Safety layer for autonomous DeFi agents. | Website | Docs
AI agents trading on-chain have no way to tell a legitimate token from a honeypot. Aegis fixes that. It's an MCP server that any agent can plug into, backed by on-chain contracts that enforce the safety checks.
Before an agent swaps, Aegis scans the target contract, simulates the transaction, and returns a simple go/no-go. If the contract has a 99% sell tax or a hidden pause function, the agent never touches it.
We watched an agent lose its entire wallet to a honeypot token in under 30 seconds. The token looked fine on the surface - verified contract, decent liquidity, active trading. But buried in the code was a 99% sell tax and a hidden owner behind a fake renounceOwnership().
No agent framework had a way to catch this. So we built one.
Agent -> Aegis (scan + simulate + decide) -> Chain
- Agent connects to Aegis via MCP (one line of config)
- Before any swap/approve/transfer, agent calls
assess_risk - Aegis scans the contract source, simulates the tx, checks for honeypot patterns
- Returns ALLOW, WARN, or BLOCK with a risk score (0-100)
- On-chain: the AegisGateway contract enforces attestations before forwarding the transaction
# Add to Claude Code
claude mcp add aegis npx aegis-defi
# Or clone and try the demo
git clone https://github.com/StanleytheGoat/aegis
cd aegis && npm install
npx tsx demo/catch-honeypot.tsThe demo deploys a deliberately malicious token (99% sell tax, fake ownership renounce, hidden admin) and watches Aegis catch every red flag:
Aegis Risk Assessment
Risk Score: 100/100
Findings:
[CRITICAL] Fake Ownership Renounce
[CRITICAL] Asymmetric Buy/Sell Tax (99% sell)
[CRITICAL] Sell Pause Mechanism
[HIGH] Hidden Max Sell Amount
[HIGH] Hidden Admin Functions
Decision: BLOCK
MCP Server (TypeScript) - 6 tools available to any MCP-compatible agent:
| Tool | Purpose |
|---|---|
scan_contract |
Pattern matching against 165 known exploit types |
simulate_transaction |
Dry-run on a forked chain |
check_token |
Anti-honeypot checks (sellability, concentrated holdings) |
assess_risk |
All-in-one risk assessment with signed attestation |
trace_transaction |
Traces every internal call, scans each contract |
search_solodit |
Cross-references against 50K+ real audit findings |
Smart Contracts (Solidity) - deployed on Base mainnet:
| Contract | Address | Purpose |
|---|---|---|
| AegisGateway | 0x62c6...0fa3 |
Safety wrapper for any DeFi interaction. Verifies attestations, checks risk scores. |
| AegisSafetyHook | 0xaEE5...40C0 |
Uniswap v4 beforeSwap hook. Blocks swaps without valid safety attestation. |
- Agent Integration Guide - how to connect your agent
- Project Integration Guide - how to integrate Aegis into a product
- Flaunch Integration - safety checks for Flaunch memecoin trading
- ElizaOS Plugin - native Aegis actions for ElizaOS agents
- AgentKit Provider - Coinbase AgentKit ActionProvider for Aegis
- llms.txt - machine-readable description for agentic search
Built following Ethereum security best practices (informed by ethskills):
- Signatures: Chain ID + contract address in all signed messages (no cross-chain replay). EIP-2 s-value malleability check. ecrecover validated against address(0).
- Fee math: Multiply before divide. Explicit overflow guards. Basis points (not percentages).
- Access control: OZ Ownable + ReentrancyGuard on Gateway. Immutable owner on Hook. Immutable fee recipient.
- Deployment: Safe Singleton Factory CREATE2 deployer. Source verified on Basescan. Ownership transferred to Safe multisig.
- Testing: 165 tests (42 contract + 123 TypeScript). Fork tests against real Base mainnet state.
npm test # TypeScript unit tests (123)
npm run test:contracts # Solidity contract tests (42)
npm run demo # Honeypot detection demo- Hook attestation support -
assess_risknow returns both gateway and hook attestations for Uniswap v4 protected pools - EVM address validation - all MCP tool inputs validate proper address format
- Expanded well-known contracts - Paraswap, Balancer Vault, CoW Protocol, Permit2, Uniswap V4 PoolManager
- SDK exports - attester and solodit modules now available for programmatic use
- Hardened fetching - response.ok checks, 10s timeouts on all external requests
- Security headers and SEO files for landing page
- Solodit integration -
search_solodittool queries 50K+ real audit findings from Cyfrin, Sherlock, Code4rena, Trail of Bits, and others - Auto-enrichment -
assess_riskcross-references detected patterns against real audit findings whenSOLODIT_API_KEYis set - Opt-in API key model - each agent provisions their own Solodit key, no shared rate limits
- 165 exploit patterns across 25 categories (up from 22)
- Trace-level analysis -
trace_transactiontool follows every internal call and scans each contract
- 22 exploit patterns (up from 12) - metamorphic contracts, oracle manipulation, MEV sandwich
- Agent Skills - installable skill files for Claude Code
- Flaunch SDK integration - safety scanning for memecoin launches on Uniswap v4 pools
MIT