PulseProof

Problem Statement

PulseProof - Intelligent Smart Contract Security PlatformPulseProof is not just another wrapper or monitoring bot , it’s a self-learning, AI-powered Web3 security platform designed to actively protect user funds. By continuously analyzing smart contracts, detecting vulnerabilities, and generating verified exploit proofs (PoCs) in real time, PulseProof ensures DeFi protocols and Web3 projects stay ahead of attackers. Multiple contracts can be monitored simultaneously, safeguarding funds across entire ecosystems. Key DifferentiatorsNot Another Bot: PulseProof actively prevents user fund loss, instead of just sending alerts. Agentic Intelligence: Specialized AI agents orchestrate detection, PoC generation, and verification. Verified PoC Pipeline: Exploit proofs are automatically generated, tested, and validated on mainnet forks. Scalable Protection: Monitor dozens to hundreds of smart contracts simultaneously. Future-Ready: Extendable with custom vulnerability detectors, ML models, and multi-chain support.Core PurposeAdvanced Early Warning System: Continuously monitors smart contracts to detect suspicious activity and vulnerabilities. Actionable Insights: Provides verified PoCs and risk scores so developers can respond instantly. Scalable Monitoring: Track multiple contracts and protocols simultaneously, reducing attack surface across DeFi ecosystems.Architecture Frontend DashboardNext.js 15 with TypeScript and Tailwind CSSReal-time vulnerability dashboard with filtering and alertsInteractive PoC code viewer showing exploitation examplesContract management system for monitoring multiple addressesMulti-Agent Backend SystemBuilt with Fetch.ai uAgents framework:Master Orchestrator - Central coordinator providing REST APIEvent Analyzer - Processes blockchain events and detects patternsRisk Assessor - Advanced risk analysis using real-time data and MLSecurity Detection Monitors 10+ Vulnerability Types:Reentrancy attacks, flash loan exploits, oracle manipulationMEV bot activity, governance attacks, access control bypassesGas-based DoS, integer overflows, suspicious transaction patternsRisk Assessment Engine:Real-time financial impact analysis (USD values)Behavioral anomaly detectionAddress reputation scoringMulti-dimensional risk scoring (LOW → CRITICAL)

