The Problem: Reactive Security & Idle Token Approvals

Every time a user interacts with a DeFi protocol, they sign a token approval allowing that contract to move their assets. Most users approve unlimited amounts and forget about them. When a protocol gets exploited, attackers use these legacy approvals to call transferFrom() and drain the user's funds in seconds—often at 3 AM.

Existing solutions are strictly reactive and manual:

• Tools like revoke.cash require the user to be online.

• The user must be aware of the exploit.

• The user must manually sign a transaction after the hack has already started.

• There is no proactive system that can autonomously monitor the blockchain, identify threats on contract deployment, and protect individual user wallets without waking them up.

The Solution: Miiso

Miiso is an autonomous, on-chain multi-agent security swarm that watches your DeFi positions 24/7.

It scans newly deployed contracts on Base, decompiles their bytecode, runs vulnerability assessments using Venice AI's uncensored reasoning models, and automatically revokes dangerous token approvals on behalf of the user using gasless execution—before an attacker can drain the wallet.

Built using MetaMask's smart account standards, users grant Miiso a single, strictly bounded permission:

• The ability to call approve(spender, 0).

The agent is mathematically restricted on-chain from ever transferring assets, swapping tokens, or touching the user's principal.

How it uses the Web3 Stack (The 6 Pillars)

MetaMask Smart Accounts Kit & EIP-7702

During onboarding:

• The user's standard EOA is dynamically upgraded to a smart account using EIP-7702.

• This enables delegating transaction execution to our security swarm while keeping the user's primary wallet address unchanged.

ERC-7715 Advanced Permissions

• The user signs a scoped permission statement (wallet_grantPermissions).

• The payload explicitly limits the agent to interacting only with our ApprovalRevocationEnforcer contract.

• A pre-configured monthly gas budget cap is enforced.

ERC-7710 Delegated Execution

• The permission is registered as an on-chain EIP-7710 delegation.

• When a threat is detected, the agent signs the revocation transaction alongside the delegation context.

• This proves its authority to reset the allowance on-chain.

Venice AI Reasoning Engine

Traditional AI APIs block analysis of exploit code due to safety filters.

We use Venice AI's uncensored models to run a 3-Pass Reasoning Chain:

• Pass 1: Vulnerability Detection

  • Identifies reentrancy, hidden drains, access control bugs.

• Pass 2: Exploit Simulation

  • Maps out step-by-step how an attacker would exploit the code.

• Pass 3: Confidence Critique

  • Self-evaluates findings to eliminate false positives.

1Shot Permissionless Relayer

• Revocation transactions are submitted through 1Shot's gas relayer.

• This abstracts gas fees entirely.

• The relayer executes transactions on-chain and recovers gas fees in USDC directly from the user's pre-approved budget.

x402 Micropayments Protocol

We implement x402 payments to settle:

• Venice AI inference costs in USDC on a per-token basis (~$0.00000038/token).

• 1Shot relayer execution fees ($0.01 USDC/revocation).

Additionally, we expose four payment-gated B2B API endpoints:

• Threat Intel

• Exploit Analysis

• Security Report

• Wallet Exposure

These endpoints require x402 USDC micropayments to query.

Key Features

7-Agent Swarm Coordination (A2A)

Powered by an asynchronous event bus (PostgreSQL LISTEN/NOTIFY), seven specialized agents coordinate, share structured state, and reach a weighted quorum before taking protective actions:

• Scout

• Intel

• Auditor

• Risk

• Coordinator

• Executor

• Reporter

Three-Tier Confidence Routing

Tier 1 (Confidence ≥ 85%)

• Immediate autonomous revocation.

Tier 2 (Confidence 70%-84%)

• Triggers an animated 60-second veto timer on the UI for manual cancellation.

Tier 3 (Confidence < 70%)

• Logged as an informational warning on the dashboard.

On-Chain Boundary Enforcement

The ApprovalRevocationEnforcer.sol contract acts as an immutable shield.

If the agent tries to perform any action other than resetting a spender's allowance to 0, the blockchain rejects the transaction.

Venice AI Narratives

• Natural language reports translate technical bytecode patterns into human-readable attack narratives.

• These narratives are presented directly on the dashboard.

Tech Stack

Frontend

• React 18

• Vite

• Framer Motion (for real-time Agent Swarm activity maps and animated veto rings)

• Tailwind CSS

• Lucide icons

Backend

• Node.js

• Fastify

• PostgreSQL (SSE channels + Event Bus)

• Drizzle ORM

• Viem

Web3 & AI

• MetaMask SDK / Smart Accounts Kit

• Heimdall-rs (Decompiler)

• Venice AI API

• 1Shot Relayer SDK

• x402 Protocol

Built During the Hackathon

We built Miiso completely from scratch during this hackathon timeline, moving from a blank repository to a fully functioning autonomous security network.

Here is what was accomplished:

Real-Time Bytecode Decompilation Engine

• Configured a parallel worker thread pool that fetches newly deployed contract bytecode on Base.

• Decompiles it into readable pseudo-Solidity via a local Rust-based Heimdall decompiler execution handler (src/daemon/heimdall.ts).

Multi-Agent Coordination & Swarm Logic

• Designed and implemented the core A2A orchestrator (src/agents/orchestrator.ts).

• Manages structured state transitions across Scout, Auditor, Risk, and Executor agent tasks.

Venice AI Integration & x402 Payments

• Integrated Venice AI's uncensored reasoning model API (src/daemon/veniceAnalyzer.ts) via SIWE authentication.

• Wired the x402 USDC micropayment client (src/payments/x402Client.ts) to pay for inference on a per-token basis.

MetaMask Smart Accounts & ERC-7715 Onboarding

• Built a custom frontend setup sequence (src/Setup.tsx and src/lib/metamask.ts).

• Guides users to sign EIP-7702 smart account authorizations.

• Requests scoped ERC-7715 token-approval-revocation permissions.

1Shot Gasless Execution & Enforcer

• Implemented EIP-7710 gasless revocation payloads using 1Shot Relayer APIs (src/daemon/revocationExecutor.ts).

• Verified on-chain against an active ApprovalRevocationEnforcer contract.

Premium Security Dashboard & Veto Timer

• Designed a glassmorphic dashboard interface featuring:

  • Real-time asset protection statistics

  • Live scan logs

  • An SVG-animated countdown circular ring (src/components/dashboard/VetoTimer.tsx)

• Provides a 60-second user veto countdown before automated execution.

Offline Threat Simulation Daemon

• Implemented a robust fallback block simulator (src/daemon/blockWatcher.ts).

• Triggers:

  • Mock contract deployments

  • Static vulnerability flags

  • Venice AI confidence routing loops

• Enables full demo functionality even when local blockchain forks (Anvil) are offline.

Fundraising Status

Miiso is currently bootstrapped and was developed entirely during this hackathon.

Current Stage

• Pre-seed / Bootstrapped

• Seeking grants, developer relations support, and ecosystem incubation opportunities.

Funding Goals

We are actively looking for ecosystem grants on Base and Ethereum Layer 2 networks to support:

• Smart contract audits

• Production contract deployments

• Security infrastructure expansion

• Continued development and ecosystem growth

Fundraising Status
Miiso is currently bootstrapped and was developed entirely during this hackathon.
Current Stage: Pre-seed / Bootstrapped (seeking grants, developer relations support, and ecosystem incubation).
Funding Goals: We are actively looking for ecosystem grants on Base and Ethereum Layer 2 networks to support audit costs, contract deployments