The problem VigilBot.eth solves

🚨 The Problem: The Window of Vulnerability

Proxy patterns (UUPS, Transparent Proxies) are essential to DeFi. They let protocols upgrade their smart contracts. But they're also one of the most heavily exploited attack vectors in the ecosystem.

When a compromised admin or malicious governance proposal upgrades a proxy to a new implementation, the damage is instant. The gap between "an upgrade lands on-chain" and "a qualified human understands what the new code does" is currently measured in hours or days. In crypto, that means the funds are already gone.

Current tools fall short:

• Passive monitors (like Tenderly) only tell you that an upgrade happened. Analysis is still on humans
• Generic bots (like Forta) lack semantic understanding of never-before-seen code pushed during an upgrade
• Human auditors are precise but unscalable and asleep at 3 AM

🛡️ How Vigil Solves This

Vigil closes the window of vulnerability by combining the speed of a bot with the semantic understanding of a human auditor.

It is a fully autonomous AI agent that watches Ethereum proxy upgrades in real time. The moment an upgrade fires on Base mainnet, Vigil's pipeline runs automatically with no human in the loop:

1. Detects the EIP-1967

   Upgraded

   event and reads both old and new implementation addresses
2. Verifies the new contract on Sourcify. If unverified, runs bytecode similarity search across 27M+ contracts to flag possible clones of known exploits
3. Diffs storage layouts and ABIs, detects moved storage slots (the #1 cause of proxy exploits), removed functions, and sensitive additions like

   withdraw()

   or

   selfdestruct()

4. Scores severity:

   LOW

   /

   MEDIUM

   /

   HIGH

   /

   CRITICAL

   based on the diff
5. Analyses with GPT-4o, reads the full diff plus NatSpec documentation to produce a plain-English summary, technical explanation, and recommendation
6. Pays autonomously for off-chain intelligence via Apify X402 micropayments on Base, scraping news context about the protocol without any human approval or API key management
7. Publishes the complete alert (diff, AI analysis, block data) to a permanent Swarm feed indexed by block number, retrievable by anyone, forever, no centralized server
8. Delivers an instant Telegram alert with AI summary, Swarm permalink, and Basescan link
9. Writes reputation back to ENS:

   vigil.last-severity

   ,

   vigil.last-upgrade-at

   ,

   vigil.last-tx

   , and

   vigil.upgrade-count

   (auto-incremented) on the protocol's subname under

   vigilbot.eth

🎯 Who Can Use It

• DAOs & Protocol Teams: subscribe to Vigil's Swarm feed to build automated circuit breakers. If a critical dependency upgrades to a suspicious implementation, pause your own contracts before funds are drained
• Security Researchers & Whitehats: get instantaneous AI-filtered leads on potential exploits instead of manually parsing Etherscan diffs
• Other AI Agents: Vigil publishes its feed URL on ENS (

  agent.vigilbot.eth

  ) so agents can discover and subscribe programmatically, zero human configuration needed
• Everyday DeFi Users: benefit from a safer ecosystem where protocols react to malicious upgrades in seconds, not hours. The "revoke approval" banner in Vigil's dashboard lets users instantly revoke token approvals the moment a proxy they've interacted with upgrades to a suspicious implementation

🔧 Technical Stack

• Agent: TypeScript / Node.js, ethers v6, GPT-4o
• Sourcify: v2 API, verification, storage layout diff, ABI diff, NatSpec, bytecode similarity search across 27M+ contracts
• Apify: autonomous X402 micropayments on Base for news enrichment, agent pays per scrape, no human approval
• Swarm:

  @ethersphere/bee-js

  Mantaray manifest via

  bzz.limo

  ,

  NULL_STAMP

  gateway, permanent feed indexed by block number
• ENS: agent identity on

  vigilbot.eth

  (mainnet) and

  vigil.eth

  (Sepolia), ENSIP-11 multichain records, per-protocol reputation text records
• Frontend: Next.js 16, React 19, Tailwind v4, wagmi v2, viem, Recharts, Vercel AI SDK
• Telegram: real-time alert delivery with AI summary and Swarm permalink

Challenges we ran into

Building a real-time, cross-stack agent (RPC + AI + decentralized storage + payments) during a hackathon brought several unique hurdles:

1. LLM Context vs. Massive Smart Contracts

Modern DeFi protocols are huge. When a proxy upgrades, naively feeding the entire source code diff into GPT-4o blew up the context window or caused the model to miss critical changes buried in noise. We solved this by preprocessing the diff to extract only what matters: changed storage variables, modified external/public function selectors, ownership changes, and NatSpec documentation. By stripping unmodified library code and focusing strictly on deltas, we made the AI assessment both faster and significantly more accurate.

2. The Unverified Contract Race Condition

Vigil triggers the moment an

Upgraded

event lands on-chain. Sometimes the deployer hasn't verified the new implementation on Sourcify yet. Instead of dropping the alert, we implemented a retry mechanism. If verification returns 404, Vigil retries up to 2 times, 15 seconds apart (~30s total ceiling, demo-tuned to keep the booth pitch responsive), before falling back to bytecode similarity search across Sourcify's 27M+ contract database. This means even unverified contracts get meaningful analysis rather than a silent failure.

3. Swarm Manifest Path Resolution

Getting MantarayNode paths to resolve correctly via

bzz.limo

was the hardest integration of the hackathon. The

addFork

API required exact path formatting without leading slashes, and the difference between

uploadData

(which routes to the

/bytes/

endpoint) and

uploadFile

(which routes to

/bzz/

) caused hours of 404 debugging. We also had to switch from a three-manifest nested architecture to a single flat manifest after the nested approach consistently failed path resolution. Áron from the Swarm team helped us identify the root cause in person at the venue. Without that, we would have lost the entire Swarm integration.

4. Apify X402 Payment Signing

The

x402

npm package doesn't natively support Apify's exact payment scheme. It only handles ERC-20. After trying viem's

signPayment

, we discovered the only reliable path was using Apify's own

mcpc

CLI tool via Node.js

execSync

, then parsing the base64 signature from the CLI output line by line. The signature extraction itself was a debugging challenge. The CLI output includes metadata, MCP config snippets, and the actual signature, and we had to find the correct line by scanning for

PAYMENT-SIGNATURE header:

and taking the next line. Not obvious from any documentation.