INTRODUCTION

What is SentinelGuard?

An autonomous exploit detection and circuit-breaker layer for Solana DeFi — built to act in under one slot.

The Problem

Every major DeFi exploit follows the same pattern. A flash loan is initiated, TVL drops across 2-3 transactions, and by the time the protocol team coordinates a manual pause, funds are already bridged out. The average response window is 4-22 minutes. SentinelGuard closes that window to under 400ms.

T+0s

🔴 "Attack begins"

T+8s

🔴 "Vault drained"

T+4min

🟡 "Team sees Twitter alert"

T+18min

🟡 "Multisig submitted"

T+22min

⚫ "Funds bridged — too late"

22 minutes. $0 recovered.

How SentinelGuard Fixes It

Sub-slot Detection

Watches every transaction via Geyser gRPC stream. Three detection rules score each slot in real time.

Automated On-chain Pause

When severity exceeds threshold, pause_withdrawals fires on-chain within the same slot. No human needed.

Public Threat Feed

Open WebSocket feed streams live alerts. No API key. Any wallet or aggregator can consume it.

3-line Integration

Protocols add SentinelGuard via npm SDK. No smart contract rewrite required.

Architecture at a Glance

SentinelGuard turns raw Solana transaction data into threat scoring, automated defense, and public alert distribution through a single low-latency pipeline.

SentinelGuard Architecture Pipeline

From raw slot activity to automated defense and public distribution.

LIVE

Helius Geyser gRPC

Raw Solana transaction stream
Real-time slot monitoring

<400MS

Rust Watcher Engine

Low-latency detection engine
Flash loan detection
TVL velocity monitoring
Bridge exploit detection

SEVERITY 99

Threat Analysis

Severity scoring
Risk classification
Confidence analysis

ACTING

Automated Response

Emergency pause transaction
Discord & Telegram alerts
Webhook notifications

OPEN FEED

Public Alert Feed

WebSocket stream
Dashboard consumers
SDK/API integration

LIVE

Helius Geyser gRPC

Raw Solana transaction stream
Real-time slot monitoring

<400MS

Rust Watcher Engine

Low-latency detection engine
Flash loan detection
TVL velocity monitoring
Bridge exploit detection

SEVERITY 99

Threat Analysis

Severity scoring
Risk classification
Confidence analysis

ACTING

Automated Response

Emergency pause transaction
Discord & Telegram alerts
Webhook notifications

OPEN FEED

Public Alert Feed

WebSocket stream
Dashboard consumers
SDK/API integration

Hypothetical Scenario

Simulated scenario — not a real event

Imagine a protocol loses $232M in a drain that runs across ~12 transactions over ~8 seconds — the pattern of the Drift Protocol class of exploits. SentinelGuard would detect the anomaly after transaction 2–3 and pause withdrawals before transaction 4 fires.

70-80%

Estimated funds that could have been saved

400ms

Time from detection to on-chain pause

Tx 2-3

When detection would have triggered

Next Steps

Continue from the architecture overview into setup, rule logic, or protocol integration.

Quick Start

Move from concept to a local running instance and attack simulation.

Detection Rules

See how Rule 1, Rule 2, and Rule 3 assign severity in real time.

How It Works

Follow the full monitoring-to-response lifecycle inside the platform.