SafeSend

Bringing PayPal-like consumer protection to on-chain stablecoin payments using fraud oracles and transparent smart contracts.

The Problem

Traditional payment systems on Web2 offer robust buyer protection and fraud detection, but can often come with high fees (ex: 2-3% per transaction) and centralized control. Meanwhile, Web3 payments offer low costs and transparency but lack consumer protection—once you send crypto, it's gone. Users are left choosing between safety and cost-efficiency.

SafeSend is a decentralized escrow platform built on Ethereum that combines the security of traditional payment processors with the low-cost transparency of blockchain technology. By using PYUSD (PayPal's regulated stablecoin) and a modular fraud oracle architecture, SafeSend enables:

Prototype built for the EthOnline 2025 hackathon.

Demo url: h (deployed on testnet)

SafeSend is built around three key partner technologies: PYUSD, Hardhat, and Blockscout.

PYUSD – PayPal's regulated stablecoin serves as the payment rail for all SafeSend escrow transactions. Because it's fully ERC-20 compatible and backed by real-world reserves, it provides the reliability and consumer confidence needed for escrow-based payments.

PYUSD Integration in SafeSend:

• Escrow Currency – All SafeSendContract deposits, releases, and refunds use PYUSD via ERC-20 transferFrom/transfer functions with 6 decimal precision
• Fraud Detection Amounts – SimpleFraudOracle validates transaction amounts in PYUSD units (default 5000 PYUSD max) to prevent suspicious large transfers
• Automatic Network Selection – SafeSend automatically uses Sepolia PYUSD (0xCaC...bB9) for testnet and Mainnet PYUSD (0x6c3...0e8) based on deployment

Hardhat – Used for contract development, deployment, and verification. Hardhat's comprehensive tooling environment made it possible to build a production-ready escrow system with modular oracle architecture.

Hardhat Integration in SafeSend:

• Oracle-Linked Deployment – Hardhat Ignition's SafeSendWithOracle module automatically deploys SimpleFraudOracle then passes its address to SafeSendContract's constructor
• Fraud Scenario Testing – Test suite validates blacklist checks, amount limits, same-address detection, and escrow state transitions using Hardhat's testing framework
• Production Deployment – yarn deploy:with-oracle script uses Hardhat to deploy both contracts to Sepolia/Mainnet and outputs addresses for frontend .env configuration

Blockscout – Integrated as both a transparency layer and developer tool using the official Blockscout SDK (@blockscout/app-sdk). Every SafeSend action (deposit, fraud attestation, refund, release) emits an event visible through Blockscout's explorer and SDK, making the entire fraud arbitration process publicly auditable.

Blockscout SDK Integration in SafeSend:

• Transaction Monitoring – useBlockscout hook wraps SDK to show toast notifications for every deposit/release/refund/markFraud transaction with real-time pending→success status updates
• Contract Transparency – My Escrows page and Escrow Details page include dedicated buttons that open Blockscout popups showing SafeSendContract transaction history filtered by escrow events
• Oracle Verification – Fraud oracle addresses are clickable links to Blockscout (eth-sepolia.blockscout.com) allowing users to verify SimpleFraudOracle contract code and flagging decisions

🛡️ Enterprise-Grade Fraud Protection at Blockchain Costs

• Real-time fraud detection during every transaction
• Automatic buyer refunds when fraud is detected
• No payment processing fees—just gas costs

🔄 Evolving Security Without Contract Redeployment

• Fraud detection algorithm lives in a separate, upgradeable oracle contract
• New fraud patterns can be detected by simply updating the oracle
• SafeSendContract remains immutable while security evolves
• Oracle maintained by specialized fraud detection authorities

💰 Cost-Effective Fraud Prevention

• One-time oracle consultation per escrow (~$0.50-2 in gas)
• Compare to: 2-3% fee on a $1,000 transaction = $20-30
• Significant cost reduction while maintaining security

⚖️ Transparent Trust Model

• Oracle address publicly viewable and verifiable
• All fraud decisions logged on-chain with reasons
• Users choose which oracle-enabled contracts to trust
• No black-box algorithms or arbitrary account freezes

How It Works

SafeSend uses a oracle pattern where the payment escrow contract (SafeSendContract) consults an external fraud detection oracle (ex: SimpleFraudOracle) through a standardized interface (IFraudOracle). This architectural separation enables:

1. Immutable Payment Logic - Core escrow contract never needs updates
2. Evolving Fraud Detection - Oracle can be upgraded as new threats emerge
3. Specialized Expertise - Fraud detection maintained by security specialists
4. User Choice - Different oracles for different risk tolerances
5. Cost Efficiency - Single oracle call replaces expensive off-chain verification

The oracle evaluates transactions against blacklists, amount limits, behavioral patterns, and manual flags—returning a simple pass/fail decision. Flagged transactions are automatically refunded, protecting buyers without manual dispute resolution.

Example contract transactions: h

SafeSend is designed for independent deployment—each service provider deploys their own SafeSendContract instance with their choice of fraud oracle. The public, auditable contract code ensures transparency while the separate oracle design allows upgrading fraud detection without redeploying the payment contract.

SafeSend combines on-chain logic, stablecoin security, and oracle-based fraud detection to create a protection system for consumer payments.

G