• 

• 

• 

• 

• 

Sentinel Finance

Inspiration

The inspiration for Sentinel Finance came from a fundamental observation about cryptocurrency wallets. Traditional wallets operate on a binary security model where users either have complete access or complete exposure. There is no middle ground. A single compromised private key results in total fund loss, and we have witnessed billions of dollars vanish this way across the industry.

We were exploring the MNEE stablecoin ecosystem when we identified three critical pain points that no existing solution adequately addressed.

First, the security paradox. Users must choose between convenience and safety, but never both. Secure cold storage means no automation. Hot wallets enable automation but invite risk.

Second, the automation gap. Managing recurring payments in cryptocurrency requires constant manual intervention. There is no native way to instruct a wallet to execute periodic transactions without signing each one individually.

Third, the irreversibility problem. Once a blockchain transaction is signed, it cannot be reversed. Mistakes, compromised credentials, and malicious actors exploit this finality daily.

We asked ourselves a simple question: What if we could build a financial operating system that provides the security of cold storage, the convenience of automated payments, and the safety net of transaction reversal, all without sacrificing decentralization?

That question became Sentinel Finance.

What it does

Sentinel Finance is a programmable financial operating system for MNEE stablecoin built on a three wallet architecture that separates concerns to minimize risk while maximizing functionality.

The system consists of three interconnected components.

Main Vault: A smart contract that serves as your primary fund repository. It enforces time locks on large withdrawals, configurable daily spending limits, per transaction caps, and owner only access controls. The vault also implements our proprietary clawback system that allows transaction cancellation before execution.

Agent Wallet: A deterministically generated hot wallet that handles automated operations. It is derived from a MetaMask signature, stored encrypted in the browser, and constrained to only interact with addresses the user has explicitly whitelisted as trusted vendors. The agent wallet enables recurring payments and savings deposits without requiring manual transaction signing.

Savings Contract: An on chain locked savings mechanism with customizable time periods ranging from 7 to 365 days. Funds deposited here cannot be withdrawn until the lock period expires, enforcing disciplined saving behavior at the protocol level.

The interface layer consists of an AI powered chat system supporting multiple providers including Claude, GPT 4, and Grok. Users interact through natural language commands such as:

Pay Netflix 15 MNEE every month

Save 100 MNEE weekly for 90 days

Cancel my subscription to the gym

The AI interprets user intent, creates appropriate schedules, and the Agent Wallet executes transactions automatically. All actions remain bounded by user configured spending limits and the trusted vendor whitelist.

The clawback system represents our most significant innovation. When a transaction is scheduled, it enters a configurable time lock period during which the user can review and cancel it. This provides unprecedented protection against mistakes and attacks. The probability of fund loss given a compromised agent wallet can be expressed as:

$$ P(loss) = P(compromise) \times P(undetected) \times \frac{AgentBalance}{TotalHoldings} $$

By minimizing agent wallet balance and providing a detection window through clawback, we reduce \(P(loss)\) to near zero even under adversarial conditions.

How we built it

The development proceeded through three distinct phases.

Phase One: Smart Contract Foundation

We built the core vault contracts in Solidity using the Hardhat development environment. The contracts leverage OpenZeppelin audited libraries for standard functionality while implementing custom logic for time locks, spending limits, and the clawback mechanism. We deployed to Ethereum Sepolia testnet for iterative testing.

The vault factory pattern allows each user to deploy their own isolated vault contract, ensuring that vulnerabilities in one vault cannot affect others. The savings contract implements a plan based system where each savings goal maintains independent state including lock duration, deposit schedule, and withdrawal eligibility.

Phase Two: Frontend and Agent System

The frontend is built in React with ethers.js for blockchain interaction and Framer Motion for animations. The Agent Wallet Manager handles deterministic wallet generation using the formula:

$$ AgentKey = keccak256(sign(MetaMask, message)) $$

This ensures the same MetaMask wallet always generates the same agent wallet, enabling recovery without server side key storage.

The AI integration layer abstracts multiple providers behind a unified interface. The system prompt engineering constrains AI responses to valid action intents that map to executable blockchain operations. Each provider receives identical context about user state including trusted vendors, active schedules, and balances.

Phase Three: Backend and Automation

The backend is implemented in Python using FastAPI with SQLite for persistence. A recurring execution service monitors due payments and triggers agent wallet transactions. The system implements exponential backoff for failed transactions and proactive notifications for low balance conditions.

The expected number of successful automated payments per month can be modeled as:

$$ E[payments] = n \times (1 - p_{fail})^{retries} $$

Where \(n\) is the number of scheduled payments, \(p_{fail}\) is the single attempt failure probability, and \(retries\) is our retry count.

