Safety layer for autonomous DeFi agents.
Aegis
Safety layer for autonomous DeFi agents. | Website | Docs
AI agents trading on-chain have no way to tell a legitimate token from a honeypot. Aegis fixes that. It's an MCP server that any agent can plug into, backed by on-chain contracts that enforce the safety checks.
Before an agent swaps, Aegis scans the target contract, simulates the transaction, and returns a simple go/no-go. If the contract has a 99% sell tax or a hidden pause function, the agent never touches it.
Why this exists
We watched an agent lose its entire wallet to a honeypot token in under 30 seconds. The token looked fine on the surface - verified contract, decent liquidity, active trading. But buried in the code was a 99% sell tax and a hidden owner behind a fake renounceOwnership().
No agent framework had a way to catch this. So we built one.
How it works
Agent -> Aegis (scan + simulate + decide) -> Chain
- Agent connects to Aegis via MCP (one line of config)
- Before any swap/approve/transfer, agent calls
assess_risk - Aegis scans the contract source, simulates the tx, checks for honeypot patterns
- Returns ALLOW, WARN, or BLOCK with a risk score (0-100)
- On-chain: the AegisGateway contract enforces attestations before forwarding the transaction
Quick Start
# Add to Claude Code
claude mcp add aegis npx aegis-defi
# Or clone and try the demo
git clone https://github.com/StanleytheGoat/aegis
cd aegis && npm install
npx tsx demo/catch-honeypot.ts
The demo deploys a deliberately malicious token (99% sell tax, fake ownership renounce, hidden admin) and watches Aegis catch every red flag:
Aegis Risk Assessment
Risk Score: 100/100
Findings:
[CRITICAL] Fake Ownership Renounce
[CRITICAL] Asymmetric Buy/Sell Tax (99% sell)
[CRITICAL] Sell Pause Mechanism
[HIGH] Hidden Max Sell Amount
[HIGH] Hidden Admin Functions
Decision: BLOCK
Tools
MCP Server (TypeScript) - 6 tools available to any MCP-compatible agent:
| Tool | Purpose |
|---|---|
scan_contract |
Pattern matching against 165 known exploit types |
simulate_transaction |
Dry-run on a forked chain |
check_token |
Anti-honeypot checks (sellability, concentrated holdings) |
assess_risk |
All-in-one risk assessment with signed attestation |
trace_transaction |
Traces every internal call, scans each contract |
search_solodit |
Cross-references against 50K+ real audit findings |
Smart Contracts (Solidity) - deployed on Base mainnet:
| Contract | Address | Purpose |
|---|---|---|
| AegisGateway | `0x62c6...0fa3` | Safety wrapper for any DeFi interaction. Verifies attestations, checks risk scores. |
| AegisSafetyHook | `0xaEE5...40C0` | Uniswap v4 beforeSwap hook. Blocks swaps without valid safety attestation. |
Docs
- Agent Integration Guide - how to connect your agent
- Project Integration Guide - how to integrate Aegis into a product
- Flaunch Integration - safety checks for Flaunch memecoin trading
- ElizaOS Plugin - native Aegis actions for ElizaOS agents
- AgentKit Provider - Coinbase AgentKit ActionProvider for Aegis
- llms.txt - machine-readable description for agentic search
Security
Built following Ethereum security best practices (informed by ethskills):
- Signatures: Chain ID + contract address in all signed messages (no cross-chain replay). EIP-2 s-value malleability check. ecrecover validated against address(0).
- Fee math: Multiply before divide. Explicit overflow guards. Basis points (not percentages).
- Access control: OZ Ownable + ReentrancyGuard on Gateway. Immutable owner on Hook. Immutable fee recipient.
- Deployment: Safe Singleton Factory CREATE2 deployer. Source verified on Basescan. Ownership transferred to Safe multisig.
- Testing: 165 tests (42 contract + 123 TypeScript). Fork tests against real Base mainnet state.
Tests
npm test # TypeScript unit tests (123)
npm run test:contracts # Solidity contract tests (42)
npm run demo # Honeypot detection demo
Changelog
v0.5.0 (Current)
- Hook attestation support -
assess_risknow returns both gateway and hook attestations for Uniswap v4 protected pools - EVM address validation - all MCP tool inputs validate proper address format
- Expanded well-known contracts - Paraswap, Balancer Vault, CoW Protocol, Permit2, Uniswap V4 PoolManager
- SDK exports - attester and solodit modules now available for programmatic use
- Hardened fetching -
Tools (6)
scan_contractPerforms pattern matching against 165 known exploit types.simulate_transactionPerforms a dry-run of a transaction on a forked chain.check_tokenPerforms anti-honeypot checks including sellability and concentrated holdings.assess_riskProvides an all-in-one risk assessment with signed attestation.trace_transactionTraces every internal call and scans each contract involved.search_soloditCross-references against over 50,000 real audit findings.Configuration
{"mcpServers": {"aegis": {"command": "npx", "args": ["-y", "aegis-defi"]}}}