Autonomous AI agent that monitors token approvals in real-time and automatically revokes malicious transactions before they drain your funds.
🔗 Live Demo | 🎥 Video Demo | 📊 Architecture
⚠️ DISCLAIMER: This project uses MetaMask Hybrid Smart Accounts on Monad Testnet. Delegations can't be signed by an EOA, so we use MetaMask Delegation Toolkit to create a smart account with full delegation support. Unfortunately, we can't use EIP-7702 authorization for this demo due to viem not supporting JSON-RPC requests for EIP-7702 authorization.
Every year, $1.7+ billion is lost to crypto phishing attacks. The most common vector? Unlimited token approvals to malicious contracts.
Current solutions fail because:
- ❌ Manual revocation tools require constant vigilance
- ❌ Users don't understand approval risks
- ❌ By the time you notice, your funds are gone
ShieldAI is an autonomous AI agent that protects your wallet 24/7:
- 🔍 Monitors all your token approvals in real-time using Envio HyperIndex
- 🤖 Analyzes contract bytecode with AI to detect malicious patterns
- ⚡ Revokes dangerous approvals automatically via MetaMask Delegations
- 🛡️ Protects you continuously without any manual intervention
┌─────────────────────────────────────────────────────────────┐
│ User approves tokens → Envio detects instantly │
│ ↓ │
│ AI analyzes bytecode → Threat detected? │
│ ↓ │
│ Backend redeems delegation → Approval auto-revoked │
│ ↓ │
│ User stays safe! 🎉 │
└─────────────────────────────────────────────────────────────┘
Set it up once. Protected forever.
- Zero-Friction Onboarding: Connect any external wallet (MetaMask, WalletConnect, etc.)
- One-Click Protection: Create MetaMask Smart Account in seconds
- AI-Powered Detection: GPT-4 analyzes contract bytecode for malicious patterns
- Auto-Revocation: Dangerous approvals cancelled instantly via delegations
- Real-Time Dashboard: Monitor all approvals with live updates via GraphQL subscriptions
- Beautiful UI: Modern, responsive design built with Next.js + TailwindCSS
- MetaMask Hybrid Smart Accounts: Full delegation support with browser wallet compatibility
- Envio Effect API: Real-time webhooks for instant threat response
- AI Bytecode Analysis: Detects transferFrom calls, owner privileges, honeypots, and backdoors
- Monad Testnet: Leverages high-performance EVM for sub-second transaction finality
- ERC-4337 UserOps: Gasless transactions with Pimlico bundler integration
- Type-Safe: End-to-end TypeScript across frontend, backend, and indexer
- MetaMask Smart Accounts: Hybrid implementation with EOA owner + advanced features
- MetaMask Delegation Toolkit: Grants ShieldAI limited revocation powers
- Envio HyperIndex: Real-time blockchain event monitoring with Effect API webhooks
- Monad Testnet: High-performance EVM for fast threat response
- AI Detection: Pattern analysis for identifying malicious contracts
- Privy: Seamless external wallet connection
┌──────────────────────────────────────────────────────────┐
│ Monad Testnet │
│ • UserRegistry Contract (tracks protected accounts) │
│ • ERC20 Tokens (USDC, etc.) │
│ • User Smart Accounts (MetaMask Hybrid) │
└─────────────────────┬────────────────────────────────────┘
│
↓ (Approval events)
┌──────────────────────────────────────────────────────────┐
│ Envio HyperIndex (hosted) │
│ • Real-time blockchain indexing │
│ • GraphQL API for frontend queries │
│ • Effect API → Webhook on new approvals │
└─────────────────────┬────────────────────────────────────┘
│
↓ (POST webhook)
┌──────────────────────────────────────────────────────────┐
│ Railway Backend + PostgreSQL │
│ • Receives approval webhooks │
│ • AI threat detection (OpenAI GPT-4) │
│ • Bytecode analysis via viem │
│ • Stores delegations │
│ • Redeems delegations to revoke threats │
└─────────────────────┬────────────────────────────────────┘
│
↓ (GraphQL subscriptions)
┌──────────────────────────────────────────────────────────┐
│ Netlify Frontend (Next.js) │
│ • Privy authentication │
│ • MetaMask Delegation Toolkit │
│ • Real-time dashboard (Apollo Client) │
│ • Beautiful UI (TailwindCSS) │
└──────────────────────────────────────────────────────────┘
- User creates approval → Smart account calls ERC20.approve()
- Envio detects event → Indexes approval, triggers Effect API webhook
- Backend receives webhook → Fetches bytecode, runs AI analysis
- AI analyzes threat → Checks for malicious patterns (drain functions, backdoors)
- If malicious → Backend redeems delegation, calls approve(spender, 0)
- Frontend updates → GraphQL subscription shows "REVOKED" status in real-time
- User protected → Malicious approval cancelled automatically!