Challenges we ran into

Deterministic Wallet Recovery

The agent wallet needed to be recoverable without storing private keys on servers. We solved this by deriving the wallet deterministically from a MetaMask signature. The challenge was ensuring the signing message and derivation function remained consistent across sessions and devices. Any variation would generate a different wallet and strand funds.

Background Execution Without Centralization

Recurring payments must execute even when users are offline, but running a centralized service contradicts decentralization principles. We compromised by implementing a hybrid model where the backend monitors schedules and triggers execution, but all actual transactions are signed by the user controlled agent wallet. The backend never has custody of funds.

AI Safety Boundaries

Giving an AI agent control over financial transactions is inherently risky. We implemented multiple constraint layers to bound AI capabilities:

1. The trusted vendor whitelist ensures the agent can only pay pre approved addresses
2. Spending limits cap exposure per transaction and per day
3. Balance checks prevent overdrafts
4. Human oversight through the clawback window catches anomalies

The AI suggests and schedules, but smart contract rules enforce compliance.

State Synchronization

Local storage in the browser and the backend database needed to remain synchronized with blockchain state as the source of truth. Conflicts arise when users interact from multiple devices or when transactions fail after local state updates. We implemented eventual consistency with conflict resolution favoring blockchain state.

Gas Fee Management

The agent wallet requires ETH for gas in addition to MNEE for payments. Users unfamiliar with Ethereum often funded MNEE but forgot ETH, causing transaction failures. We added proactive gas balance monitoring with the alert threshold set at \(gasBalance < 0.005 ETH\).

Accomplishments that we are proud of

The Clawback System: We implemented transaction reversal on an immutable blockchain. By introducing a time lock layer before final execution, we created an undo button for DeFi. This is genuinely novel and addresses one of the most common sources of fund loss in cryptocurrency.

Natural Language Finance: Users can manage complex financial operations through conversation. The gap between intent and execution is collapsed to a single sentence. This represents a fundamental improvement in DeFi accessibility.

Three Wallet Architecture: The separation of concerns between secure storage, hot automation, and locked savings minimizes attack surface while maximizing functionality. The maximum loss in a worst case agent compromise is bounded by:

$$ MaxLoss = min(AgentBalance, DailyLimit) $$

Even complete compromise limits exposure to a small balance payable only to whitelisted addresses.

Multi Provider AI: Supporting Claude, GPT 4, and Grok gives users choice and redundancy. Each provider has different strengths, and users can select based on preference or availability.

Production Ready Deployment: The system is live on Ethereum Sepolia with all contracts verified. The frontend is deployed and functional. Documentation is comprehensive. This is not a prototype but a working product.

What we learned

Security and usability are not opposing forces when architecture is designed thoughtfully. The three wallet system provides stronger security than a single wallet while enabling automation that single wallets cannot support.

AI agents require explicit boundaries more than sophisticated capabilities. The value of our AI integration comes not from what it can do but from what it cannot do. Constraints make the system trustworthy.

DeFi user experience is the primary barrier to adoption. Technical users accept complexity, but mainstream adoption requires interfaces that hide blockchain mechanics entirely. Natural language interaction is a step toward that goal.

Smart contract limitations drive architectural decisions. On chain computation is expensive and storage is limited. Hybrid architectures that use the blockchain for security critical operations while offloading computation to traditional backends are practical necessities.

Testing on testnets reveals integration issues that unit tests miss. End to end flows involving MetaMask, RPC providers, and contract interactions fail in ways that isolated tests cannot predict.

What is next for Sentinel Finance

Fiat On Ramp Integration: Direct purchase of MNEE through the Sentinel interface would eliminate the friction of acquiring stablecoins through external exchanges or dexs, and an even smoother experience on sentinel.

Yield Integration: Idle funds in the main vault and savings contract could generate yield through established protocols. The expected annual return for a user with principal \(P\) would be:

$$ Return = P \times APY \times \frac{idleDays}{365} $$

We plan to integrate with vetted yield sources while maintaining the security properties users expect.

Mobile Application: A native mobile app would provide push notifications for pending transactions, biometric authentication for sensitive operations, and a streamlined interface for common tasks.

DAO Treasury Management: Organizations managing shared funds need the same security and automation features as individuals. We plan to extend the permission model to support multi signature approval workflows and role based access controls.

The vision is a complete financial operating system where users can receive income, pay expenses, save for goals, and invest for growth, all through natural language interaction with AI agents operating within user defined security boundaries. Sentinel Finance is the foundation for that future, powered by MNEE.

Built With

• anthropic-claude-api
• ethereum
• ethers.js
• fastapi
• framer-motion
• hardhat
• javascript
• openai-gpt-4-api
• openzeppelin
• python
• react
• sepolia-testnet
• solidity
• sqlite
• xai-grok-api