A transparent look at the technology behind every scan — what we check, how we detect threats, and why your keys stay yours.
Every vulnerability type Sentinel actively scans for.
When you interact with a DeFi protocol, you often grant it unlimited access to a token. These approvals persist indefinitely — even after you stop using the protocol. A single compromised contract can drain your entire balance.
HIGH RISKContracts deployed specifically to steal funds. They often mimic legitimate protocols with nearly identical names or interfaces. Sentinel cross-references against a live threat database updated in real time.
CRITICALOff-chain signatures (Permit, EIP-712) that authorize token transfers without an on-chain approval step. Phishing sites collect these invisibly — one click and your tokens are gone.
CRITICALTiny amounts of tokens sent to your wallet to trace your activity. When you interact with these tokens — even to "clean" them — it can link your wallet to exchanges or other addresses.
MEDIUMFake sites requesting wallet signatures that appear harmless but encode malicious actions. MetaMask and other wallets display raw hex — most users approve without reading.
HIGH RISKUnsolicited tokens appear in your wallet. Interacting with them — selling, transferring, or even viewing on scam sites — triggers approval dialogs that grant the attacker access.
MEDIUMFive steps, executed in under 8 seconds.
Sentinel connects via a read-only RPC node. No wallet extension required, no transaction signing, no private key access. We query on-chain state only.
We fetch every ERC-20 approval event from your wallet's history across Ethereum, Arbitrum, Optimism, Base, and Polygon. Each spender contract is resolved and categorized.
Every contract address is checked against our threat intelligence feed — aggregated from Forta, GoPlus, and proprietary drainer tracking. Updated every 15 minutes.
Pattern analysis on your last 500 transactions. We flag dust inflows from known attack wallets, unusual MEV interactions, and signature replay patterns.
Results are scored by severity, grouped by type, and presented with one-click revoke actions. Nothing is stored — the report lives in your browser only.
Sentinel never requests signing permissions or transaction approvals. We use read-only RPC calls — the same type used by block explorers. There is no risk of fund loss from connecting.
Ethereum mainnet, Arbitrum One, Optimism, Base, and Polygon PoS. Additional chain support is in active development. If you need a specific chain, use the feedback link.
No. Scan results are computed client-side and displayed in your browser. We do not log wallet addresses, approval data, or transaction history. Nothing is sent to our servers beyond the address you enter.
Yes — but only with your explicit signature. When you click Revoke, we prepare a zero-approval transaction for you to sign in your wallet. We cannot broadcast anything without your confirmation.
After each major DeFi interaction, after using a new protocol for the first time, and at minimum once per month. Threat databases update continuously — a clean scan today may show new flags next week.
Prioritize by severity. Revoke CRITICAL and HIGH RISK items immediately. For dust attack vectors, do not interact with the flagged tokens. For signature phishing, revoke on-chain approvals and consider rotating to a new wallet if you signed a malicious permit.
Takes under 8 seconds. Free. No signup.
Run a Free Scan →