shieldai/
├── contracts/ # Smart contracts (Foundry)
│ ├── src/
│ │ └── UserRegistry.sol
│ └── test/
├── indexer/ # Envio HyperIndex
│ ├── config.yaml
│ ├── schema.graphql
│ └── src/
│ └── EventHandlers.ts
├── backend/ # Node.js API (Railway)
│ ├── src/
│ │ ├── api/
│ │ ├── services/
│ │ └── db/
│ └── package.json
├── frontend/ # Next.js + Privy (Vercel)
│ ├── src/
│ │ ├── app/
│ │ ├── components/
│ │ └── lib/
│ └── package.json
└── README.md
- Smart Contracts: Solidity + Foundry
- Indexer: Envio HyperIndex + Effect API
- Backend: Node.js + Express + PostgreSQL (Railway)
- Frontend: Next.js + Privy + TailwindCSS (Vercel)
- Blockchain: Monad Testnet
- Delegations: MetaMask Delegation Toolkit (EIP-7702)
cd contracts
forge build
forge script script/Deploy.s.sol --rpc-url $MONAD_RPC_URL --broadcastcd indexer
pnpm install
pnpm devcd backend
pnpm install
pnpm devcd frontend
pnpm install
pnpm devCreate .env files in each directory:
contracts/.env
MONAD_RPC_URL=https://testnet-rpc.monad.xyz
PRIVATE_KEY=your_deployer_private_key
indexer/.env
ENVIO_API_TOKEN=your_envio_token
BACKEND_WEBHOOK_URL=https://shieldai-monad.up.railway.app/api/webhook/approval
backend/.env
DATABASE_URL=postgresql://...
SHIELD_AI_PRIVATE_KEY=your_backend_wallet_private_key
MONAD_RPC_URL=https://testnet-rpc.monad.xyz
frontend/.env
NEXT_PUBLIC_PRIVY_APP_ID=your_privy_app_id
NEXT_PUBLIC_BACKEND_API_URL=https://shieldai-monad.up.railway.app
cd contracts
forge script script/Deploy.s.sol --rpc-url $MONAD_RPC_URL --broadcast --verifycd frontend
vercel --prodcd backend
railway upcd indexer
envio deploy- 🔐 Seamless Onboarding: Connect any external wallet (Privy)
- 🎯 Smart Account Creation: One-click MetaMask Hybrid Smart Account
- 📊 Real-Time Dashboard: See all your approvals and threats
- ⚡ Instant Protection: Auto-revocation happens in milliseconds
- 🎨 Beautiful UI: Modern, responsive design with TailwindCSS
- 📡 Envio Effect API: Real-time webhooks for blockchain events
- 🔗 MetaMask Delegations: Granular permission management
- ⚙️ Modular Architecture: Easy to extend and customize
- 🧪 Full Test Coverage: Foundry tests for all contracts
- 📝 TypeScript: End-to-end type safety
- Visit → https://shieldai-monad.netlify.app
- Connect Wallet → MetaMask, WalletConnect, or any external wallet
- Onboarding → 4-step wizard creates your smart account
- Create Smart Account → One-click MetaMask Hybrid account deployment
- Grant Delegation → Sign once to give ShieldAI revoke permissions
- Dashboard → See your real-time approval monitoring
- Test Protection → Click demo buttons to see auto-revocation in action!
