// FULL FEATURE ARSENAL
Every Weapon in the
Web3 Security Stack
The decentralized ecosystem does not have guardrails. Every protocol you interact with, every approval you sign, every contract you call is a potential attack surface. SHIELD CryptoGuard closes those surfaces — one by one — in real time, before your wallet commits to anything.
// 01 — PHISHING & DOMAIN ATTACK PREVENTION
FEATURE 01
CRITICAL DEFENSE
REAL-TIME PHISHING DETECTION
Every URL you navigate to is evaluated before your browser renders the page. SHIELD checks domain age, SSL certificate provenance, and known-bad infrastructure fingerprints. Fake MetaMask, Uniswap, OpenSea, Ledger Live, and 300+ protocol UIs are blocked before a single pixel loads. If it is on the blacklist, it never reaches your screen.
FEATURE 02
CRITICAL DEFENSE
IDN HOMOGRAPH INTERCEPTION
Attackers register domains using Unicode characters that are visually identical to Latin letters —
uniswаp.org with a Cyrillic 'а' looks exactly like the real thing in your browser bar. SHIELD normalizes every domain string to its ASCII representation and runs similarity scoring against 300+ legitimate DeFi protocol domains before any wallet interaction is permitted.FEATURE 03
HIGH DEFENSE
SUBDOMAIN HIJACK DETECTION
Sophisticated attackers don't always register fake domains — they compromise legitimate subdomains or abuse DNS wildcard records to serve phishing pages under trusted parent domains. SHIELD evaluates the full domain chain, not just the apex, and flags subdomain-level anomalies that would bypass conventional blocklist tools entirely.
// 02 — SMART CONTRACT THREAT ANALYSIS
FEATURE 04
CRITICAL DEFENSE
HONEYPOT CONTRACT SIMULATOR
Before you buy any token, SHIELD dispatches the contract address to an on-chain simulation layer that executes a test sell transaction against the bytecode without broadcasting it to the network. If the simulation reverts — due to hidden whitelist modifiers, owner-controlled tax toggles, or dynamic revert conditions — you receive a CRITICAL alert before a single wei leaves your wallet. Honeypots that have never been publicly reported are caught by behavioral simulation, not just signature matching.
FEATURE 05
CRITICAL DEFENSE
RUGPULL RISK SCORING
SHIELD analyzes the on-chain fingerprint of every contract you interact with for rugpull mechanics: liquidity lock expiry timers, admin key concentration, upgradeable proxy patterns without timelock governance, team allocation wallets holding >30% supply with no vesting schedule, and deployer wallet histories showing prior flagged launches. Each factor contributes to a composite risk score displayed before you commit capital.
FEATURE 06
HIGH DEFENSE
UNVERIFIED BYTECODE FLAGGING
Smart contracts whose source code has not been verified on a public block explorer are fundamentally unauditable by the community. SHIELD surfaces this status immediately for any contract requesting custody of your funds, token approvals, or NFT minting authority — giving you the information to decide whether to trust a black-box contract with your assets.
FEATURE 07
MEDIUM DEFENSE
HIGH-TAX TOKEN DETECTION
Tokens with buy/sell taxes above 10% are flagged before you swap. SHIELD retrieves the effective tax rate from on-chain simulation — not from the project's marketing materials, which frequently misrepresent actual fees. Taxes above 25% are classified as HIGH risk; taxes implementing owner-adjustable rates with no upper bound cap are flagged as potential slow-drain mechanics regardless of current rate.
FEATURE 08
HIGH DEFENSE
AI CONTRACT RISK SCORE (0–100)
Every contract receives a composite risk score from 0 (clean) to 100 (confirmed malicious), calculated by SHIELD's classification AI across eight independent threat vectors. The score is not a single API lookup — it is a weighted multi-factor verdict that accounts for bytecode heuristics, deployer behavior, liquidity profile, ownership structure, and cross-chain reputation. Score 0–25: safe to interact. Score 26–60: proceed with caution. Score 61–100: do not interact.
