Sentinal

Sentinel is a DeFi security infrastructure that functions as a real-time immune system for decentralized liquidity. It protects liquidity providers and protocols from oracle manipulation, sandwich and front-running attacks, flash loan exploits, just-in-time (JIT) liquidity abuse, price impact manipulation, and cross-chain arbitrage across multiple blockchains.

What Sentinel Does • Continuously monitors cross-chain mempools, liquidity pools, and oracle feeds on Ethereum, Base, and Arbitrum. • Detects early indicators such as flash loans, gas spikes, abnormal swap sizes, oracle drift, mempool clustering, and cross-chain price inconsistencies. • Correlates multiple weak signals into high-confidence threats, instead of reacting to isolated events.

Autonomous Agent Architecture • Scout Agents observe real-time on-chain and mempool activity and emit normalized threat signals. • Validator Agents verify threats using multi-oracle price checks, TWAP comparisons, and cross-chain consistency analysis. • Risk Engine aggregates all signals within a sliding time window, applies adaptive thresholds(using Exponential Moving Average), and classifies threats into WATCH, ELEVATED, or CRITICAL tiers (in a hysteresis curve) • Executor Agents deterministically translate Risk Engine decisions into enforcement actions without implementing any risk logic themselves.

Protocol-Native Enforcement • Sentinel enforces defenses directly at the smart contract level using Uniswap v4 hooks: • Adaptive fee adjustments to deter extractive or manipulative behavior. • Oracle validation to reject swaps when price integrity is compromised. • Circuit breakers to temporarily pause pools during severe or correlated attack scenarios. • For cross-chain attacks, Sentinel coordinates defensive liquidity movements via LI.FI, ensuring protection even when exploits span multiple networks.

Security-as-a-Session (Key Innovation) • Users or protocols open a Yellow Network protection session by depositing funds once. • All agent coordination, threat detection, and decision-making happens off-chain via Yellow state channels. • Micro-fees (≈ 0.001–0.01 USDC per action) are deducted per protection event, not per transaction. • Hundreds or thousands of protection actions occur instantly and gas-free. • The entire session is finalized with a single on-chain settlement transaction, reducing costs by 60–95% compared to traditional security systems.

Verifiability & Trust Guarantees • All agents run inside Trusted Execution Environments (TEEs). • Remote attestations prove: • the exact code that executed, • that private keys never left secure enclaves, • and that decisions were not tampered with. • Yellow state channels maintain a cryptographically verifiable audit trail, which is committed on-chain at settlement.

Why Sentinel Matters • Existing DeFi defenses are static, reactive, or opaque. • Sentinel introduces adaptive, autonomous, and verifiable security that operates at protocol speed. • It transforms DeFi security from manual monitoring and post-mortem analysis into continuous, real-time protection.

Sentinel is not a trading bot, private mempool, or oracle aggregator. It is composable DeFi security infrastructure, designed to scale across chains and integrate natively with protocols to protect liquidity before losses occur.

Sentinel is built as a modular, agent-driven DeFi security system that combines off-chain intelligence with on-chain enforcement.

We implemented a network of autonomous agents (Scout, Validator, Risk Engine, Executor) written in TypeScript/Node.js. Scout agents continuously monitor cross-chain mempools, DEX liquidity, and oracle price feeds across Ethereum, Base, and Arbitrum. These raw signals are sent off-chain through Yellow Network’s Nitrolite state channels, enabling instant, gasless communication and coordination without exposing strategies to the public mempool.

Threat analysis is handled by a custom Risk Engine that correlates multiple weak signals (flash loans, gas spikes, oracle deviation, mempool clustering) inside a sliding time window using adaptive EMA thresholds and a hysteresis-based state machine (WATCH → ELEVATED → CRITICAL). This avoids false positives and prevents defense flapping during volatile markets.

When a threat reaches actionable severity, the Executor agent—running inside a Trusted Execution Environment (TEE) deterministically executes the Risk Engine’s decision. On-chain enforcement is done via a SentinelHook smart contract deployed on Uniswap v4, which supports dynamic fee adjustments, oracle validation, and temporary circuit breakers. All actions are time bound and auto expire to avoid permanent censorship.

Yellow Network is used as “security-as-a-session”: users deposit funds once, agents perform hundreds of protection actions off-chain with micro-fees deducted per action, and a single on-chain settlement finalizes balances and audit logs. Cross-chain responses are executed using LI.FI when liquidity must be moved defensively.

The result is a gas-efficient, verifiable, and adaptive DeFi security layer that operates at Web2 speeds while preserving Web3 trust guarantees.