Flash loan exploits
Detects atomic borrow-manipulate-repay sequences before the second half completes. Catches the bZx and Cream Finance class of attacks.
Live on Sepolia · ETHGlobal Open Agents 2026
Catch malicious mempool transactions and pause vulnerable contracts in real time.
Protocol Guardian is an autonomous AI sentinel for DeFi. It watches the Ethereum mempool, classifies threats with Claude, and calls emergencyPause() on your contracts before exploits complete — usually within a single block.
What it monitors
Six attack patterns. Continuous coverage.
Every transaction in the Ethereum mempool gets screened against six high-signal exploit patterns. Anything suspicious is escalated to the AI agent for a confidence call.
Reentrancy
Pattern-screens external calls followed by state writes that leave intermediate balances exploitable. The DAO and Cream-style classics.
Access control
Watches for unauthorized calls into privileged functions — owner takeovers, missing modifiers, signature replay against admin paths.
Oracle manipulation
Flags price feeds that diverge from market consensus by more than a configurable threshold. Catches single-block oracle squeezes.
TVL drains
Detects abnormal outflow patterns that exceed the protocol's normal withdrawal velocity, including multi-tx siphoning across blocks.
Governance attacks
Tracks abnormal voting power concentration and proposal contents that touch privileged treasury or upgrade paths.
How it works
From mempool tx to
From mempool tx to pause() — in one block.
Four stages run in pipeline. Average end-to-end latency from mempool sighting to on-chain pause is well under 12 seconds on Sepolia.
Ingest
WebSocket subscription to the Ethereum mempool plus block stream via Alchemy. Every pending transaction touches the heuristics engine.
Screen
A deterministic heuristics layer scores transactions against the six attack patterns. Anything above the risk floor escalates to the agent.
Reason
Claude classifies the candidate threat, scores confidence 0–100, and recommends an action. Reasoning is logged for post-incident review.
Act
If confidence ≥ 75, the agent calls emergencyPause() on the registered Guardian contract. A full incident report follows.
$3.7B
Lost to DeFi exploits, 2016–2026
21
Catalogued exploit case studies
6
Chains in the threat dataset
<12s
Mempool-sighting to on-chain pause
Early access
Get Protocol Guardian on your protocol.
We're onboarding a small cohort of DeFi protocols for the post-hackathon pilot. Drop your email — you'll hear from Rivaldo personally.
No spam. Single sender. Unsubscribe in one click.