GitHub - heethjain21/olynthus: An open-source implementation of Arda's APIs for pre-transaction screening. Enables wallets and custody providers to perform pre-emptive transaction risk analysis, improving security and preventing fraudulent activity.

Arda - Risk Management for digital assets

Description

What is Safeguard (code name Olynthus)?

Olynthus is the codebase name for the project, Safeguard.
Safeguard is an open source project by Arda which can be used to provide transaction insights for your on chain activity in real time and help you safeguard against loosing out on the assets.

Why do we need Safeguard?

Let us assume a user wants to transfer 100 USD Coin to another address (X) via a web app / smart contract The web app / smart contract would generate a request which the user must confirm to proceed
If the web app /smart contract is trustworthy (source code is publicly available and is audited), we can be rest assured that it will indeed transfer 100 USD Coin to address X
But, if the web app / smart contract is malicious and the source code is not publicly available (like for most of the smart contracts available on the blockchain), it might show the request as transferring 100 USD Coin to X, but in reality, it might transfer all of our USD Coin to their own address (Y) and drain us of our tokens

How does Safeguard solve the above problem?

Safeguard will allow users to identify these types of risks by decoding the transaction request before confirming the transaction
If any suspicious / risky movements are observed in the transaction request, Safeguard will inform the user before confirming the transaction, so the user can decide if they really want to proceed or not!
Safeguard provides these analysis as APIs which wallets, and providers can integrate with. Here is a short demo from Arda's Metamask Snap (Wallet integrated with Safeguard APIs), which would warn the users about the risks involved:

Vision

Product - What more dimensions of the product we can look at?
Tech - What part of the tech can we improve?
Coverage - What more cases does the product should handle/cover (example: more chains)?

Setup

To set up this project on your local machine, please follow the instructions in the Setup Guide.

Contributing

We welcome contributions from anyone interested in improving this project. Please review the Contribution Guidelines before getting started.

Questions (FAQ)

Q. How are risks identified?

The following parameters are considered:

Web App / URL the transaction is taking place on,
- We maintain a dataset of malicious domains, and check if the url matches with the same
to address of the transaction
- We maintain a dataset of malicious counterparty, and check if theto address matches with the same
- We also categorize the transaction type based on the type of toaddress (Wallet/Contract/ERC-Token)
data input params of the transaction
- We decode to analyze what smart contract function is being called, and what arguments are passed to the function
Transaction simulation
- This is the final step of analysis, since if we miss to identify any risk from the above 3 steps, this step would take care of it!
- We run the transaction in a virtual environment, which give us the transaction event logs.
- Using the event logs, we can identify what would happen if the transaction was approved, i.e the aftermath of the transaction taking place

Transactions are classified into the following types:
- EOA_INTERACTION
- CONTRACT_CREATION
- CONTRACT_INTERACTION
- ERC20_TRANSFER
- ERC20_APPROVAL
- ERC20_INTERACTION
- ERC721_TRANSFER
- ERC721_APPROVAL
- ERC721_INTERACTION
- ERC1155_TRANSFER
- ERC1155_APPROVAL
- ERC1155_INTERACTION
- PERMIT2
Risks are classified into 3 types: HIGH, MEDIUM and LOW
- High
  - APPROVAL_ALL
  - LARGE_APPROVAL
  - LONG_APPROVAL
  - APPROVAL_TO_EOA
  - APPROVAL_TO_UNVERIFIED_CONTRACT
  - MALICIOUS_COUNTERPARTY
  - MALICIOUS_DOMAIN
  - INSECURE_DOMAIN
  - MALICIOUS_SEAPORT_SIGNATURE
  - TRANSFER_TO_BURN_ADDRESS
  - TRANSFER_TO_TOKEN_CONTRACT
- Medium
  - NEW_CONTRACT
  - UNVERIFIED_CONTRACT
  - SEAPORT_TOKEN_SALE
- Low (TODO)
  - TVL_PERCENT_CHANGE_24H
  - TOKEN_PRICE_DEPEGS

Issues

To create a new issue, please go through the Issue Guidelines. This is also mandatory first step for contributing to the project (every pull request is preceded by an issue)

Code of Conduct

Please review our Code of Conduct before contributing to this project. In brief, be nice. No harassment, trolling, or spamming.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.github		.github
.vscode		.vscode
dataset		dataset
docs		docs
src		src
.env.sample		.env.sample
.env.test.pipeline		.env.test.pipeline
.env.test.sample		.env.test.sample
.eslintignore		.eslintignore
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
.prettierignore		.prettierignore
.prettierrc		.prettierrc
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
ISSUES.md		ISSUES.md
LICENSE.md		LICENSE.md
README.md		README.md
SETUP.md		SETUP.md
docker-compose.yml		docker-compose.yml
jest-int.json		jest-int.json
main.ts		main.ts
ngrok-server.js		ngrok-server.js
package.json		package.json
tsconfig.json		tsconfig.json
yarn.lock		yarn.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Table of Contents

Description

What is Safeguard (code name Olynthus)?

Why do we need Safeguard?

How does Safeguard solve the above problem?

Vision

Setup

Contributing

Questions (FAQ)

Issues

Code of Conduct

Credits

Team

Dataset

License

About

Releases

Packages

Languages

License

heethjain21/olynthus

Folders and files

Latest commit

History

Repository files navigation

Table of Contents

Description

What is Safeguard (code name Olynthus)?

Why do we need Safeguard?

How does Safeguard solve the above problem?

Vision

Setup

Contributing

Questions (FAQ)

Issues

Code of Conduct

Credits

Team

Dataset

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages