A self-custodial onchain firewall. The instant a verifiable threat hits, it auto-evacuates your funds — at rest in your wallet AND deposited in DeFi — to a vault only you control, inside the reaction window non-atomic hacks leave open. It turns the same EIP-7702 delegation attackers use to drain wallets into your defense. Live end-to-end on Robinhood Chain testnet: full GuardianModule + RulesEngine firewall, 90 tests, real Aave V3 exit fork-verified on Arbitrum One.
The solution. coincoin enforces protection at the account level via EIP-7702. A watcher reads real on-chain threat signals; when one fires inside the window, a bounded keeper exits your DeFi positions (exitAaveV3) and sweeps every token to a SafeVault only you can withdraw from. First tool to cover funds at rest AND in DeFi — Harpie's blind spot. 100% non-custodial (keeper can only send to your own vault; revocable in one tx). A proactive firewall (RulesEngineV1) also reverts malicious approvals before they land.
Live & verifiable. Full GuardianModule + RulesEngineV1 on Robinhood Chain testnet (chain 46630) — 0xd0d301…3b77 / 0xc20A9d…bc52. 90 tests pass (incl. a real Aave V3 fork on Arbitrum One). End-to-end rescue proven on-chain: idle funds and a deposited Aave position pulled to the user's vault, no human in the loop.
Everything here was built for this buildathon. Spec + threat model sourced live from Scam Sniffer and the Defimon/Defendor Telegram feeds. Contracts, test-first with Foundry (90 tests pass): GuardianModule — EIP-7702 delegate with a frozen vault (a leaked key can't redirect funds), bounded keeper, ERC-20 sweep + approval revocation, signed multi-keeper policy (EIP-712 / configureWithSig, gasless onboarding), exitAaveV3 to unwind funds deposited in DeFi before sweeping, and a local firewall (execute + RulesEngineV1) that reverts malicious approvals at the account level. SafeVault (owner-only). The Aave exit is fork-verified against the real Aave V3 Pool on Arbitrum One. Watcher (TypeScript/viem): Defimon-compatible alert schema, exposure registry, keeper client, orchestrator, and a real on-chain ChainThreatSource daemon reacting to live Drained logs. Live end-to-end on Robinhood Chain testnet (Arbitrum Orbit, 46630): GuardianModule 0xd0d301Aeaa7AA5Ced16C927030f131c9Cb083b77 + RulesEngineV1 0xc20A9d7D38B07a9C74A1fD87A2e25CA1973Cbc52. Full detection → Aave exit → evacuation run on-chain (Orbit gas + getLogs fixes). Initially deployed on Arbitrum Sepolia. Plus a presentation site on a custom brand kit (Vite/React/Tailwind), pitch + demo videos (Remotion), and a 4-day build-in-public thread on X (@dvb_fianso).
Not currently fundraising. Buildathon prototype, open to ecosystem grants and support to take it from a live demo to production.