- Test #1: Unlimited approval to random EOA → Instant revoke
- Test #2: Limited approval to malicious contract → AI detects + revokes
- ✅ Smart account created with MetaMask Delegation Toolkit
- ✅ Delegation granted with granular permissions (approve-only)
- ✅ Real-time monitoring via Envio GraphQL subscriptions
- ✅ AI threat detection analyzing contract bytecode
- ✅ Auto-revocation via delegation redemption
- ✅ Live dashboard updates showing approval lifecycle
[Add screenshot]
[Add screenshot]
[Add screenshot]
[Add screenshot]
We chose MetaMask Hybrid Smart Accounts because it provides the perfect balance of compatibility and advanced features:
- Browser Wallet Compatible: Works with Privy, MetaMask, WalletConnect, any EOA
- Delegation Support: Critical for our autonomous revocation feature
- EOA Owner + Passkeys: Flexible authentication (EOA now, passkeys later)
- Production Ready: Fully functional on Monad testnet today
- ERC-4337 Compatible: Gas abstraction via Pimlico bundler
- No EIP-7702 Required: Bypasses JSON-RPC authorization limitations
// Create smart account with delegation support
const smartAccount = await toMetaMaskSmartAccount({
client: publicClient,
implementation: Implementation.Hybrid,
deployParams: [owner, [], [], []], // EOA owner, no passkeys yet
deploySalt: '0x',
signer: { walletClient } // Works with Privy EOAs!
})
// Create delegation for ShieldAI
const delegation = createDelegation({
from: smartAccount.address,
to: SHIELDAI_DELEGATE_ADDRESS,
scope: {
type: 'functionCall',
targets: [USDC_TOKEN_ADDRESS], // Can expand to more tokens
selectors: ['approve(address,uint256)'], // ONLY approve function
},
caveats: approveOnlyCaveat, // Granular restrictions
})
// User signs delegation ONCE
const signature = await smartAccount.signDelegation({ delegation })
// ShieldAI can now revoke approvals via delegation redemption
const execution = createExecution({
delegation: signedDelegation,
mode: ExecutionMode.Call,
calls: [{ to: tokenAddress, data: revokeCalldata }]
})- Autonomous Protection: ShieldAI acts on user's behalf without additional signatures
- Granular Permissions: Limited to ONLY
approve(address,uint256)function - User Control: Users can revoke delegation anytime via registry unregister
- Gas Abstraction: Future support for gasless revocations via paymaster
- Scalability: Can add more tokens to protection list
- Composability: Integrates seamlessly with existing DeFi protocols
- ✅ Non-Custodial: User always owns their smart account
- ✅ Scoped Permissions: ShieldAI can ONLY call approve(), nothing else
- ✅ Revocable: User can unregister and revoke delegation
- ✅ Transparent: All actions recorded on-chain
- ✅ Auditable: Delegation terms stored and verifiable
- Node.js 18+
- pnpm (recommended) or npm
- MetaMask browser extension
- Monad testnet MON tokens (Faucet)
# Clone the repository
git clone https://github.com/yourusername/shieldai.git
cd shieldai
# Install all dependencies
pnpm install- Start the frontend:
cd frontend
pnpm dev
# Visit http://localhost:3000- Start the backend:
cd backend
pnpm dev
# API runs on http://localhost:3001- Start the indexer:
cd indexer
pnpm dev
# Indexer syncs Monad eventsCopy .env.example to .env in each directory and fill in your values:
- Frontend: Privy App ID
- Backend: Database URL, RPC URL, Private Key
- Indexer: Envio API Token, Webhook URL
cd contracts
forge test -vvvcd backend
pnpm testcd frontend
pnpm test:e2e| Contract | Address | Purpose |
|---|---|---|
| UserRegistry | 0x4E8b57893b8A0Ab1c52E2E1E2A8B60f0E2B4e3b1 |
Tracks protected accounts |
| Malicious Test Contract | 0x2c641138a924cfbE42e0E6b4eb4E142D3c84ab1A |
Demo contract for AI testing |
| USDC (Test) | 0x62534e4bbd6d9ebac0ac99aeaa0aa48e56372df0 |
Test ERC20 token |
Envio Indexer: View on Envio Dashboard
Backend API: https://shieldai-monad.up.railway.app
Frontend: https://shieldai-monad.netlify.app
$1.7 billion lost annually to crypto scams. ShieldAI addresses the #1 attack vector: malicious token approvals.
