shieldai
ShieldAI is an autonomous AI security agent that protects your wallet 24/7 by monitoring token approvals in real-time and automatically revoking malicious approvals before they drain your funds
ビデオ
説明
ShieldAI - AI-Powered Autonomous Wallet Guardian
THE PROBLEM:
$1.7 billion lost annually to crypto phishing attacks. The #1 attack vector? Malicious token approvals. Users unknowingly grant unlimited access to scam contracts, and by the time they realize it, their funds are gone. Existing solutions require constant manual monitoring—an impossible task for regular users.
THE SOLUTION:
ShieldAI is the first fully autonomous AI security agent for Web3. It monitors every token approval in real-time, analyzes contract bytecode using GPT-4 to detect malicious patterns, automatically revokes dangerous approvals via MetaMask delegations—all without any user intervention.
HOW IT WORKS:
1. User creates a MetaMask Hybrid Smart Account and grants ShieldAI limited revocation permissions (one signature, approve-only)
2. Envio HyperIndex monitors all approvals in real-time, triggering webhooks instantly
3. Backend receives approval events and fetches the spender contract's bytecode
4. AI analyzes bytecode for malicious patterns: transferFrom calls, owner privileges, honeypots, hidden backdoors
5. If threat detected (risk score >70), backend redeems delegation and revokes approval automatically
6. User's dashboard updates in real-time via GraphQL subscriptions—threat neutralized in <1 second
TECHNICAL INNOVATION:
- First security application of MetaMask Delegation Toolkit—granular, revocable permissions for autonomous protection
- AI-powered bytecode analysis using GPT-4—detects threats humans can't see by analyzing EVM opcodes
- Real-time threat response via Envio Effect API webhooks—sub-second detection and revocation
- Production-grade architecture: Next.js frontend, Railway backend, PostgreSQL, full TypeScript
- MetaMask Hybrid Smart Accounts—full delegation support with browser wallet compatibility
- Deployed on Monad Testnet—leverages high-performance EVM for instant finality
KEY FEATURES:
✅ One-click protection: Create smart account + grant delegation in 2 steps
✅ AI threat detection: GPT-4 analyzes contract bytecode for malicious patterns
✅ Autonomous revocation: Threats cancelled automatically via delegations
✅ Real-time dashboard: Live approval monitoring with GraphQL subscriptions
✅ Beautiful UI: Modern, responsive design with comprehensive onboarding flow
WHAT WE BUILT:
- Smart contracts: UserRegistry for protected accounts tracking, deployed malicious test contract
- Envio indexer: Real-time approval monitoring with Effect API webhook integration
- Backend API: Delegation storage, webhook endpoints, AI threat detection, delegation redemption
- AI module: GPT-4 bytecode analysis detecting transferFrom calls, owner privileges, honeypots, backdoors
- Frontend: Full onboarding flow, smart account creation, delegation signing, real-time dashboard, demo mode
- Complete integration: End-to-end flow from approval detection to auto-revocation in <1 second
REAL-WORLD IMPACT:
This solves a $1.7B/year problem with truly autonomous protection. Users set it up once and never worry about malicious approvals again. No manual monitoring, no constant vigilance—just intelligent, automatic protection powered by AI and MetaMask's delegation framework.
ShieldAI brings enterprise-grade security to everyday Web3 users through an intuitive, set-and-forget interface. Unlike technical tools that require constant monitoring, ShieldAI works automatically—login once, grant delegation, and you're protected forever. With beautiful onboarding, real-time visual feedback, and zero ongoing effort, it makes Web3 safe for mass adoption.
The app solves a $1.7B/year problem (malicious token approvals) that affects EVERY crypto user, from beginners to experts. By combining AI-powered threat detection with MetaMask's delegation framework, we've created the first truly autonomous consumer security product.
Perfect for: Anyone using DeFi, NFT collectors, crypto beginners, power users—everyone who approves tokens needs ShieldAI.
⚠️ DISCLAIMER: This project uses MetaMask Hybrid Smart Accounts on Monad Testnet. Smart accounts are experimental technology. This is a proof-of-concept demo built for educational and hackathon purposes. Always exercise caution with real funds.
GitHub: https://github.com/officialcmg/shieldai
Demo: https://shieldai-monad.netlify.app/
ハッカソンの進行状況
UserRegistry on Monad Testnet for tracking protected accounts. Added register/unregister with events for indexing. Built malicious test contract and test ERC20 (USDC) for AI analysis. Verified contracts on Monad Explorer. Envio HyperIndex: configured indexer for Approval events, connected Effect API webhook, added event handlers and GraphQL schema, deployed to Envio Cloud. Backend (Node.js + Express + PostgreSQL): REST API with /api/webhook/approval for Envio events, AI threat detection using GPT-4 and bytecode analysis, delegation redemption via MetaMask Delegation Toolkit, blockchain ops with viem, deployed on Railway. AI Threat Detection: GPT-4 bytecode analysis for malicious patterns (transferFrom, backdoors, honeypots, owner privileges), risk scoring (0–100) and fallback handling. Frontend (Next.js + TailwindCSS): landing page and onboarding flow, real-time approval dashboard with GraphQL subscriptions, Privy auth, Delegation Toolkit, ERC-4337 gasless transactions, demo mode with unlimited approval tests, deployed on Netlify. MetaMask Integration: hybrid smart accounts with granular delegations, limited/unlimited approval options, auto-revocation via backend, ERC-4337 bundler for gasless UX. UX: responsive design, gradients, animations, tooltips, real-time updates, visual revoked approvals. Testing & Deployment: end-to-end flow from approval to AI analysis and revocation, deployed contracts and backend/frontend, sub-second detection response.