Bridge Sentinel

Bridge Sentinel is a real-time 3-agent swarm that detects and prevents DeFi bridge exploits. It replays the KelpDAO attack pattern — a weak 1-of-1 DVN bridge config paired with a large deposit and max-LTV borrow — and proves it would have caught the exploit in under 2 minutes. Three autonomous agents coordinate: Config Agent polls the bridge contract and scores DVN validator security, Anomaly Agent watches lending events for suspicious deposit+borrow patterns, and Risk Agent combines both signals using 0G Compute's qwen-2.5-7b-instruct LLM to produce a final risk score with TEE-attested inference. Agents communicate peer-to-peer via Gensyn AXL signed ed25519 transport — no centralized messaging. All agent identity, contract addresses, and monitoring config are resolved from ENS subnames on Sepolia at startup, with zero hardcoded values. A Next.js dashboard shows live signals and a Pause button that lands an on-chain transaction to freeze the lending contract before the attacker can exit.

The swarm is three independent TypeScript agents (tsx + Node.js) sharing a common agents/transport/ layer that abstracts over local HTTP and AXL P2P. Each agent is its own package with its own .env — no monorepo orchestrator, just pnpm dev in three terminals.

Gensyn AXL was the trickiest integration. AXL's Go binary exposes a local HTTP sidecar per agent (ports 9002/9012/9022). Sending is POST /send with an X-Destination-Peer-Id header containing the recipient's ed25519 pubkey. Receiving is GET /recv which returns raw bytes + X-From-Peer-Id. The hacky part: AXL returns a Yggdrasil-derived address as the sender ID, not the raw pubkey we store in ENS. We discovered the first 24 hex characters match between the two, so we validate sender identity via prefix comparison — just enough uniqueness for a 3-node swarm without needing to reverse the Yggdrasil address transform. The AxlTransport class polls /recv every 500ms and dispatches parsed JSON signals to handlers.

0G Compute runs the Risk Agent's LLM inference. We migrated from the deprecated @0glabs/0g-serving-broker to @0gfoundation/0g-compute-ts-sdk v0.8.0 mid-hackathon — the old SDK's createZGServingNetworkBroker was replaced with createZGComputeNetworkBroker and the settlement flow changed. The agent calls broker.inference.getServiceMetadata() to discover the provider's endpoint, builds auth headers via getRequestHeaders(), then hits the OpenAI-compatible /chat/completions endpoint with a structured DeFi security prompt. Responses include a ZG-Res-Key header for TEE attestation, verified via broker.inference.processResponse(). We use qwen-2.5-7b-instruct on 0G testnet with a fallback rule-based scorer when the provider is offline.

ENS provides zero-config agent discovery. At startup each agent calls getEnsText() on Sepolia to resolve bridgesentinel.eth subnames (config., anomaly., risk.) for AXL pubkeys, and kelpdao.bridgesentinel.eth for monitored contract addresses and thresholds. The resolveENSConfig() helper in agents/transport/src/ens.ts returns typed config that the transport factory uses — if ENS resolution fails, agents fall through to .env vars via || (not ??, since ENS returns empty strings for unset records).

Smart contracts are Foundry/Solidity on 0G testnet (chain 16602): a MockOFTBridge with configurable DVN validator sets, MockLending with deposit/borrow/pause mechanics, and a fake rsETH ERC-20. The demo script replays the KelpDAO exploit — sets 1-of-1 DVN, mints 116.5k rsETH, deposits, borrows 93.2k WETH at 80% LTV — all re-runnable (auto-unpauses first).