Testudo

About

Testudo protects your Ethereum wallet by analyzing smart contract interactions before you sign them. It intercepts transaction and signature requests in real time, runs bytecode-level analysis, and warns you about dangerous patterns — all before any damage is done.

WHAT IT DETECTS

- EIP-7702 delegation attacks (auto-drainers, metamorphic contracts)
- Malicious token approvals (ERC-20 approve, increaseAllowance)
- Dangerous NFT approvals (setApprovalForAll to unknown operators)
- Permit signature phishing (EIP-2612, Permit2)
- Blind signature risks (personal_sign with suspicious content)
- eth_sign abuse (full transaction signing with typed confirmation gate)
- Known malicious addresses (real-time threat intelligence lookups)
- Suspicious contract deployers (fresh wallets, low nonce)

HOW IT WORKS

1. Testudo intercepts wallet requests (eth_sendTransaction, eth_signTypedData_v4, personal_sign, eth_sign) on any webpage.
2. Contract addresses are checked against a threat intelligence database and analyzed for dangerous bytecode patterns (auto-forwarding, DELEGATECALL, SELFDESTRUCT, metamorphic deployment).
3. If a risk is found, a warning modal appears with a clear explanation of what the contract can do. You decide whether to proceed or cancel.
4. Safe interactions pass through without interruption.

KEY FEATURES

- Pre-signature protection: warnings appear before you sign, not after
- Human-readable intent: translates raw contract data into plain English (e.g., "Approve 1,000 USDC to 0xabc...")
- Bytecode capability analysis: detects what a contract CAN do, even without source code
- Threat intelligence: checks addresses against aggregated malicious address databases
- Deployer risk scoring: flags contracts deployed by fresh wallets with no history
- Phishing detection: scores personal_sign messages for social engineering patterns
- Fail-open design: if analysis fails, your transaction still goes through — Testudo never breaks dApps
- No tracking: zero analytics, zero telemetry, zero cookies