Aegis

DeFiGuardian stops DeFi hacks before they drain funds. The problem? $3.8B was stolen in 2022 alone, and most attacks complete in a single block — no time to react.

We built a security layer that sits between users and protocols. Every transaction goes through our "airlock" where three things happen:

First, an ML model trained on past exploits analyzes the transaction. Flash loan patterns, unusual amounts, known attacker addresses — if something looks off, it gets flagged.

Second, flagged transactions hit a 30-minute cryptographic time-lock (VDF). Attackers can't speed this up no matter how much compute they throw at it. This buys time to investigate.

Third, a network of 10 guardians votes on suspicious transactions. You need 7/10 to approve, so there's no single point of failure — no admin key to compromise.

The best part? Users can set their own security rules through ENS. Set a threshold like "flag anything over 10 ETH" or whitelist only the protocols you trust. Your ENS name becomes your portable security policy.

We also integrated with Uniswap v4 hooks so security checks happen on every swap, and LI.FI for cross-chain protection — if we detect an attacker on Ethereum, every chain knows instantly.

The core insight was that most DeFi security fails because attacks are too fast. So we built around enforcing delays that can't be bypassed.

For the time-lock, we implemented Wesolowski VDFs with RSA-2048. The math guarantees sequential computation — you literally cannot parallelize it. 300 million iterations = 30 minutes, period. The VDF worker runs server-side and the proof gets verified on-chain. For guardian consensus, we used FROST threshold signatures (7-of-10 Ed25519 Schnorr). This means no single guardian controls anything — you need 7 signatures that get aggregated into one. We also added ZK voting with Groth16 circuits so guardians can vote privately until reveal, preventing bribery.

The ML model is XGBoost trained on Etherscan transaction data — 47 features covering transaction patterns, timing, counterparties. It calls the Etherscan API in real-time and flags anything scoring above 50.

For Uniswap v4, we wrote a hook contract that runs beforeSwap() and afterSwap(). It checks blacklists, enforces protocol pauses, and reads ENS security profiles. The hacky bit — we're reading ENS text records on-chain to get user preferences like threshold and whitelist, then enforcing them at the swap level.

LI.FI integration was straightforward — we wrap their quote API with our security checks and use LayerZero to broadcast security events cross-chain. One blacklist, every chain.

The SDK ties everything together with parallel processing — VDF computation and guardian voting run simultaneously, then both proofs get submitted on-chain in one transaction.