (master is the repo
default; the previous workflow only triggered on main/develop and
would never have run on the repo's actual PRs).
- actions/checkout@v4, actions/setup-go@v5, actions/setup-node@v4.
- Concurrency group cancels stale runs on the same ref.
- Node and Go caches enabled for faster CI.
.gitleaks.toml (new):
- Extends gitleaks defaults.
- Custom rule 'explorer-legacy-db-password-L@ker' keeps the historical
password pattern L@kers?\$?2010 wedged in the detection set even
after rotation, so any re-introduction (via copy-paste from old
branches, stale docs, etc.) fails CI.
- Allowlists docs/SECURITY.md and CHANGELOG.md where the string is
cited in rotation context.
backend/staticcheck.conf (new):
- Enables the full SA* correctness set.
- Temporarily disables ST1000/1003/1005/1020/1021/1022, U1000, S1016,
S1031. These are stylistic/cosmetic checks; the project has a long
tail of pre-existing hits there that would bloat every PR. Each is
commented so the disable can be reverted in a dedicated cleanup.
Legit correctness issues surfaced by staticcheck and fixed in this PR:
- backend/analytics/token_distribution.go: 'best-effort MV refresh'
block no longer dereferences a shadowed 'err'; scope-tight 'if err :='
used for the subsequent QueryRow.
- backend/api/rest/middleware.go: compressionMiddleware() was parsing
Accept-Encoding and doing nothing with it. Now it's a literal
pass-through with a TODO comment pointing at gorilla/handlers.
- backend/api/rest/mission_control.go: shadowed 'err' from
json.Unmarshal was assigned to an ignored outer binding via
fmt.Errorf; replaced with a scoped 'if uerr :=' that lets the RPC
fallback run as intended.
- backend/indexer/traces/tracer.go: best-effort CREATE TABLE no longer
discards the error implicitly.
- backend/indexer/track2/block_indexer.go: 'latestBlock - uint64(i) >= 0'
was a tautology on uint64. Replaced with an explicit
'if uint64(i) > latestBlock { break }' guard so operators running
count=1000 against a shallow chain don't underflow.
- backend/tracing/tracer.go: introduces a local ctxKey type and two
constants so WithValue calls stop tripping SA1029.
Verification:
- go build ./... clean.
- go vet ./... clean.
- go test ./... all existing tests PASS.
- staticcheck ./... clean except for the SA1029 hits in
api/middleware/auth.go and api/track4/operator_scripts_test.go,
which are resolved by PR #4 once it merges to master.
Advances completion criterion 4 (CI in good health).
2026-04-18 19:10:20 +00:00
|
|
|
// Refresh the materialized view. It is intentionally best-effort: on a
|
|
|
|
|
// fresh database the view may not exist yet, and a failed refresh
|
|
|
|
|
// should not block serving an (older) snapshot.
|
|
|
|
|
if _, err := td.db.Exec(ctx, `REFRESH MATERIALIZED VIEW CONCURRENTLY token_distribution`); err != nil {
|
|
|
|
|
_ = err
|
2026-02-10 11:32:49 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get distribution from materialized view
|
|
|
|
|
query := `
|
|
|
|
|
SELECT holder_count, total_balance
|
|
|
|
|
FROM token_distribution
|
|
|
|
|
WHERE token_contract = $1 AND chain_id = $2
|
|
|
|
|
`
|
|
|
|
|
|
|
|
|
|
var holders int
|
|
|
|
|
var totalSupply string
|
chore(ci): align Go to 1.23.x, add staticcheck/govulncheck/gitleaks gates
.github/workflows/ci.yml:
- Go version: 1.22 -> 1.23.4 (matches go.mod's 'go 1.23.0' declaration).
- Split into four jobs with explicit names:
* test-backend: go vet + go build + go test
* scan-backend: staticcheck + govulncheck (installed from pinned tags)
* test-frontend: npm ci + eslint + tsc --noEmit + next build
* gitleaks: full-history secret scan on every PR
- Branches triggered: master + main + develop (master is the repo
default; the previous workflow only triggered on main/develop and
would never have run on the repo's actual PRs).
- actions/checkout@v4, actions/setup-go@v5, actions/setup-node@v4.
- Concurrency group cancels stale runs on the same ref.
- Node and Go caches enabled for faster CI.
.gitleaks.toml (new):
- Extends gitleaks defaults.
