Arbiguard
ArbiGuard is an autonomous risk firewall for tokenized-asset protocols. It scores live transactions on-chain in a Stylus risk engine, enforces protocol-signed risk policies, and trips a hysteresis circuit breaker the moment an exploit pattern crosses a blocking threshold — then writes the threat signature to a shared registry so every other protected pool is immunized against the same attack. Built for the capital coming to Arbitrum and Robinhood Chain, where a single exploit on tokenized equities is a regulatory event, not just a TVL loss.
視頻
技術堆疊
描述
The problem
Real-world assets are moving on-chain. Robinhood is tokenizing equities, institutions are deploying capital onto Arbitrum, and regulated issuers are putting names and balance sheets behind tokenized products. For these participants, the risk profile is different from native DeFi: an exploit on a tokenized-equity pool is not just lost TVL, it is a headline and a regulatory incident. Yet the defensive tooling they inherit is the same reactive, off-chain, trust-the-operator monitoring that retail DeFi has always used. There is no enforceable, verifiable, protocol-owned layer that can detect an attack and stop it in the same block.
The solution
ArbiGuard is that layer. It gives a protocol or asset issuer a firewall they configure once and that defends autonomously, with no trust in our servers:
Transaction risk is scored on-chain in a Stylus (Rust) risk engine, so the score is verifiable rather than an opaque off-chain heuristic.
The protocol signs an EIP-712 risk policy defining its own thresholds (allow / rate-limit / block, max single-block outflow). ArbiGuard enforces it; we never decide the rules.
When risk crosses the signed blocking threshold, an autonomous, reputation-gated agent trips a hysteresis circuit breaker on-chain — adaptive state transitions that resist false-trip griefing and single-block noise.
The confirmed threat signature is written once to a shared cross-protocol registry, so every other subscribing pool is protected from the same pattern with zero additional work.
How it works (end to end)
A protocol registers a pool and signs an on-chain risk policy.
ArbiGuard's detection engine extracts features from live Arbitrum / Robinhood Chain activity (flash-loan signatures, price deviation, sandwich patterns, reentrancy depth, liquidation correlation).
The Stylus risk engine scores those features on-chain and returns allow / flag / block.
If the score crosses the signed threshold, the agent trips the hysteresis breaker on-chain (pause or rate-limit) within policy bounds.
The threat signature is logged to the shared registry; connected pools are immunized automatically.
What makes it different
On-chain verifiable scoring in Stylus — most security tools score off-chain and ask you to trust them. ArbiGuard's scoring is a verifiable contract.
Protocol-signed policies — the protocol owns the rules via EIP-712, removing trust in the operator.
Hysteresis circuit breaker — an adaptive finite-state machine (normal → elevated → tripped → cooldown), not a brittle single-block trigger.
Reputation-gated autonomy — only agents meeting an on-chain (ERC-8004) reputation bar may trigger protective actions.
Network-effect defense — the shared threat registry means each new protocol strengthens protection for all, which is also the retention and moat story.
Why now, and who it is for
The buyer is RWA protocols, tokenized-asset issuers, and institutional DeFi desks deploying on Robinhood Chain and Arbitrum — participants who cannot absorb a public exploit. The commercial model is a per-pool subscription plus per-incident response, with the shared registry as a public good that grows the protected surface. This maps directly to the London thesis: where institutional capital and real-world adoption meet, the firewall has to be on-chain, enforceable, and protocol-owned.