Screen4337 is an advanced endpoint that works similarly to /preview4337, but includes additional security features.

It will screen the destination contract / address, tokens that will be involved in the transaction, as well as the origin URL for the transaction (if provided).

The screening is comprehensive and aggregates data from a variety of sources, including: sanction lists (e.g. OFAC), various repositories of scam contracts and tokens, and malicious domain names.

It takes an optional stateOverrides object, which allows you to customize the state of the chain before the transaction is simulated. Refer to the /preview4337 endpoint for more information.

The output includes a human-friendly simulation of the transaction that will result from the userOp, with a transaction type and an English description of the action that is about to take place. All asset transfers are tagged with an action field that explains why the token will move.

It also includes a risk analysis for the destination address (whether it's a contract or an EOA), and of the tokens that will be involved in the transaction. Note that the analysis is performed on the final destination contract of the userOp, and not simply the AA wallet contract.

For the purpose of simulation and risk analysis, AA "intermediate contracts", such as the entrypoint, are abstracted away, instead focusing on the real user transaction underneath.

If any of the following is detected, it will be listed in the risks array:

• Bad actor address
• Malicious contract
• OFAC-sanctioned address
• Malicious domain

For tokens, in addition to reporting if the token contract is malicious, the following is also reported

• Fee on transfer token (for tokens that take a fee for buying/selling it)
• Token with admin privileges for minting / changing balance (not necessarily malicious, but common in custodial tokens)