- Custom rule 'explorer-legacy-db-password-L@ker' keeps the historical
password pattern L@kers?\$?2010 wedged in the detection set even
after rotation, so any re-introduction (via copy-paste from old
branches, stale docs, etc.) fails CI.
- Allowlists docs/SECURITY.md and CHANGELOG.md where the string is
cited in rotation context.
backend/staticcheck.conf (new):
- Enables the full SA* correctness set.
- Temporarily disables ST1000/1003/1005/1020/1021/1022, U1000, S1016,
S1031. These are stylistic/cosmetic checks; the project has a long
tail of pre-existing hits there that would bloat every PR. Each is
commented so the disable can be reverted in a dedicated cleanup.
Legit correctness issues surfaced by staticcheck and fixed in this PR:
- backend/analytics/token_distribution.go: 'best-effort MV refresh'
block no longer dereferences a shadowed 'err'; scope-tight 'if err :='
used for the subsequent QueryRow.
- backend/api/rest/middleware.go: compressionMiddleware() was parsing
Accept-Encoding and doing nothing with it. Now it's a literal
pass-through with a TODO comment pointing at gorilla/handlers.
- backend/api/rest/mission_control.go: shadowed 'err' from
json.Unmarshal was assigned to an ignored outer binding via
fmt.Errorf; replaced with a scoped 'if uerr :=' that lets the RPC
fallback run as intended.
- backend/indexer/traces/tracer.go: best-effort CREATE TABLE no longer
discards the error implicitly.
- backend/indexer/track2/block_indexer.go: 'latestBlock - uint64(i) >= 0'
was a tautology on uint64. Replaced with an explicit
'if uint64(i) > latestBlock { break }' guard so operators running
count=1000 against a shallow chain don't underflow.
- backend/tracing/tracer.go: introduces a local ctxKey type and two
constants so WithValue calls stop tripping SA1029.
Verification:
- go build ./... clean.
- go vet ./... clean.
- go test ./... all existing tests PASS.
- staticcheck ./... clean except for the SA1029 hits in
api/middleware/auth.go and api/track4/operator_scripts_test.go,
which are resolved by PR #4 once it merges to master.
Advances completion criterion 4 (CI in good health).
2026-04-18 19:10:20 +00:00
|
|
|
if err := td.db.QueryRow(ctx, query, contract, td.chainID).Scan(&holders, &totalSupply); err != nil {
|
2026-02-10 11:32:49 -08:00
|
|
|
return nil, fmt.Errorf("failed to get distribution: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get top holders
|
|
|
|
|
topHoldersQuery := `
|
|
|
|
|
SELECT address, balance
|
|
|
|
|
FROM token_balances
|
|
|
|
|
WHERE token_contract = $1 AND chain_id = $2 AND balance > 0
|
|
|
|
|
ORDER BY balance DESC
|
|
|
|
|
LIMIT $3
|
|
|
|
|
`
|
|
|
|
|
|
|
|
|
|
rows, err := td.db.Query(ctx, topHoldersQuery, contract, td.chainID, topN)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to get top holders: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
|
|
topHolders := []HolderInfo{}
|
2026-04-07 23:22:12 -07:00
|
|
|
totalSupplyRat, ok := parseNumericString(totalSupply)
|
|
|
|
|
if !ok || totalSupplyRat.Sign() <= 0 {
|
|
|
|
|
totalSupplyRat = big.NewRat(0, 1)
|
|
|
|
|
}
|
2026-02-10 11:32:49 -08:00
|
|
|
for rows.Next() {
|
|
|
|
|
var holder HolderInfo
|
|
|
|
|
if err := rows.Scan(&holder.Address, &holder.Balance); err != nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2026-04-07 23:22:12 -07:00
|
|
|
holder.Percentage = formatPercentage(holder.Balance, totalSupplyRat, 4)
|
2026-02-10 11:32:49 -08:00
|
|
|
topHolders = append(topHolders, holder)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stats := &DistributionStats{
|
|
|
|
|
Contract: contract,
|
|
|
|
|
Holders: holders,
|
|
|
|
|
TotalSupply: totalSupply,
|
|
|
|
|
Distribution: make(map[string]string),
|
|
|
|
|
TopHolders: topHolders,
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-07 23:22:12 -07:00
|
|
|
balances, err := td.loadHolderBalances(ctx, contract)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to compute holder metrics: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stats.Distribution["top_10_percent"] = concentrationPercent(balances, totalSupplyRat, 0.10)
|
|
|
|
|
stats.Distribution["top_1_percent"] = concentrationPercent(balances, totalSupplyRat, 0.01)
