Bastion protocol
Bastion Protocol is an autonomous threat detection agent deployed on Robinhood Chain (Arbitrum Orbit L2, Chain ID 46630). It monitors the mempool in real time, scores every block using an 8-element feature vector, runs a 4-state FSM (NORMAL→ELEVATED→TRIPPED→COOLDOWN), and writes hash-committed detection proofs on-chain before exploits confirm. 5,880 scan cycles. 24/7 on Railway. 2 smart contracts deployed. 11 Alchemy components. 5 exploit patterns detected. Telegram alerts. Zero-cost gas-sponsored attestations. DeFi lost $1.8B to exploits in 2025. Flash loans, oracle manipulation, reentrancy, rug pulls, and MEV sandwiches execute in seconds. Existing tools alert after funds are gone. Bastion detects before the transaction lands.
视频
技术栈
描述
Bastion Protocol is a 24/7 autonomous agent running on Railway that monitors Robinhood Chain (Arbitrum Orbit L2, Chain ID 46630) for DeFi exploits in real time. The agent runs a 15-second detection loop: it collects pending transactions via Alchemy WebSocket, recent blocks via Node RPC, large transfers via Transfers API, and token approvals via Token API. Each block is reduced to an 8-element canonical feature vector — swap count, oracle deviation percentage, reentrancy depth, liquidity change, gas anomaly, and temporal patterns — producing a deterministic 0-100 threat score.
The score feeds into a 4-state FSM with hysteresis: NORMAL (<40), ELEVATED (40-60), TRIPPED (61+), and COOLDOWN (5-minute decay after TRIPPED). This prevents false positive alert fatigue. When the FSM trips, the agent writes a hash-committed detection proof on-chain via DetectionRegistry.commitDetection(), making the finding permanently verifiable by any third party. Simultaneously, the threat signature is published to ThreatSignatureRegistry — a write-once shared intelligence contract that any protocol can query to check if a transaction matches a known attack pattern.
Two smart contracts are deployed on Robinhood Chain. DetectionRegistry (0x57C7f2F3051928E2cc7C871Bac590bF1d4BF4c8e) stores keccak256(pattern, severity, blockNumber, timestamp) proofs on-chain. ThreatSignatureRegistry (0x87E3D9fcfA4eff229A65d045A7C741E49b581187) is a write-once registry — once a threat signature is published, it cannot be modified or deleted, preventing censorship. Both contracts have no privileged roles, no upgradeable proxies, and no backdoors.
The agent uses 11 Alchemy products across the Robinhood/Arbitrum stack: Chain Deploy, Node RPC, WebSocket, Debug API, Token API, Transfers API, Smart Wallets, Gas Manager, Bundler API, Arbitrum Nitro, and Robinhood Faucet. All on-chain attestations are gas-sponsored — the protocol absorbs cost.
Currently at 5,880 scan cycles with 24+ hours continuous uptime. Detects 5 exploit patterns: flash loan attacks, oracle manipulation, reentrancy, rug pulls, and MEV sandwiches. Verification uses 2-of-3 consensus: deterministic rule engine + Gemini 2.5 Flash semantic analysis + on-chain oracle cross-reference.
Built solo during the Arbitrum Open House London Buildathon. No fundraising. Zero operating cost.