ChainGuard

ChainGuard - AI-Powered Smart Contract Security Monitor The Problem: Smart contract vulnerabilities cost the blockchain industry over $3 billion annually. Developers and security teams lack accessible tools for continuous, automated security monitoring that provide both technical vulnerability detection and human-readable explanations of risks. Existing solutions are either too expensive, too complex, or provide alerts without context.

Our Solution: ChainGuard is a real-time security monitoring dashboard that combines Blockscout's powerful infrastructure with AI-driven analysis to detect, explain, and alert developers about smart contract vulnerabilities. We've built a comprehensive security platform that makes blockchain security accessible to developers of all skill levels.

How It Works:

Contract Analysis: Users paste a verified smart contract address into ChainGuard's dashboard. Our system fetches the source code via Blockscout's API and runs pattern-based analysis to detect common vulnerabilities including:

Reentrancy attacks

Unchecked external calls

Dangerous delegatecall usage

Selfdestruct functions

tx.origin authentication issues

Risk Scoring: ChainGuard calculates a dynamic 0-100 risk score based on severity-weighted vulnerabilities, providing instant visual feedback through color-coded indicators (green for safe, yellow for medium risk, red for critical).

AI-Powered Insights: Using the Blockscout MCP (Model Context Protocol) pattern, we integrate GPT-4 to generate plain English explanations of detected vulnerabilities, complete with contextual security recommendations that developers can immediately implement.

Real-Time Monitoring: Through Blockscout SDK integration, ChainGuard monitors contracts 24/7 and sends instant transaction notifications via toast alerts when suspicious activity is detected, keeping developers informed without requiring constant manual checking.

Deep Explorer Integration: Every analysis links directly to our deployed Autoscout explorer instance, allowing users to dive deep into contract source code, transaction history, and verification status with one click.

Technical Architecture:

Frontend: Next.js 14 with TypeScript, Tailwind CSS, and React Query for a responsive, modern interface

Blockchain Layer: Blockscout Autoscout explorer, Blockscout SDK, Wagmi, and Viem for comprehensive EVM integration

Analysis Engine: Custom pattern-matching algorithms combined with GPT-4 AI for vulnerability detection and explanation

Infrastructure: Deployed on Vercel with REST API integration to Blockscout services

Key Features:

Pattern-based vulnerability detection covering the most common smart contract security issues

Dynamic risk scoring with visual severity indicators

AI-generated security explanations in plain English

Real-time transaction monitoring and alerts via Blockscout SDK

Direct integration with Autoscout explorer for deep contract inspection

Support for all EVM-compatible chains supported by Blockscout

Impact: ChainGuard democratizes smart contract security by making sophisticated vulnerability detection accessible to all developers, not just security experts. By combining automated analysis with human-readable AI explanations and real-time monitoring, we help prevent the costly hacks that plague the industry while lowering the barrier to entry for secure blockchain development.

Future Vision: While this hackathon MVP focuses on core vulnerability detection and Blockscout integration, we envision expanding ChainGuard to include multi-chain dashboards, advanced ML-based detection, automated security reports, community vulnerability databases, and developer API access for integration into existing workflows.

Core Architecture:

ChainGuard is built as a modern full-stack web application using Next.js 14 with the App Router architecture, TypeScript for type safety, and Tailwind CSS for responsive styling. The application follows a clean separation of concerns with distinct layers for UI, API routes, blockchain integration, and security analysis.

Blockscout Integration (The Star of the Show):

1. Autoscout Explorer Deployment: We deployed our custom Blockscout instance via the Autoscout self-service platform (https://deploy.blockscout.com). The setup was surprisingly smooth - we configured it for Ethereum Sepolia testnet by providing the RPC URL, Chain ID, and instance name. Within 10 minutes, we had a fully functional explorer instance that became the backbone of our data infrastructure. This explorer handles contract verification, transaction indexing, and provides the REST APIs we consume for contract source code and transaction data.

2. Blockscout SDK Integration: The @blockscout/app-sdk package is integrated at the root level using their NotificationProvider wrapper. We use the useNotification hook throughout our dashboard to trigger real-time transaction toasts and history popups. The SDK was particularly elegant to implement - just wrap the app, call openTxToast(chainId, txHash), and users get beautiful, informative notifications without any custom UI work. This dramatically improved the UX by providing instant blockchain feedback without page refreshes.

3. MCP AI Pattern Implementation: Following Blockscout's Model Context Protocol approach, we built an AI analysis layer that interprets blockchain data contextually. We use OpenAI's GPT-4 via their API, with carefully crafted system prompts that position the model as a "smart contract security expert." The MCP pattern shines here - instead of raw API calls, we feed the AI structured blockchain context (contract name, detected vulnerabilities, source code snippets) and get back human-readable security assessments. This makes complex vulnerability explanations accessible to developers of all skill levels.

Security Analysis Engine:

The vulnerability detection is powered by a custom SecurityAnalyzer class that performs pattern-based analysis on Solidity source code. We implemented detection for five critical vulnerability types:

Reentrancy Detection: We scan for external calls using .call{value:} or .transfer() without corresponding nonReentrant modifiers or ReentrancyGuard imports.

Unchecked Call Returns: Using regex patterns, we identify .call() invocations and check if the subsequent 100 characters include require(success) or assert() checks.

Selfdestruct Usage: Direct string matching to flag any contract containing selfdestruct, which is inherently risky.

Delegatecall Risks: Pattern matching for delegatecall usage, which can be dangerous if not properly controlled.

tx.origin Authentication: Flags usage of tx.origin which is vulnerable to phishing attacks.

Each detected vulnerability is weighted by severity (CRITICAL=40 points, HIGH=25, MEDIUM=15, LOW=5) to calculate an overall risk score capped at 100.

Data Flow:

When a user analyzes a contract, we:

Fetch contract source code via Blockscout's REST API (/api/v2/addresses/{address}/contract)

Verify the contract is verified on-chain (reject if not)

Run pattern-based analysis on the source code

Calculate risk score based on detected vulnerabilities

Send vulnerability summary to GPT-4 for natural language explanation

Return comprehensive security report to frontend

Store contract in monitored list for real-time SDK alerts

API Route Architecture:

We use Next.js API routes for the backend logic. The /api/analyze endpoint handles POST requests with contract addresses, orchestrates the analysis pipeline, and returns JSON responses. This serverless architecture via Vercel makes deployment trivial and ensures scalability.

Technologies & Dependencies:

Frontend: Next.js 14, React 18, TypeScript 5, Tailwind CSS 3

Blockchain: Wagmi v2, Viem, @blockscout/app-sdk

AI: OpenAI GPT-4 API

State Management: @tanstack/react-query for async state

Icons: Lucide-react for consistent iconography

Deployment: Vercel for frontend, Autoscout for explorer