Miiso is an autonomous, on-chain security layer that uses Venice AI to analyze Base deployments and gaslessly revoke dangerous token approvals before hackers can drain your wallet.
Every time a user interacts with a Decentralized Finance (DeFi) protocol, they are forced to sign a token approval allowing a smart contract to move their assets. Because signing individual transactions for every interaction is tedious and expensive, the industry standard has become approving infinite amounts of tokens. Users sign these maximum approvals to save gas and time, and then immediately forget about them.
When a protocol gets exploited, attackers do not need to steal your private keys. They simply use those legacy, forgotten approvals to call transferFrom() and drain your funds in seconds. These exploits historically happen when the target demographic is asleep—often at 3 AM.
Existing solutions in the Web3 ecosystem are tragically reactive:
Tools like revoke.cash require the user to be awake, online, and actively monitoring their wallet.
The user must actively discover the exploit via social media platforms like Twitter or Discord.
The user must manually sign a revocation transaction and pay exorbitant gas fees while the network is highly congested by the attacker and other panicking users.
There is currently no proactive system that autonomously monitors the blockchain, intercepts threats on contract deployment, and protects individual wallets without waking the user up. Until now.
Miiso is an autonomous, on-chain security sentinel that watches your DeFi positions 24/7.
Operating entirely in the background, Miiso scans every single newly deployed contract on Base. Upon detection, it decompiles the bytecode in real-time and runs highly advanced vulnerability assessments using Venice AI's uncensored reasoning models. If a severe threat is detected, Miiso automatically revokes your dangerous token approvals via gasless execution. It neutralizes the vector before the attacker can even initiate a drain transaction.
Built on top of MetaMask's bleeding-edge smart account standards, users grant Miiso a single, mathematically bounded permission: The ability to call approve(spender, 0).
The agent is restricted on-chain from ever transferring assets, swapping tokens, or touching your principal. It cannot move your money; it can only build a wall around it.
We did not just build a simple monitoring bot; we built a completely frictionless security layer utilizing the absolute latest advancements in the Web3 infrastructure stack.
Security tools see poor adoption when they require users to migrate assets to a new wallet or manage new seed phrases. We eliminate this friction entirely. During onboarding, the user's standard Externally Owned Account (EOA) is dynamically upgraded to a smart account using EIP-7702. This enables complex delegated execution to our backend systems while keeping your primary wallet address perfectly unchanged.
True security requires absolute trustlessness. The user signs a highly scoped ERC-7715 permission statement (wallet_grantPermissions) that explicitly limits the agent to interacting only with our immutable ApprovalRevocationEnforcer smart contract. This permission is registered on-chain as an ERC-7710 delegation. When a threat hits the mempool, the agent signs the revocation transaction alongside the delegation context, mathematically proving its authority to reset the allowance without ever having the ability to touch user funds.
Traditional AI APIs physically cannot be used for security research—they trigger safety filters and refuse to respond the moment you ask them to analyze malicious exploit code. We utilize Venice AI's uncensored models to run a flawless 3-Pass Reasoning Chain on decompiled bytecode:
Pass 1: Vulnerability Detection: The model scans the raw decompiled output to identify reentrancy flaws, hidden drains, and missing access control guards.
Pass 2: Exploit Simulation: The model maps out, step-by-step, how an attacker would successfully exploit the vulnerabilities found.
Pass 3: Confidence Critique: The model self-evaluates its findings to mathematically eliminate false positives and assigns a final confidence score.
When seconds matter during an active exploit, you cannot afford a failed transaction because a user ran out of native ETH for gas. All revocation transactions generated by Miiso are instantly submitted through 1Shot's gas relayer network. This abstracts gas fees entirely. The relayer executes transactions on-chain in milliseconds and recovers micro-fees in USDC directly from the user's pre-approved budget, creating a true zero-ETH security architecture.
