# Multi-input clustering heuristic for Bitcoin
def cluster_multi_input_addresses(transaction):
    """
    Addresses that appear as inputs in the same transaction
    are likely controlled by the same entity
    """
    if len(transaction['inputs']) > 1:
        input_addresses = [inp['address'] for inp in transaction['inputs']]
        return input_addresses  # These belong to same cluster
    return None

# Change address detection
def detect_change_address(transaction):
    """
    In Bitcoin, change addresses often have specific patterns:
    - Smaller amounts
    - Different address formats
    - Single output transactions following this one
    """
    outputs = transaction['outputs']
    if len(outputs) == 2:
        amounts = [out['value'] for out in outputs]
        # Typically, change is the smaller amount
        change_idx = amounts.index(min(amounts))
        return outputs[change_idx]['address']

-- Ethereum contract interaction patterns
SELECT 
    from_address,
    to_address as contract_address,
    COUNT(*) as interaction_count,
    AVG(gas_used) as avg_gas,
    MIN(block_timestamp) as first_interaction
FROM ethereum.transactions 
WHERE to_address IN (
    SELECT address FROM ethereum.contracts 
    WHERE is_erc20 = true
)
GROUP BY from_address, to_address
HAVING interaction_count > 10
ORDER BY interaction_count DESC

from collections import deque
import networkx as nx

class TransactionTracer:
    def __init__(self, api_client):
        self.api = api_client
        self.graph = nx.DiGraph()

    def trace_funds_forward(self, start_address, max_hops=5, min_amount=0.01):
        """
        Trace funds forward from a starting address using BFS
        """
        queue = deque([(start_address, 0, [])])
        visited = set()
        paths = []

        while queue:
            address, hops, path = queue.popleft()

            if hops >= max_hops or address in visited:
                continue

            visited.add(address)

            # Get outgoing transactions
            txns = self.api.get_outgoing_transactions(address)

            for tx in txns:
                if tx['value'] >= min_amount:
                    new_path = path + [(address, tx['to_address'], tx['value'], tx['hash'])]

                    if hops == max_hops - 1:
                        paths.append(new_path)
                    else:
                        queue.append((tx['to_address'], hops + 1, new_path))

        return paths

    def detect_mixing_patterns(self, address):
        """
        Detect potential mixing service usage patterns
        """
        txns = self.api.get_transactions(address)

        # Look for suspicious patterns
        patterns = {
            'rapid_succession': 0,
            'round_numbers': 0,
            'multiple_small_outputs': 0,
            'timing_analysis': []
        }

        for i, tx in enumerate(txns[:-1]):
            time_diff = txns[i+1]['timestamp'] - tx['timestamp']
            patterns['timing_analysis'].append(time_diff)

            # Rapid succession (< 10 minutes)
            if time_diff < 600:
                patterns['rapid_succession'] += 1

            # Round number amounts
            if tx['value'] % 1 == 0:  # Whole numbers
                patterns['round_numbers'] += 1

        return patterns

# Uniswap V3 position analysis
def analyze_liquidity_positions(pool_address, block_range):
    """
    Analyze liquidity provider behavior in Uniswap V3
    """
    query = f"""
    SELECT 
        owner,
        token_id,
        tick_lower,
        tick_upper,
        liquidity,
        block_number,
        transaction_hash
    FROM uniswap_v3.mint_events 
    WHERE pool = '{pool_address}'
        AND block_number BETWEEN {block_range[0]} AND {block_range[1]}
    ORDER BY block_number
    """

    positions = execute_query(query)

    # Calculate position metrics
    metrics = {
        'total_positions': len(positions),
        'unique_providers': len(set(p['owner'] for p in positions)),
        'avg_liquidity': sum(p['liquidity'] for p in positions) / len(positions),
        'tick_distribution': {}
    }

    return metrics

# MEV detection
def detect_sandwich_attacks(block_number):
    """
    Detect sandwich attacks in a specific block
    """
    query = f"""
    WITH block_swaps AS (
        SELECT *
        FROM dex.trades 
        WHERE block_number = {block_number}
        ORDER BY transaction_index, log_index
    )
    SELECT 
        trader_a,
        trader_b,
        trader_c,
        token_address,
        amount_victim,
        profit_extracted
    FROM (
        SELECT 
            LAG(trader_address) OVER (ORDER BY log_index) as trader_a,
            trader_address as trader_b,
            LEAD(trader_address) OVER (ORDER BY log_index) as trader_c,
            token_bought_address as token_address,
            token_bought_amount as amount_victim
        FROM block_swaps
    ) sandwich_candidates
    WHERE trader_a = trader_c  -- Same trader before and after
        AND trader_a != trader_b  -- Different from victim
    """

    return execute_query(query)

class ComplianceAnalyzer:
    def __init__(self, sanctions_list, risk_database):
        self.sanctions = set(sanctions_list)
        self.risk_db = risk_database

    def calculate_risk_score(self, address, depth=3):
        """
        Calculate risk score based on transaction history
        and counterparty analysis
        """
        score = 0
        factors = {
            'direct_sanctions': 100,
            'one_hop_sanctions': 75,
            'mixing_services': 50,
            'darknet_markets': 80,
            'ransomware': 90,
            'exchange_deposit': -10,  # Reduces risk
            'defi_interaction': 5
        }

        # Check direct sanctions match
        if address in self.sanctions:
            return 100, ['OFAC_SANCTIONED']

        # Analyze transaction counterparties
        risk_factors = []
        counterparties = self.get_counterparties(address, depth)

        for counterparty, hops in counterparties:
            if counterparty in self.sanctions:
                hop_penalty = factors['direct_sanctions'] / (hops + 1)
                score += hop_penalty
                risk_factors.append(f'SANCTIONS_{hops}_HOP')

            # Check other risk categories
            risk_category = self.risk_db.get_category(counterparty)
            if risk_category and risk_category in factors:
                category_score = factors[risk_category] / (hops + 1)
                score += category_score
                risk_factors.append(f'{risk_category.upper()}_{hops}_HOP')

        return min(score, 100), risk_factors

# Use connection pooling for API requests
import asyncio
import aiohttp
from asyncio import Semaphore

class OptimizedBlockchainAPI:
    def __init__(self, max_concurrent=10):
        self.semaphore = Semaphore(max_concurrent)
        self.session = None

    async def batch_address_analysis(self, addresses):
        """
        Efficiently analyze multiple addresses concurrently
        """
        async with aiohttp.ClientSession() as session:
            self.session = session
            tasks = [self.analyze_address(addr) for addr in addresses]
            results = await asyncio.gather(*tasks, return_exceptions=True)
            return results

    async def analyze_address(self, address):
        async with self.semaphore:
            # Rate limiting and concurrent request management
            url = f"https://api.etherscan.io/api?module=account&action=txlist&address={address}"
            async with self.session.get(url) as response:
                return await response.json()