UTXO Security Core
The local engine that explains, never decides.
A pure-function analysis kernel that decodes wallet requests and classifies risk on-device. Every UTXO product that touches signatures inherits the same six-step pipeline.
01
Intercept
Wallet provider request enters the page — Guard's injected script wraps window.ethereum.request and posts a copy to the isolated-world content script. The original request keeps flowing untouched.
02
Decode
Security Core kernel parses the call: ABI selector (approve / setApprovalForAll / permit / transfer), typed-data primary type (PermitSingle / PermitBatch / EIP-712), or raw eth_sign payload. Pure functions, no I/O.
03
Classify
Risk signals are computed locally: unlimited allowance (≥ 2^160), collection-wide NFT approval, off-chain Permit signatures, raw-hash eth_sign, deep-subdomain or punycode domain, Levenshtein typosquat of a curated 50+ list.
04
Score
Weighted accumulator → 0-100 score with discrete bands: safe / low / medium / high / critical. Score and per-signal explanations are stored in chrome.storage.local, never sent off-device.
05
Surface
Popup renders the score and signals. High and critical events also trigger an in-page slide-down banner so users see the warning before clicking the wallet popup.
06
User confirms
Security Core never signs, never broadcasts, never blocks the request. The actual approval still happens in the user's wallet — Guard's role ends at the explanation.
PHISH_PATTERNKnown phishing patternDomain matches a curated regex list (metamask-*, *-claim.*, *-verify.*, etc.) that has been associated with active wallet drainers.
critical
TYPOSQUATLookalike domainDomain is within Levenshtein distance 1-2 of a legitimate dApp (uniswap.org, metamask.io, opensea.io, ledger.com, …). A single character difference is the most reliable drainer signal.
critical
APPROVE_UNLIMITEDUnlimited token approvalERC-20 approve(spender, amount) where amount ≥ 2^160. The spender can drain every coin you hold of that token at any time, forever, until you revoke.
critical
NFT_APPROVE_ALLCollection-wide NFT approvalsetApprovalForAll(operator, true). The operator can transfer ANY NFT you own in that collection. Common drainer technique.
critical
PERMIT_UNLIMITEDUnlimited Permit signatureEIP-2612 Permit with value ≥ 2^160. Off-chain approvals don't show up in wallet history but are equally powerful.
critical
RAW_SIGNeth_sign requesteth_sign signs an arbitrary hash. Modern dApps don't use it. Likely an attempt to disguise a transaction signature.
critical
PUNYCODEPunycode / IDN domainDomain uses internationalized characters that visually mimic Latin letters. Easy to spoof — verify spelling carefully.
high
HTTPNot HTTPSNever sign or connect a wallet on a plain HTTP page.
high
PERMITOff-chain PermitBounded value Permit signature. Legitimate when the dApp explains the allowance; suspicious otherwise.
medium
TYPED_DATAEIP-712 typed signatureStructured off-chain data. Make sure the rendered fields match what the dApp claims you're authorizing.
medium
TLDUncommon TLDTop-level domain is overrepresented in scams (.xyz, .click, .top, .monster). Not a guarantee — just a flag.
low
✓Reads requests in flight
✗Modifies them
✓Explains what you're signing
✗Decides for you
✓Stores activity locally
✗Sends anything to any server
✓Works with any wallet
✗Replaces your wallet
✓Surfaces risk to the user
✗Blocks transactions
✓Open analysis kernel
✗Custodies funds
Security Core is a single pure-function module at apps/guard-extension/src/shared/risk.ts. It exports tokenizers and analyzers for domains, calldata and typed data, and a weighted scoring function. The same module is consumed by:
Guard popup (React) — renders the score and signals on the active tab
Guard content script — runs analysis on every intercepted request, draws in-page banners
Guard service worker — aggregates the activity log, computes the per-tab badge count
Future UTXO Wallet — same kernel will gate its confirmation modals when released