Because threats happen when you are away from your desk, Miiso syncs directly to your mobile device via our dedicated Telegram Bot API integration. This acts as a direct, real-time command line to your active node. You receive instant push notifications of threats as they are analyzed. For medium-confidence alerts, the bot generates an interactive 60-second veto window directly in your chat interface, allowing you to manually cancel an impending revocation with a single tap from anywhere in the world.
Miiso does not act blindly. Every analyzed contract is routed through a rigorous confidence pipeline:
Tier 1 (Confidence ≥ 85%): Immediate, autonomous revocation via the 1Shot relayer. The threat is neutralized instantly without user input.
Tier 2 (Confidence 70%-84%): Triggers an animated 60-second veto timer on the web dashboard and pushes an interactive alert to your Telegram for manual cancellation. If the timer expires, the revocation fires.
Tier 3 (Confidence < 70%): Logged as an informational warning on your dashboard for manual review, ensuring low-confidence signals do not disrupt your regular DeFi activities.
Instead of presenting users with raw hex codes and complex transaction traces that are impossible to read, Venice AI translates technical bytecode patterns into human-readable attack narratives. These highly descriptive summaries explain exactly how the contract could steal funds and are delivered beautifully to both your web dashboard and your Telegram app.
Our ApprovalRevocationEnforcer.sol contract acts as an impenetrable, mathematically verified shield. If the backend system or a compromised agent ever attempts to perform an action other than resetting a specific spender's allowance to 0, the blockchain categorically rejects the transaction at the consensus layer.
We implemented the x402 standard to power a thriving micro-economy:
Venice AI inference costs are settled dynamically in USDC on a per-token basis.
1Shot relayer execution fees are paid seamlessly via x402 ($0.01 USDC/revocation).
We expose four payment-gated B2B API endpoints (Threat Intel, Exploit Analysis, Security Report, Wallet Exposure) that require x402 USDC micropayments to query, opening up an entirely new revenue model for decentralized security intelligence.
Frontend
React 19 & Vite
Framer Motion (For real-time data visualization and animated UI states)
Tailwind CSS 4 & Lucide Icons
Zustand & TanStack Query for robust state management
Backend & Infrastructure
Node.js & Fastify
PostgreSQL (Real-time SSE channels and system state)
Drizzle ORM & pgvector
Viem & Heimdall-rs (For high-speed, parallel bytecode decompilation)
Web3 & AI Integrations
MetaMask Smart Accounts Kit (EIP-7702, ERC-7715, ERC-7710)
Venice AI API (Uncensored Threat Analysis)
1Shot Relayer SDK (USDC Gas Abstraction)
Telegram Bot API
x402 Micropayments Protocol
We engineered Miiso completely from scratch during the hackathon timeline, moving from an empty repository to a fully functioning autonomous security network deployed on Base Sepolia. Our focus was on seamlessly integrating bleeding-edge Web3 account abstraction with uncensored AI models, resulting in an end-to-end decentralized application.
Here is a detailed breakdown of what was accomplished and the core architecture files driving the system:
Implementation: backend/workers/heimdallWorker.ts & backend/src/daemon/blockWatcher.ts
Achievement: Configured a parallel worker thread pool that hooks into WebSocket RPC streams to fetch newly deployed contract bytecode the exact millisecond it hits the mempool.
Tech Stack: Node.js Worker Threads, Viem WSS, Rust-based Heimdall Decompiler.
Details: To avoid blocking the Node event loop, raw hex is offloaded to a local Rust binary handler that safely decompiles it into readable pseudo-Solidity, preparing it perfectly for Large Language Model consumption.
Implementation: backend/src/daemon/veniceAnalyzer.ts & backend/src/payments/x402Client.ts
Achievement: Integrated Venice AI’s uncensored reasoning model API utilizing a secure EIP-191 Sign-In with Ethereum (SIWE) authentication flow for payload delivery.
Tech Stack: Venice AI, x402 Protocol, ethers.js cryptography.
Details: We wired an automated x402 USDC micropayment client that intercepts HTTP 402 (Payment Required) codes and autonomously tops up the agent's balance to pay for inference on a strict per-token basis. This creates a fully self-sustaining threat analysis loop without requiring central API subscriptions.
