Gleipnir

Gleipnir makes smart contract permission structures legible for everyone and every agent. Paste any Ethereum contract address to get a plain-English breakdown of who controls it, what they can do, every red flag, and a 0–100 permission risk score.

Over $630M+ was reported lost in DeFi in April 2026 alone. The biggest incidents — Drift ($285M), Kelp DAO ($292M) weren't code bugs. They were permission failures: compromised admin keys, removed timelocks, weak multisig thresholds. The code was audited. The permissions were the vulnerability.

Gleipnir extracts every privileged function from verified source code, resolves ownership chains through live on-chain reads (EOA → Gnosis Safe → Timelock → Governor), detects proxy patterns (EIP-1967, Transparent, UUPS), flags red flags (pause + drain combos, unprotected critical functions, missing timelocks), and shows blast radius context via DeFiLlama TVL data.

For humans, reports include Claude Haiku-powered plain-English explanations. For autonomous agents, a deterministic JSON API returns the same structured risk data with no LLM in the loop enabling pre-transaction permission checks before an agent interacts with any contract.

Gleipnir is a Next.js 15 app (TypeScript, Tailwind v4) deployed on Railway. The primary blockchain data source is Blockscout's open-source API no API key required. Etherscan serves as a fallback for source code retrieval. Ownership chain resolution uses Alchemy RPC for live on-chain reads: calling owner(), getOwners(), getThreshold(), getMinDelay(), and reading EIP-1967 proxy storage slots directly.

The permission extractor is a scope-aware Solidity parser (~690 lines) that distinguishes between contract implementations, interface declarations, and library helpers. It filters standard ERC-20/721/1155 user functions (approve, transfer, transferFrom) from real admin surfaces, detects Aragon-style auth() access control, and handles one-time initializer guards.

This was the hardest engineering challenge early versions produced severe false positives that made Aave look catastrophically broken.

Claude Haiku generates the top summary paragraph and function-level plain-English descriptions on report pages. It narrates deterministic facts it cannot change callers, categories, scores, or red flags. The API endpoint (/api/v1/check) skips LLM entirely for fully deterministic agent-queryable output.

DeFiLlama's free public API provides blast radius context showing which protocols and how much TVL could be affected if a contract's permissions are abused.

The entire project was built from scratch during the Open Agents hackathon using my OpenClaw AI agent (Thor) and me.