feat: Approval Risk Auditor agent (Bounty #5)

[597226617]

Bounty Submission

Related Issue: #5

---

Submission File

File Path: submissions/approval-risk-auditor.md

---

Agent Description

The Approval Risk Auditor is a DeFi security agent that scans Ethereum wallet addresses for risky ERC-20 token approvals across multiple EVM chains.

Key Features

• Multi-chain scanning: Supports Ethereum, BSC, Polygon, Arbitrum, Optimism, Base, Avalanche, Fantom, and Gnosis
• Comprehensive risk detection:
  • Unlimited (MAX_UINT256) allowances → critical
  • Stale approvals (not used in 6+ months of blocks) → medium
  • Suspicious unverified contract spenders → high
  • Non-zero allowances to unknown EOAs → low
• Revocation data: Generates valid approve(spender, 0) calldata for each approval
• Built with @lucid-dreams/agent-kit: Uses createAgentApp with Hono, Zod validation, and x402 payment middleware

Architecture

• Single entrypoint: audit - accepts { wallet, chains } input
• Dual scanning strategy: Batched JSON-RPC allowance checks + Etherscan API fallback
• Contract verification: Checks spender addresses for bytecode and known protocol status
• Type-safe: Full TypeScript with Zod input/output schemas

---

Live Deployment

Deployment URL: https://rpm-wonderful-eyes-ownership.trycloudflare.com

The agent is live and reachable via x402 protocol. Endpoints:

• GET /health - Health check → {"ok":true,"version":"1.0.0"}
• GET /.well-known/agent.json - Agent manifest (agent card with x402 payment config)
• POST /entrypoints/audit/invoke - Audit endpoint (x402 payment required)

---

Acceptance Criteria

• Matches Etherscan approval data for top tokens
• Identifies unlimited and stale approvals
• Provides valid revocation transaction data
• Deployed on a domain and reachable via x402
• Submission file added to submissions/ directory
• All tests passing (10 unit + mock integration tests)

---

Other Resources

• Code Directory: approval-risk-auditor/ (in this repo)
• Tech Stack: TypeScript, Bun, @lucid-dreams/agent-kit, Hono, Zod, viem
• Run locally: cd approval-risk-auditor && bun install && bun run src/index.ts
• Run tests: cd approval-risk-auditor && bun test

---

Solana Wallet

Wallet Address: 14XeLRYzRwyzwXGMDCdjoQmnUQHy5HdEfg6XwbpV7opp

---

Technical Details

The agent uses a two-pronged approach for approval detection:

1. Primary: Batched JSON-RPC calls to check allowance() on known popular tokens against known DEX/DeFi spender addresses per chain
2. Fallback: Etherscan-compatible API (tokenapprovalcheck endpoint) for comprehensive coverage

Risk analysis evaluates each approval for 5 categories:

• unlimited_allowance (critical) - MAX_UINT256 approvals
• stale_approval (medium) - Approvals older than ~6 months of blocks
• suspicious_contract (high) - Spending contracts not in known protocol lists
• unknown_spender (low) - Approvals granted to EOA addresses
• high_value_allowance (medium) - Any non-zero allowance amount

Revocation data is encoded as proper ERC-20 approve(spender, 0) transactions with correct function selector 0x095ea7b3 and ABI-encoded parameters.