RiskOracle

The Problem
In the first half of 2025 alone, more than $3.1 billion were lost to DeFi hacks and scams — a dramatic increase compared to the previous year. Most of these attacks began with something seemingly harmless: an approve() call or a contract interaction that users signed without fully understanding.
Today, users are often asked to trust opaque hexadecimal data with no clear way of knowing what a transaction will actually do until it’s too late.
What is RiskOracle?
RiskOracle is a real-time, AI-powered browser extension that works as a protective layer between your wallet and potentially harmful transactions.
It operates directly inside the browser by intercepting transaction requests from providers like MetaMask. From there, it decodes raw calldata into human-readable intent, analyzes it for threats using AI, and can optionally verify the result through Chainlink’s decentralized oracle network — all before any signature happens.
Unlike traditional tools that require users to manually inspect transactions in external dashboards, RiskOracle runs in parallel with the normal wallet flow. As soon as a dApp triggers a transaction, the extension activates automatically, without adding friction or extra steps.
How It Works
RiskOracle combines several technologies into a single real-time pipeline:

1. First, a high-performance Rust backend extracts and decompiles raw calldata almost instantly, transforming complex bytecode into readable function calls and parameters.
2. Then, the decoded data is analyzed to understand the real intent of the transaction — identifying patterns such as fund redirection, honeypots, reentrancy risks, unauthorized state changes, or proxy vulnerabilities.
3. Before running deeper analysis, users complete a privacy-preserving human verification step. This ensures backend resources are used by real users while protecting anonymity through zero-knowledge proofs.
4. Finally, for additional assurance, users can request a decentralized review. Multiple independent nodes analyze the transaction and reach consensus on its risk level, producing a tamper-resistant security assessment.

The result is presented as a simple traffic-light risk score — from low to critical — helping users make informed decisions before signing.
Key Differentiators
RiskOracle analyzes transactions before they are signed.

• It runs as a browser extension without interrupting the wallet workflow.
• It uses decentralized validation instead of relying on a single source.
• It includes human verification to prevent abuse while preserving privacy.
• It is built with a Rust-based core for fast, real-time processing.

RiskOracle helps users understand what they are about to sign — before they sign it.

RiskOracle is powered by a high-performance Rust backend that handles real-time transaction decoding, ABI retrieval, and overall system orchestration.
On the user side, it runs as a browser extension built with React and Vite, which integrates directly into the browser and listens to wallet interactions at the provider level — allowing it to detect transactions the moment they are triggered.

For deeper analysis, RiskOracle uses AI to interpret the decoded transaction data and identify potentially malicious behavior patterns.
Before this analysis is performed, users complete a privacy-preserving human verification step through World ID. This ensures that the system is accessed by real users without exposing any personal information.

For advanced trust, RiskOracle can escalate the process to a decentralized audit powered by Chainlink CRE. Since CRE was not originally designed to work with Rust, we developed a custom bridge that allows our Rust backend to interact with Chainlink’s infrastructure.

When this verification is requested, RiskOracle passes the transaction data into the Chainlink workflow, where multiple independent nodes analyze the contract and reach a consensus on its risk level.

The final result is securely captured and returned as a verifiable assessment, allowing users to rely on decentralized confirmation instead of a single source of analysis.

This approach brings decentralized oracle verification directly into a Rust-based security system — enabling real-time protection that wasn’t previously possible with existing tooling.