Problem
In the decentralized finance (DeFi) ecosystem, users frequently interact with various smart contracts and decentralized applications (dApps) by signing transactions. However, these transactions can be complex and may involve interacting with potentially malicious or insecure contracts. Users often lack the expertise to fully understand the implications of the transactions they are about to sign, which can lead to financial losses and exposure to security risks. Therefore, there is a need for a mechanism that can evaluate transactions in real-time, ensuring they are safe before users sign them.
Solution
The Wallet Guard Agent (WGA) is designed to enhance transaction security by analyzing the transactions users are about to sign. It evaluates the safety of these transactions based on predefined calculations and checks the 'to' address to understand the contract’s potential consequences. By leveraging large language models (LLMs), the agent can read and interpret smart contract code to predict the outcomes of interactions, providing users with real-time safety assessments.
Contribution Framework
- Data Contribution:
- Transaction Data: contribute anonymized transaction data, including 'to' addresses, transaction values, and data payloads. This helps build a comprehensive dataset for evaluating transaction safety.
- Smart Contract Metadata: Nodes collect and share metadata about smart contracts, such as ABI (Application Binary Interface), source code, and historical interactions.
- Risk Patterns: Nodes contribute data on identified risk patterns and previously flagged malicious interactions to enhance the machine learning model’s training dataset.
- Performance Assessment:
- Accuracy Metrics: assess and improve the accuracy of the Wallet Guard Agent by comparing its safety evaluations with actual transaction outcomes.
- Latency Metrics: measure and report the latency of transaction analysis to ensure real-time performance standards are met.
- Feedback Loops: Users and nodes provide feedback on false positives and false negatives, which is used to refine and improve the agent’s algorithms.
Architecture
How it Works
- Transaction Monitoring:
- The WGA integrates with wallet applications to monitor transactions that users are about to sign.
- It captures details such as the 'to' address, transaction value, and data payload.
- Safety Evaluation:
- The agent performs calculations to evaluate the transaction's safety based on factors such as transaction history, value thresholds, and known risk patterns.
- It checks if the transaction involves interacting with known malicious addresses or if it deviates from the user’s typical transaction behavior.
- Smart Contract Analysis:
- The WGA checks the 'to' address to determine if it is a smart contract.
- It retrieves the smart contract code and uses LLMs to read and interpret the code, understanding its functionality and potential outcomes.
- The agent simulates the transaction to predict its effects, such as token transfers, state changes, or potential vulnerabilities.
- Result Evaluation:
- Based on the analysis, the agent determines whether the transaction is safe or potentially harmful.
- It provides a detailed report to the user, explaining the transaction's implications and any detected risks.
- User Notification:
- The WGA notifies the user of the safety assessment, offering clear guidance on whether to proceed with the transaction.
- It highlights any potential risks and provides recommendations to avoid unsafe transactions.
Task Provability
How Results are Proven
- Transparency and Logging:
- The WGA maintains a detailed log of all monitored transactions, safety evaluations, and analysis results.
- These logs are stored on a decentralized storage solution (e.g., IPFS) to ensure immutability and transparency.
- Consensus Mechanism:
- To enhance trust, the WGA can leverage a consensus mechanism where multiple nodes independently verify the safety evaluations.
- Only when a majority consensus is reached on a transaction's safety assessment, it is deemed valid and presented to the user.