ChainGuard

ChainGuard is an automated, end-to-end security pipeline that monitors Ethereum for newly deployed smart contracts (specifically Uniswap V3/V4 pool creations), detects malicious patterns like honeypots, rug pulls, and backdoors, mathematically proves vulnerabilities by generating and running real exploits, and writes immutable risk verdicts on-chain through Chainlink CRE.
The Problem
Hundreds of new tokens and Uniswap hooks deploy on Ethereum every day. Many are honeypots, rug pulls, or backdoored contracts. By the time a human auditor reviews them, users have already lost funds. There is no automated system that goes from detection to mathematical proof to on-chain reporting in a single pipeline.
How It Works (7-Stage Pipeline)

1. EVM Sentry -- Listens for Uniswap V3 PoolCreated and V4 Initialize events in real-time (12-second polling, backlogs ~7 hours on startup). Fetches verified source code from Etherscan. Skips known-safe tokens (WETH, USDC, USDT, etc.).
2. Golden Bridge -- Values each contract in USD using Chainlink ETH/USD Price Feeds. Calculates total exposure including LP tokens, vaults, and DeFi deposits. Filters out contracts worth less than $100.
3. Static Scanner -- Runs deterministic regex patterns over Solidity source code. Detects selfdestruct, uncapped-mint, transfer-whitelist, extreme sell-tax (>90%), delegatecall backdoors, tx.origin auth, and more. HIGH findings trigger an instant verdict with no AI needed.
4. Gemini 2.0 Flash AI -- Only triggered when regex finds nothing critical. The AI reasons over the full source code and outputs a risk score (0-100) plus a vulnerability label.
5. Exploit Generation (Two-Tier):
   a. Tier 1 (Batch Runner): Matches vulnerability flags to proven Foundry templates. Gemini adapts the template for the new target contract. Runs forge test on a mainnet fork -- confirmed or escalated.
   b. Tier 2 (Antigravity Agent): Handles novel vectors with no existing template. Writes Exploit.t.sol from scratch, iterates until forge test passes, then saves the proven exploit as a new template for future batch runs. This makes the system self-improving.
6. Chainlink CRE Workflow -- HTTP-triggered workflow calls the Risk API, achieves DON consensus via consensusIdenticalAggregation, encodes the risk report as ABI data, signs with ECDSA/keccak256, and writes to the RiskRegistry contract on Sepolia (if score >= 70).
7. Dashboard -- React + Vite UI with real-time SSE alerts, statistics (contracts analyzed, threats detected, value protected), pipeline status monitoring, and a manual analysis panel for on-demand contract scanning.

Key Properties:
Zero false positives -- every flagged contract has a mathematically proven exploit via Foundry mainnet fork tests
Determinism first -- regex runs before AI; HIGH pattern matches are certainties
Self-improving -- novel exploits become reusable templates, making future detection faster
Fully automated -- from detection to proof to on-chain reporting, zero manual steps

Backend (Python 3.9+): web3.py for Ethereum interaction, Flask for the dashboard API, Slither for optional static analysis, custom regex engine for deterministic scanning, Google Gemini 2.0 Flash for AI-driven vulnerability analysis and exploit generation.
Smart Contracts (Solidity ^0.8.20): RiskRegistry.sol deployed on Sepolia (stores score, vulnerability label, timestamp, reporter; emits RiskReported events; tracks flagged contracts with score >= 70). Foundry for testing and mainnet fork exploit simulation.
CRE Integration (TypeScript/Bun): @chainlink/cre-sdk for workflow orchestration, Viem for EVM interactions, HTTP trigger + DON consensus + on-chain write pipeline.
Frontend (React 18 + TypeScript + Vite): Real-time SSE updates, Lucide React icons, responsive dashboard with alerts table, stats bar, pipeline status, and manual analyze panel.
Infrastructure: Alchemy RPC for mainnet forking, Etherscan API for source code fetching, Binance/Chainlink for price data.