A browser extension, a TypeScript SDK, and an on-chain Safe guard that decode every approval, signature, and transaction before your wallet signs. Real code. Public tests. Transparent audit log. No "military grade" marketing — just the exact primitives Permit2 drainers rely on, reversed.
Shield intercepts every wallet RPC call in the page before MetaMask / Phantom / Unisat receive it.
It decodes EIP-712 Permit structs, 4-byte function selectors, nested multicalls and
Safe multiSends, then shows you what the transaction actually does in plain English.
When a dApp calls eth_signTypedData_v4, Shield decodes the struct and checks whether
it's a Permit, Permit2, or PermitForAll — the three off-chain patterns responsible for
$150M+ of drains in 2024.
If the signed domain doesn't match the page origin (a fake Uniswap domain trying to sign a real
Uniswap Permit), Shield shows a DOMAIN MISMATCH warning and requires you to type
APPROVE before continuing. No dark-pattern dismissal.
multicall(bytes[]), Multicall3 aggregate3, Safe multiSend. Risk bubbles up from inner calls.fake-uniswap.claim-xyz.io,
signature requests action on Uniswap. #1 phishing signal.
The same decoder powers a free consumer extension, a TypeScript SDK for wallets and exchanges, and an on-chain Solidity guard for multisig treasuries. Pick the layer that matches your threat model.
Install once. Protects you on every dApp, across every supported chain. Intercepts wallet RPC calls before MetaMask / Phantom / Unisat see them.
The same decoder, packaged for wallets, exchanges, and dApps to embed in their own apps. Your users get the decoder without installing anything.
A Solidity guard that blocks every Safe transaction whose calldata hasn't been pre-authorised by an out-of-band intent signer. The contract that would have stopped Bybit.
Not mock-ups of a future vision. These are the exact UI states the shipped extension produces today. Every screenshot is a self-contained HTML rendering — view source to verify nothing is fabricated.
Every URL you visit is checked against the signed dApp registry in the background. The extension icon gets a small badge that reflects the lookup result. No clicks required, no popup needed.
The moment a page loads, Shield checks the hostname against the signed threat registry (Ed25519 against a root key compiled into the extension binary). A match triggers a full-viewport red overlay that has to be dismissed manually. Did-you-mean hints suggest the real domain when the fake is a typosquat.
This is the showBlockOverlay() function in
extension/content.js. All registry updates are audit-logged — see the public audit log.
Ice-phishing works because approvals are invisible. You grant one, forget, and weeks later the
attacker drains you. Shield makes them visible forever. Every approve,
setApprovalForAll, and Permit signature you confirm is recorded locally with
enough metadata to revoke it in one tap.
The ledger is stored in chrome.storage.local on your device. Nothing is sent to
Zoza servers — see the data retention policy.
Tabs: Approvals / Clipboard / About.
A common drainer trick: wrap the real drain inside multicall(bytes[]) or
Multicall3 aggregate3. Your wallet shows a harmless wrapper name. The real damage
is in the inner calls.
Shield's decoder recursively walks wrapper patterns (depth capped at 3 to stop decode bombs) and surfaces every inner call in the modal. Risk bubbles up — if any inner call is critical, the whole wrapper is marked critical. Tested against mainnet examples.
0xac9650d8
Critical
0x095ea7b30xa22cb4650x23b872dd
When you copy any wallet address (EVM, Solana, Bitcoin, Tron), Shield hashes it with SHA-256
and stores the hash in chrome.storage.local with a 5-minute TTL. When a transaction
is about to go out, Shield re-hashes the destination address and compares.
A mismatch means the clipboard was rewritten between copy and send — classic ClipBanker / Laplas Clipper behaviour. The user sees a warning callout showing the actual prefix/suffix they originally copied vs what's about to be sent.
eth_sendTransaction to 0x742dAAAA…fA4aInsider trust is the weakest link in a centralised registry. If a Zoza employee approved a phishing site as "verified", how would you know?
Every change emits an Ed25519-signed entry with a hash chained over the previous entry + its
signature. The public audit verifier re-computes every
hash and verifies every signature in your browser using @noble/ed25519, against
the Shield root pubkey. Tamper = broken chain = red result.
The compromised UI shows one transaction. The hardware wallet signs another. Without this guard,
the Safe executes whatever calldata reaches it. With it, the guard's checkTransaction
hook fires before execution and checks every byte against pre-registered intents.
Operator signs an intent on an isolated machine: (to, value, dataHash, operation, expiry, nonce). The signing key lives on a separate Yubikey from the Safe cosigners.
Anyone relays registerIntent(). The contract verifies the signature, binds the intent to its discriminator, and stores (expiry, maxUses) in intents[hash].
Normal Safe TX. The guard's checkTransaction hook computes the discriminator, looks up discriminatorToIntent[disc]. Match → allow + consume. No match → revert.
keccak256(data) → different discriminator → discriminatorToIntent[disc] == 0 → IntentNotRegistered(). Revert. Bybit doesn't lose $1.46B.Each card shows how the attack works + which defense is shipped / partial / planned. No hand-waving. If the code doesn't exist yet, we say so.
Victim signs an EIP-712 Permit thinking it's a login. The signature grants the attacker contract unlimited USDC allowance for 30 days. No visible TX. Drainer bot executes in one block.
Decodes EIP-712 domain + primary type. Flags Permit, PermitSingle, PermitBatch, PermitForAll. Origin-mismatch check. Critical-risk modal with typed APPROVE ack.