- 🚨 Users unknowingly approve unlimited token access
- 🚨 Phishing sites trick users into signing dangerous transactions
- 🚨 By the time you realize, funds are already drained
- 🚨 Manual revocation tools require constant monitoring
- ✅ Automatic: No manual monitoring needed
- ✅ Intelligent: AI analyzes bytecode for threats
- ✅ Instant: Revokes approvals in milliseconds
- ✅ Trustless: Non-custodial, user always in control
- GPT-4 bytecode analysis: Detects malicious patterns humans can't see
- Function selector detection: Identifies dangerous
transferFromcalls - Owner privilege analysis: Spots hidden admin backdoors
- Honeypot detection: Recognizes fake functions designed to trap users
- Risk scoring: Quantifies threat level (0-100)
- First security application of delegation framework
- Granular permissions: Scoped to ONLY approve() function
- Revocable trust: Users maintain full control
- Gas-efficient: Single signature enables continuous protection
- Effect API webhooks: Instant notification of new approvals
- Sub-second response: Threat detected and revoked in <1s
- GraphQL subscriptions: Live dashboard updates
- Zero latency: No polling, truly real-time
- Type-safe: TypeScript across entire stack
- Scalable: Railway backend + PostgreSQL
- Composable: Modular, extensible design
- Tested: Comprehensive test coverage
- ✅ MetaMask Smart Accounts: Hybrid implementation with full delegation support
- ✅ MetaMask Delegation Toolkit: Core to our autonomous revocation feature
- ✅ Monad Testnet: All contracts deployed, leverages high-performance EVM
- ✅ Innovative Use Case: First AI-powered autonomous security agent
- ✅ Production Quality: Live demo, clean code, comprehensive docs
- Autonomous Agent: Truly set-and-forget protection
- AI Integration: Not just rules, actual intelligence
- Real-Time Everything: Instant detection, instant revocation
- User Experience: Beautiful UI, zero-friction onboarding
- Technical Depth: Advanced features (ERC-4337, delegations, webhooks)
- Practical Value: Solves a $1.7B/year problem
- 🌐 Live Demo: https://shieldai-monad.netlify.app
- 📹 Video Demo: Coming Soon
- 💻 GitHub: https://github.com/officialcmg/shieldai
- 📊 Envio Indexer: View Dashboard
- 🔍 Contract Verification: Monad Explorer
This project showcases innovative use of:
- MetaMask Smart Accounts (Hybrid Implementation)
- MetaMask Delegation Toolkit (Autonomous Actions)
- Monad Testnet (High-Performance EVM)
- Envio HyperIndex (Real-Time Indexing + Effect API)
- OpenAI GPT-4 (AI Bytecode Analysis)
- Next.js + TailwindCSS (Beautiful UI/UX)
- Privy (Seamless Auth)
- Railway + PostgreSQL (Backend Infrastructure)
MIT License - feel free to use this code for your own projects!
🛡️ ShieldAI - Protecting Web3, One Approval at a Time
Built for Monad & MetaMask Hackathon 2025