One or more aspects described herein provide automatic smart contract feature analysis and risk assessment based on unique source code signatures and/or fingerprints within the smart contract. A risk assessment engine may automatically analyze a smart contract by first retrieving smart contract source code from a contract address on a blockchain where the smart contract is accessible. The risk assessment engine may generate an abstract syntax tree (AST) of the smart contract using a compiler for the smart contract source code, and then flatten the AST by removing non-differentiating elements from the AST. The flattened AST may be divided by function calls within the smart contract, and then each division may be fingerprinted, e.g., hashed using a one-way hash. The fingerprint is compared to a database of known functions to automatically identify one or more features of the smart contract with associated risk levels.