Solution

How PulseProof is Built - Technical Deep Dive🏗️Core ArchitectureFrontend - Next.js 15 DashboardFramework: Next.js 15 with App Router and TypeScript for type safetyUI Components: shadcn/ui with Radix UI primitives for accessibilityStyling: Tailwind CSS with custom design systemState Management: React hooks with local storage for contract managementReal-time Updates: WebSocket connections to backend agentsMulti-Agent Backend System - Fetch.ai IntegrationThe heart of PulseProof usesFetch.ai's uAgents frameworkto create a sophisticated multi-agent system:Master Orchestrator Agent(phase2_orchestrator.py)# Real agent communication using ctx.send_and_receive @orchestrator.on_rest_post("/analyze-events", EventAnalysisRequest, EventAnalysisResponse) async def analyze_events_endpoint(ctx: Context, request: EventAnalysisRequest): # Delegates to specialized agents using real communication event_analysis_result = await delegate_to_event_analyzer(ctx, request, request_id) risk_assessment_result = await delegate_to_risk_assessor(ctx, event_analysis_result, request_id)Event Analyzer Agent(phase2_event_analyzer.py)Pattern Detection: Advanced pattern recognition for 10+ vulnerability typesEvent Processing: UsesEnhancedEventProcessorfor blockchain event analysisReal Communication: Implements Fetch.ai'sctx.sendandctx.send_and_receivepatternsRisk Assessor Agent(phase2_risk_assessor.py)Enhanced Risk Engine:EnhancedRiskEnginewith real-time price dataFinancial Impact Analysis: Live USD calculations using CoinGecko APIReputation Checking: GoPlus Security API integration for address verification🔗Integration TechnologiesThe Graph Protocol & Substreamsevents_vec.push(CandidateEvent { transaction_hash: tx_hash.clone(), block_number, log_index, contract_address: contract_addr.clone(), event_signature: TRANSFER_TOPIC.to_string(), event_type: "Transfer".to_string(), metadata: format!("{{\"topics\":{:?},\"data\":\"{}\"}}",topics_vec, data_hex), });Benefits:Real-time Data: Instant access to blockchain events as they occurScalability: Handles high-throughput transaction monitoringReliability: Decentralized data availability without single points of failureRust-Powered Substream Processing// High-performance event extraction and processing events_vec.push(CandidateEvent { transaction_hash: tx_hash.clone(), block_number, log_index, contract_address: contract_addr.clone(), event_signature: TRANSFER_TOPIC.to_string(), event_type: "Transfer".to_string(), metadata: format!("{{\"topics\":{:?},\"data\":\"{}\"}}",topics_vec, data_hex), });Benefits:Performance: Rust's zero-cost abstractions enable processing millions of events per secondMemory Safety: Prevents common vulnerabilities while handling blockchain data at scaleParallel Processing: Rust's concurrency model allows simultaneous processing of multiple contract eventsLow Latency: Direct memory management reduces processing delays for real-time vulnerability detectionFilecoin Storage for PoCs// PoC storage and retrieval system const storeProofOfConcept = async (vulnerabilityData) => { const filecoinHash = await ipfs.add({ path: `poc-${vulnerabilityData.id}.sol`, content: vulnerabilityData.exploitCode }); return `https://gateway.pinata.cloud/ipfs/${filecoinHash}`; };Benefits:Decentralized Storage: Immutable PoC code storageCost Effective: Long-term storage without centralized infrastructureAccessibility: Global access to vulnerability examples🚀Particularly Hacky & Notable Solutions1. Real-time Agent Communication Patterns# Custom communication protocol between agents response, status = await ctx.send_and_receive( event_analyzer_address, analysis_request, reply_to=orchestrator.address, timeout_seconds=30 ) if status.delivered and status.acknowledged: # Process successful agent response return parse_agent_response(response)Why it's notable:We implemented synchronous communication between asynchronous agents, allowing complex workflows while maintaining real-time responsiveness.2. Enhanced Risk Scoring Algorithm# Multi-dimensional risk assessment def assess_comprehensive_risk(self, processed_event: ProcessedEvent) -> RiskAssessment: risk_components = { 'financial_impact': self._analyze_financial_impact(event), 'behavioral_anomalies': self._detect_behavioral_anomalies(event), 'reputation_risk': self._assess_reputation_risk(event), 'historical_context': self._analyze_historical_context(event) } # Weighted scoring with confidence factors overall_score = sum( component['score'] * Config.RISK_WEIGHTS[category] for category, component in risk_components.items() )Why it's hacky:We combine real-time blockchain data, external price APIs, and historical patterns into a single risk score, requiring complex data synchronization and caching strategies.3. Vulnerable Contract Testing Suite// Intentionally vulnerable contract for AI training contract VulnerableYieldFarm { // Multiple vulnerabilities embedded for testing function withdraw(uint256 amount) external { require(balances[msg.sender] >= amount, "Insufficient balance"); // Reentrancy vulnerability - external call before state update (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); balances[msg.sender] -= amount; // State update after external call } }Why it's notable:We created a comprehensive vulnerable contract suite that mimics real DeFi protocols, allowing our AI agents to train on realistic attack scenarios.4. State Channels Integration (@statechannels)// Browser-based wallet integration for instant deposits/withdrawals const channelManager = new ChannelManager({ provider: window.ethereum, rpc: process.env.NEXT_PUBLIC_RPC_URL }); const handleInstantDeposit = async (amount: string, exchange: string) => { const channel = await channelManager.openChannel(exchange); return await channel.deposit(amount); };Why it's hacky:We bridged state channels with our monitoring system, allowing users to interact with DeFi while simultaneously monitoring for vulnerabilities in real-time.📊Data Flow PipelineThe Graph Substreams → Raw Events → Master Orchestrator ↓ Event Analyzer (Pattern Detection) → Risk Assessor (Financial Impact) ↓ Enhanced Risk Engine → Real-time Dashboard → Filecoin PoC Storage🎯Key InnovationsMulti-Agent Security Analysis: First platform to use Fetch.ai agents for real-time vulnerability detectionHybrid Data Sources: Combining on-chain (The Graph) and off-chain (APIs) data for comprehensive analysisDecentralized PoC Storage: Using Filecoin for immutable vulnerability documentationReal-time State Channels: Instant transaction processing while maintaining security monitoring