SCORE BREAKDOWN — EXAMPLE CONTRACT
Source verified
✓ PASS
Sell simulation
✓ PASS
Liquidity lock
⚠ 6 DAYS
Admin key renounced
✓ YES
Deployer history
✓ CLEAN
COMPOSITE RISK SCORE
18 / 100
// 03 — APPROVAL INTERCEPTION & TRANSACTION FIREWALL
FEATURE 09
CRITICAL DEFENSE
INFINITE APPROVAL BLOCKER
The single most common wallet drain vector in DeFi. When any contract requests
type(uint256).max spend approval on your ERC-20 tokens, SHIELD intercepts the transaction before your wallet signs it — decodes the spender address, token, and amount — and presents you with an explicit warning. You are offered the option to approve only the exact transaction amount required, eliminating permanent unlimited spend authorization.FEATURE 10
CRITICAL DEFENSE
PERMIT2 & EIP-712 SIGNATURE DECODER
Modern drainer attacks increasingly use gasless off-chain signatures — Permit2, EIP-712 typed data, and
eth_signTypedData — rather than on-chain approval transactions, specifically because they bypass conventional security tools that only monitor approve() calls. SHIELD decodes every signature request your wallet receives, displays the full permission structure in plain language, and flags any off-chain approval that grants token spend authority to an unknown or risky address.FEATURE 11
HIGH DEFENSE
SETAPPROVALFORALL INTERCEPTOR
setApprovalForAll is the NFT equivalent of an infinite ERC-20 approval — it grants a contract unrestricted access to your entire NFT collection in a single transaction. This is the primary mechanism behind NFT wallet drains that have cost the community hundreds of millions of dollars. SHIELD flags every setApprovalForAll call, evaluates the operator address against the threat database, and recommends denial for unverified operators.// 04 — WALLET SECURITY & ADDRESS INTELLIGENCE
FEATURE 12
MEDIUM DEFENSE
ADDRESS POISONING DETECTION
Attackers send zero-value transactions from vanity addresses matching the first and last characters of addresses you've transacted with — contaminating your history so you copy-paste the attacker's address instead of the real recipient. SHIELD monitors address similarity patterns in your active transaction context and alerts you before any outbound transfer when a destination address resembles a known poisoning wallet.
FEATURE 13
CRITICAL DEFENSE
MALICIOUS AIRDROP SCANNER
Unknown tokens appearing in your wallet with no prior interaction history are flagged automatically. These are almost always drainer lures — designed to appear as high-value unclaimed rewards — that redirect you to a phishing contract when you attempt to sell or claim them. SHIELD cross-references token metadata, linked domains, and deployer history to classify airdrop tokens before you make any interaction.
FEATURE 14
INFORMATIONAL
WALLET ADDRESS VERIFICATION
Before any significant outbound transfer, SHIELD verifies the destination wallet against its known-bad address database — covering confirmed drainer EOAs, flagged deployer wallets, sanctioned addresses, and addresses associated with documented theft events. Clean addresses are confirmed. Flagged addresses trigger an alert with the specific reason for the flag before you broadcast the transaction.
// 05 — LIVE THREAT INTELLIGENCE ENGINE
FEATURE 15
AI ENGINE
OVER-THE-AIR BLACKLIST UPDATES
SHIELD's threat database is not a static file updated through Chrome Web Store releases. It is a living intelligence feed that propagates new threat entries to every active extension instance within hours of detection — via a signed, encrypted over-the-air pull from SHIELD's backend. New phishing domains, newly flagged contract addresses, and newly identified deployer EOAs reach your browser automatically, with zero action required from you. The gap between a new attack going live and SHIELD detecting it is measured in hours — not days or weeks.
FEATURE 16
AI ENGINE
BEHAVIORAL HEURISTIC DETECTION
SHIELD does not only match known threats — it detects unknown threats by behavioral pattern. A contract that has never been explicitly flagged can still receive a high-risk score if its bytecode exhibits structural similarities to known drainer families, if its deployer wallet has a history of short-lived token deployments, or if its liquidity profile matches the early-stage fingerprint of historical rugpulls. This proactive layer catches zero-day attacks before community reports surface them in public databases.
// THREAT COVERAGE MATRIX
THREAT TYPE
DETECTION METHOD
FREE
PRO
Phishing sites
CRITICAL
CRITICAL
Domain blacklist + AI similarity scoring
✓
✓
IDN homograph
CRITICAL
CRITICAL
Unicode normalization + edit-distance scoring
✓
✓
Honeypot tokens
CRITICAL
CRITICAL
On-chain sell simulation
✓
✓
Infinite approvals
CRITICAL
CRITICAL
Transaction parameter decoding
✓
✓
Rugpull contracts
HIGH
HIGH
Liquidity + deployer + proxy analysis
✓
✓
Malicious airdrops
HIGH
HIGH
Token metadata + domain correlation
✓
✓
Address poisoning
MEDIUM
MEDIUM
Vanity address similarity detection
✓
✓
Permit2 / EIP-712
CRITICAL
CRITICAL
Off-chain signature decoding
—
PRO
SetApprovalForAll
CRITICAL
CRITICAL
NFT operator address screening
—
PRO
AI risk scoring
FULL ANALYSIS
FULL ANALYSIS
8-vector composite AI score (0–100)
—
PRO
Behavioral heuristics
AI ENGINE
AI ENGINE
Zero-day pattern classification
—
PRO
High-tax tokens
MEDIUM
MEDIUM
On-chain tax simulation
—
PRO
16 Active Shields.
One Extension.
One Extension.
In Web3, the difference between a safe transaction and an empty wallet is measured in milliseconds and information. SHIELD gives you both.