DeFi Sentinel

Inspiration

The inspiration for DeFi Sentinel started years before we wrote our first line of code. One of our teammates, back when he was just sixteen, fell for the hype of a trending "moonshot" crypto project. Like many retail investors, he watched his savings vanish in minutes as the developers pulled the liquidity: a classic rug pull.

That experience didn't just burn a hole in his pocket; it sparked a curiosity about the "why" behind the scam. After completing a BS in Mathematics and Computer Science, he realized that the warning signs weren't invisible, they were just hidden in plain sight within the blockchain's raw data. We realized that while retail investors rely on "vibes" and social media hype, the math of a rug pull is immutable. We decided to build the tool we wish he had back then: an AI-driven shield for the Solana ecosystem.

What it does

It is a real-time rug-pull detection platform for Solana. It monitors newly launched tokens, collects data from 6 independent APIs (Helius, RugCheck, GoPlus, GeckoTerminal, Jupiter, and derived on-chain signals), and scores each token's risk using an XGBoost ML model trained on 116,000+ liquidity pool records.

Key features:

Live Token Feed — a real-time dashboard showing newly launched Solana tokens with color-coded risk scores (SAFE / MODERATE / DANGER), refreshing every 5 minutes and via a Solana WebSocket listener that catches new token mints as they happen
Deep Token Scanner — paste any Solana mint address and get a full 77-feature risk breakdown with an AI-generated risk explanation, individual risk factors, and a confidence-weighted verdict
On-Chain Risk Attestations — publish immutable risk assessments to Solana's blockchain via Memo transactions, co-signed by the user's Phantom wallet, creating a verifiable audit trail anyone can check on Solana Explorer
Wallet Risk Profile — connect Phantom, and we scan every token in your portfolio for rug exposure, producing a portfolio-level risk score and highlighting your danger positions
Dual Payment Rails — subscribe via Stripe (Pro at \$9.99/mo, Enterprise at \$99.99/mo) or buy scan credit packs by paying SOL directly from Phantom (0.05–0.60 SOL), with on-chain payment verification

How we built it

Data & ML pipeline. We started from the SolRPDS dataset (Alhaidari et al., CODASPY 2025) — 116,308 liquidity pool records across 33,358 unique Solana token mints. The raw dataset had only 12 columns, so we built a multi-source enrichment pipeline that expanded it to 113 features using 6 APIs — a $9.4\times$ enrichment factor. We audited the paper's binary labels and found significant noise: 67.4% of "Active" tokens had $\geq 95\%$ liquidity drained. We replaced the binary labels with a 5-tier confidence scoring system and trained only on high-confidence examples.

We iterated through 4 model versions. The critical breakthrough was v3→v4: we discovered that v3's 89% feature importance came from deployer-history features that were unavailable at live scan time (Helius's getAssetsByAuthority returns empty for most tokens). v4 removed those features entirely, trained on 77 features that all work in production, and still achieved $\text{AUC} = 0.910$ with a temporal train/test split (pre-2024 → 2024).

Backend. FastAPI serving 16 REST endpoints + WebSocket. The scoring pipeline collects features from 6 APIs concurrently, maps them to 77 model columns (using XGBoost's native NaN handling for missing data), applies heuristic adjustments for strong live signals, and caps established tokens ($>\$1\text{M}$ liquidity, $>30$ days) at low risk. A background loop refreshes the token cache every 5 minutes, and a Solana mainnet WebSocket listener detects new InitializeMint events in real-time.

Frontend. Built with Lovable (React 18 + Vite + Tailwind + shadcn/ui), then heavily customized. Phantom wallet integration via @solana/wallet-adapter for authentication, attestation co-signing, and SOL payments.

Solana integration. Wallet-based auth (Ed25519 signature verification), on-chain Memo attestations on devnet (co-signed by user + platform), SOL payment verification with anti-fraud checks (amount validation, idempotency, sender verification).

Stripe integration. Stripe Checkout for subscription plans (Pro/Enterprise) and one-time scan pack purchases, with backend-managed price IDs and redirect flows.

Challenges we ran into

The deployer-history trap. Our v3 model had an AUC of 0.9995, but 89% of its feature importance came from deployer history features that Helius's RPC simply doesn't return for most tokens in production. We had to throw away the "best" model and rebuild v4 from scratch with only live-scannable features. Painful, but honest.
Label noise in the dataset. The SolRPDS paper uses "Inactive = rug" as ground truth, but we found that 67.4% of "Active" tokens also had ≥95% liquidity drained, they just had one last arbitrage trade keeping them alive. We had to build a confidence-scoring pipeline to clean the labels before training.
API rate limits everywhere. GeckoTerminal (429s after ~2 req/s), RugCheck (429s on batches), GoPlus (slow responses). We built retry logic with exponential backoff, concurrent scanning with semaphores, and graceful NaN fallback in the ML model for any missing API data.
Metadata URI domains as features. We discovered that tokens hosted on gateway.pinata.cloud have a 98.9% rug rate, pump.fun factories use cheap IPFS pinning. This was a novel finding no existing detector uses, but required building a domain-extraction pipeline across 33K+ tokens to validate.

Accomplishments that we're proud of

AUC 0.91 with zero training-serving skew: all 77 features work identically in training and live production. No band-aids, no heuristic blends hiding broken features.
A novel discovery: the effort signal (metadata completeness — did the creator bother adding an image, description, website, socials?) accounts for 53.9% of model importance. This is more predictive than any on-chain economic metric. Rug factories on pump.fun skip these steps because they're optimizing for speed, not legitimacy.
Real on-chain attestations — not simulated. Actual Solana Memo transactions on devnet, verifiable on Solana Explorer, co-signed by the user's wallet.
Dual payment rails — Stripe for fiat users, SOL for crypto-native users, with on-chain verification for SOL payments.
From raw academic paper to live product in 24 hours — data enrichment, model training, full-stack app, wallet integration, payments, attestations.

What we learned

Feature availability matters more than feature importance. A model with 0.9995 AUC is worthless if 89% of its signal comes from data you can't access in production. We learned to audit every feature for live availability before trusting training metrics.
Label quality is the real bottleneck. Garbage labels → garbage model. Spending time building a confidence-scoring pipeline was more valuable than any hyperparameter tuning.
Solana's devnet is genuinely usable for prototyping on-chain features. The Memo program is perfect for data attestation — no custom program deployment needed.
Stripe + SOL dual payments create an inclusive experience: fiat users and crypto-native users can both pay without friction.

What's next for DeFi Sentinel

Continuous learning — pipe live scan results back into the training set to keep the model fresh as rug-pull tactics evolve
Real-time alerts — Telegram/Discord notifications when a token in your wallet is flagged as DANGER
Mainnet attestations — move from devnet to mainnet for production-grade, permanent risk records
Browser extension — a lightweight Phantom companion that shows risk scores inline on DEX interfaces (Jupiter, Raydium) before you swap
API marketplace — let other wallets and DEXs integrate our scoring engine via a paid API