Fake mint page calls setApprovalForAll(attacker, true). Looks like an "approval step" — no dollar amount shown. Weeks later attacker drains the whole collection.
Decodes the 4-byte selector, translates to plain English: "grants X the power to move ALL of your NFTs". Active-approval ledger keeps it visible forever until revoked.
Attacker sends dust from a vanity address matching first/last 4 chars. Victim copies from wallet history, pastes, doesn't verify middle bytes. Funds go to attacker.
Clipboard hash-compare catches copy/paste mismatch. Personal signed contact book (planned) will verify against explicitly-added addresses instead of wallet history.
Attacker typosquats a real project's airdrop domain. Uses rented drainer kit. User signs a chain of approvals disguised as "claim eligibility verification". Entire wallet drains live.
Signed dApp registry with Levenshtein typosquat detection. Unknown domain → red full-page block. Typo of a verified project (e.g. unlswap.org) → "This looks like 'Uniswap' but isn't".
Fake "Uniswap Support" DM after posting for help in the real server. Attacker builds rapport, sends a "validate wallet" link that leads to a drainer or seed-phrase phish.
Planned: Shield badge banner on Discord / Telegram DOM, linking real project team to their Zoza-verified identity. Impersonators can't forge the badge without the project's key.
Malware watches clipboard. When user copies a wallet address, silently replaces with an attacker address that shares first/last 4 chars. User pastes into MetaMask, sees matching prefix/suffix, sends.
Hashes the address on copy event, compares to tx destination on send. Mismatch → warning callout with the actual copied prefix/suffix so user sees the divergence.
Compromised Safe UI swaps displayed tx for malicious implementation-upgrade. Hardware wallet shows raw calldata hex. Signers blind-sign. Funds drain.
Two layers: the extension's plain-English calldata preview (shipped, tier 01). On-chain ZozaSafeGuard (tier 03) vetoes any calldata without a pre-registered signed intent. Code ready; pending external audit before treasury deploy.
Attacker compromises NPM account of a widely-used wallet-connect library. Pushes a malicious minor version. Every dApp using the library serves the drainer to every user.
Planned: SHA-384 integrity registry of wallet-connect libraries. Extension verifies loaded script hashes against expected values. Mismatch → block. Requires a crawl of top libraries and a publisher-adoption pipeline; queued for Shield v0.3.
| Chain | Drain share 2024 | Hooked providers | Status |
|---|---|---|---|
| EVM ETH, Polygon, Arbitrum, Optimism, Base, BSC, Avalanche |
~78% (Permit2 dominant) | window.ethereum + EIP-6963. eth_sendTransaction, eth_signTypedData_v4, personal_sign. Full EIP-712 Permit/Permit2/PermitForAll + multicall walker. |
Shipped |
| Solana Phantom, Solflare, Backpack, Glow |
~15% (Rainbow Drainer, Drainer.so) | window.solana + Wallet Standard. signTransaction, signAllTransactions, signAndSendTransaction, signMessage. Flags batch-drain pattern (≥5 txs in one confirm). |
Partial |
| Tron TronLink |
~4% (TRC-20 USDT approve drains) | tronWeb.trx.sign. Reuses EVM 4-byte decoder for TRC-20 calldata (identical ABI). Flags approve, transferFrom, unlimited allowance. |
Shipped |
| Bitcoin Xverse, Unisat, OKX, Leather |
~2% (clipboard + address poison) | Per-wallet adapters. PSBT decoder extracts outputs + amounts. Flags multi-output drainers + OP_RETURN (Ordinals / inscriptions). | Shipped |
| Sui / Aptos / Near / Cosmos / TON | ~1% combined | No provider hook yet. Clipboard guard + phishing URL registry still work (chain-agnostic). | Demand-driven |
Drop into your wallet / exchange before every user signs. No browser extension required for your users.
Every claim we make is independently verifiable. If you disagree with any of them, the bounty program pays you to prove it.
Every registry change (new verified dApp, new threat flag, key rotation) is appended to a hash-chained, Ed25519-signed log. Verify the chain in your browser using @noble/ed25519 against our published root key. Tamper = red.
Every month, a signed statement confirming Zoza has received no secret subpoenas, NSLs, or gag orders. If the canary goes silent for 35+ days or the signature stops verifying, infer the worst and act accordingly.
View current canary →Plain-English breakdown of exactly what Shield collects, what it doesn't, retention windows per category, and what a subpoena would (and would not) return. Every claim verifiable in source.
Read the policy →Find a silent bypass, a forged-audit-log case, an HSM-key extraction, or a signature-forgery path in the Safe Guard. Full scope, severity tiers, SLA and safe-harbour (CFAA, India's IT Act, DMCA) are binding today. Dollar amounts activate on first paying pilot; every confirmed report is paid retroactively at the tier it was assigned.
View scope →Vendors that pretend they have everything are lying. Here is every defense that doesn't have shipped code, and the specific blocker on each.
shield-sign-hsm (PKCS#11, cgo) is code-complete and builds. End-to-end signing ceremony waits on Yubikey 5 hardware + SoftHSM staging setup. ~2 hours of work once hardware arrives.ZozaSafeGuard.sol. Code + 18 Foundry tests ready; Trail of Bits / Spearbit engagement starts at $30-70K for ~1 week. Until audit completes, no real-treasury deployment.ZOZA_SHIELD_ADMIN_TOKEN env var and are off by default.multiSend, Multicall3, and standard multicall(bytes[]) all work today.Three ways to use Shield today. One decoder powers all three. Everything else on this page is backed by real code — click any link and verify.