|
|
|
|
|
stats.Distribution["gini_coefficient"] = giniCoefficient(balances)
|
2026-02-10 11:32:49 -08:00
|
|
|
|
|
|
|
|
return stats, nil
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-07 23:22:12 -07:00
|
|
|
func (td *TokenDistribution) loadHolderBalances(ctx context.Context, contract string) ([]*big.Rat, error) {
|
|
|
|
|
rows, err := td.db.Query(ctx, `
|
|
|
|
|
SELECT balance
|
|
|
|
|
FROM token_balances
|
|
|
|
|
WHERE token_contract = $1 AND chain_id = $2 AND balance > 0
|
|
|
|
|
ORDER BY balance DESC
|
|
|
|
|
`, contract, td.chainID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
|
|
balances := make([]*big.Rat, 0)
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
var raw string
|
|
|
|
|
if err := rows.Scan(&raw); err != nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if balance, ok := parseNumericString(raw); ok && balance.Sign() > 0 {
|
|
|
|
|
balances = append(balances, balance)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return balances, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func parseNumericString(raw string) (*big.Rat, bool) {
|
|
|
|
|
value, ok := new(big.Rat).SetString(raw)
|
|
|
|
|
return value, ok
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func formatPercentage(raw string, total *big.Rat, decimals int) string {
|
|
|
|
|
value, ok := parseNumericString(raw)
|
|
|
|
|
if !ok {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
return formatRatioAsPercent(value, total, decimals)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func concentrationPercent(balances []*big.Rat, total *big.Rat, percentile float64) string {
|
|
|
|
|
if len(balances) == 0 {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
count := int(math.Ceil(float64(len(balances)) * percentile))
|
|
|
|
|
if count < 1 {
|
|
|
|
|
count = 1
|
|
|
|
|
}
|
|
|
|
|
if count > len(balances) {
|
|
|
|
|
count = len(balances)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sum := new(big.Rat)
|
|
|
|
|
for i := 0; i < count; i++ {
|
|
|
|
|
sum.Add(sum, balances[i])
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return formatRatioAsPercent(sum, total, 4)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func formatRatioAsPercent(value, total *big.Rat, decimals int) string {
|
|
|
|
|
if value == nil || total == nil || total.Sign() <= 0 {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
percent := new(big.Rat).Quo(value, total)
|
|
|
|
|
percent.Mul(percent, big.NewRat(100, 1))
|
|
|
|
|
return formatRat(percent, decimals)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func giniCoefficient(balances []*big.Rat) string {
|
|
|
|
|
if len(balances) == 0 {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
total := new(big.Rat)
|
|
|
|
|
for _, balance := range balances {
|
|
|
|
|
total.Add(total, balance)
|
|
|
|
|
}
|
|
|
|
|
if total.Sign() <= 0 {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
weightedSum := new(big.Rat)
|
|
|
|
|
n := len(balances)
|
|
|
|
|
for i := range balances {
|
|
|
|
|
index := n - i
|
|
|
|
|
weighted := new(big.Rat).Mul(balances[i], big.NewRat(int64(index), 1))
|
|
|
|
|
weightedSum.Add(weightedSum, weighted)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nRat := big.NewRat(int64(n), 1)
|
|
|
|
|
numerator := new(big.Rat).Mul(weightedSum, big.NewRat(2, 1))
|
|
|
|
|
denominator := new(big.Rat).Mul(nRat, total)
|
|
|
|
|
gini := new(big.Rat).Quo(numerator, denominator)
|
|
|
|
|
gini.Sub(gini, new(big.Rat).Quo(big.NewRat(int64(n+1), 1), nRat))
|
|
|
|
|
|
|
|
|
|
if gini.Sign() < 0 {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return formatRat(gini, 6)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func formatRat(value *big.Rat, decimals int) string {
|
|
|
|
|
if value == nil {
|
|
|
|
|
return "0"
|
|
|
|
|
}
|
|
|
|
|
text := new(big.Float).SetPrec(256).SetRat(value).Text('f', decimals)
|
|
|
|
|
for len(text) > 1 && text[len(text)-1] == '0' {
|
|
|
|
|
text = text[:len(text)-1]
|
|
|
|
|
}
|
|
|
|
|
if len(text) > 1 && text[len(text)-1] == '.' {
|
|
|
|
|
text = text[:len(text)-1]
|
|
|
|
|
}
|
|
|
|
|
return text
|
|
|
|
|
}
|
