ApprovalGuardian is an autonomous DeFi protection system that automatically detects protocol exploits and revokes dangerous token approvals before users lose funds.                                          

The problem it solves: every time you interact with a DeFi protocol you grant it an ERC-20 approval unlimited permission to spend your tokens. Most users forget these approvals exist. When a protocol gets exploited, attackers drain every approved wallet within seconds. By the time a human notices and manually revokes, the funds are gone.                

The system runs three Chainlink CRE workflows in sequence. The first is a cron-triggered scanner that continuously monitors registered wallets across Ethereum, Arbitrum, and Base for open approvals pointing to known threat contracts. The second watches for on-chain exploit signals specifically Paused and LargeDrain events emitted by monitored DeFi protocols. When one fires, every node in the Chainlink Decentralised Oracle Network independently queries DefiLlama for TVL data, checks the protocol's on-chain paused state, and computes a threat score. These scores are aggregated using Byzantine Fault Tolerant median consensus no single node can manipulate the result. If the consensus score crosses the user's configured sensitivity threshold, the third workflow executes: it finds every open approval to the threat contract, assembles a cryptographically signed RevocationReport, and submits it on-chain through the CRE Forwarder. The ApprovalGuardian smart contract verifies the DON's collective signature and calls guardianRevokeApproval on the token, zeroing the allowance directly.

CRE is not incidental to this project it is the only reason the project is possible. The BFT consensus prevents any single party from maliciously revoking legitimate approvals. The writeReport mechanism means no private key ever needs to sit on a server. The native EVM log trigger means threat detection happens at block speed, not on a polling delay. Without CRE, the system would either require trusting a centralised server to make revocation decisions which is itself a critical attack surface or require users to manually sign every revocation, defeating the entire purpose.

Users register their wallet with a sensitivity level (conservative, moderate, or aggressive), set their preferred scan schedule, and connect Telegram for alerts. From that point the system is fully autonomous: exploit fires, DON detects, consensus reached, approvals revoked, Telegram notification sent all without any user action.