Implementation: frontend/src/lib/metamask.ts, frontend/src/Setup.tsx, & frontend/src/hooks/usePermission.ts
Achievement: Built a custom, frictionless React onboarding sequence that abstracts away complex cryptography for the end user.
Tech Stack: MetaMask Smart Accounts Kit, React 19, Zustand.
Details: The frontend dynamically guides standard Externally Owned Account (EOA) users to sign EIP-7702 authorizations, upgrading them to a smart account under the hood without changing their public address. It then correctly requests and registers a mathematically scoped ERC-7715 permission explicitly limited to token approval revocation.
Implementation: backend/src/daemon/revocationExecutor.ts & contracts/src/ApprovalRevocationEnforcer.sol
Achievement: Implemented highly complex EIP-7710 gasless revocation payloads dispatched autonomously through the 1Shot Relayer APIs.
Tech Stack: 1Shot API, Solidity, Hardhat, Base Sepolia.
Details: When an AI threat scores above 85%, the backend signs a payload and sends it to the 1Shot Relayer network, eliminating the need for the user to hold native ETH for gas. Crucially, every single transaction is mathematically verified on-chain against our active ApprovalRevocationEnforcer contract to guarantee absolute boundary enforcement.
Implementation: backend/src/telegram/commands/link.ts, backend/src/telegram/commands/verify.ts, & backend/src/db/schema.ts
Achievement: Developed a dedicated Telegram Bot API integration linking the user’s active blockchain wallet directly to their mobile device via a secure cryptographic handshake.
Tech Stack: Telegraf (Node.js Telegram API), Neon Postgres.
Details: Engineered real-time push notifications and an interactive chat UI utilizing Telegram's Inline Keyboards. This allows users to intercept a Tier 2 (Medium Confidence) threat and manually veto an impending revocation with a single tap from their phone, from anywhere in the world.
Implementation: frontend/src/Dashboard.tsx, frontend/src/components/dashboard/VetoTimer.tsx, & backend/src/server/routes/sse.ts
Achievement: Designed a high-performance, glassmorphic dashboard interface powered by Server-Sent Events (SSE) for true zero-latency updates.
Tech Stack: Tailwind CSS 4, Framer Motion, Fastify SSE.
Details: The dashboard features live asset protection statistics, real-time threat feed logs, and an incredibly smooth SVG-animated countdown ring. This UI provides users exactly 60 seconds of interactive veto time before an automated execution fires.
Implementation: backend/src/daemon/blockWatcher.ts & backend/scripts/sprint1-e2e.ts
Achievement: Engineered a robust fallback block simulator to guarantee verifiable demonstrations.
Tech Stack: Viem test clients, local mocking patterns.
Details: This daemon artificially triggers mock contract deployments, injects static vulnerability flags, and forces Venice AI confidence routing loops. It enables full, end-to-end system validation and live demonstrations even in adverse network conditions where local blockchain forks (like Anvil) or public testnets experience downtime.
Miiso is currently fully bootstrapped and was conceptualized, architected, and developed entirely during the intense timeframe of this hackathon.
Pre-seed / Bootstrapped: Operating incredibly lean, proving core product-market fit and technical viability through this hackathon build.
Objectives: We are actively seeking strategic grants, developer relations support from our core stack providers, and ecosystem incubation opportunities to take this to Mainnet.
We are actively looking for ecosystem grants on Base and the wider Ethereum Layer 2 ecosystem to specifically support:
Smart Contract Audits: Securing the ApprovalRevocationEnforcer.sol logic via tier-1 audit firms before mainnet deployment.
Production Contract Deployments: Covering the initial deployment and liquidity bootstrapping costs for gas relayer paymasters on Mainnet.
Security Infrastructure Scaling: Upgrading our distributed Heimdall decompiler node network to handle massive, peak-bull-market block congestion.
Continued Ecosystem Growth: Marketing and integrating Miiso natively into major DeFi protocol frontends as an opt-in safety net.