Every call passed validation. No reentrancy, no overflow, no revert. Sentinel reads the statistical shape of on-chain behavior and flags the drift — before the funds leave.
// watching window 39,972,940
Signature-based and rule-based tools look for known-bad patterns. The Euler attack didn't break a single rule — it just behaved nothing like normal. That's a different question, and it needs a different sensor.
A donation + self-liquidation sequence drained Euler. Every call was type-valid and authorized.
The behavioral hypervector drifted off the safe manifold three windows early — long before settlement.
Sentinel encodes each transaction window into a 10,000-dimensional hypervector and measures how far it drifts from learned-safe behavior. Three things make it different.
Catch only what someone already wrote a rule for. Novel exploits — like Euler — pass clean.
No rule list. Measures statistical distance from safe behavior, so unseen attack shapes still light up.
Per-tx inference cost, GPU dependency, non-deterministic output. Hard to anchor on-chain or reproduce.
Bind/bundle/permute over bit-vectors. Deterministic, seeded, CPU-only — runs in the time between blocks.
A red flag with no story. An on-call engineer still has to reverse-engineer what actually happened.
Names the drifting feature, anchors the alert on Mantle, and writes a human brief via Z.ai GLM.
HDC works with zero training data and zero GPU. Sentinel fits its safe manifold from a short warm-up window of real on-chain history — no labeled dataset, no model training, no accelerator. The drift math is the model.
Scroll the journey. Each stage runs deterministically on CPU, seeded with MASTER_SEED=1337.
Stream confirmed transactions for a watched contract from Mantle via Etherscan V2. Bundle them into a sliding window of recent calls.
Each call's selector, value, gas and entropy features are bound and bundled into one 10,000-dim hypervector — the window's behavioral fingerprint.
Compare the new hypervector to the safe-manifold prototype. Hamming distance, robust-scaled with MAD, becomes a single drift score in [0,1].
A hysteresis gate plus run-length collapse (BOCPD) confirm a sustained shift — not a one-block blip — keeping false positives at zero.
Sentinel names the feature driving the drift and asks Z.ai GLM to write a one-paragraph human brief — what shifted and why it matters.
The alert — window id, drift score, type — is logged to the Sentinel registry contract on Mantle mainnet. Tamper-proof, queryable, real.
A replay of a self-attack run on Mantle: warm-up calls stay flat, then an injected high-entropy call drives drift past threshold and fires an anchored alert.
The contract 0x1f88…68e64 showed completely unusual activity patterns at block 39,972,940, with maximum unpredictability in how it's being called. This anomaly is primarily driven by unexpected variations in function selection and data input patterns.
Numbers from the frozen, seeded benchmark suite — reproducible byte-for-byte via the golden-file CI test.
| Metric | Result | What it means |
|---|---|---|
| Anomaly separation | 4.3× | Attack drift vs. clean p99 |
| False positives | 0 | Across the full benchmark |
| Test suite | 109 | Passing, deterministic |
| Time to alert | ≤2 | Windows after onset |
| Anchor block | 96,680,154 | Mantle mainnet |
V_new = sign(λ·V_old + Σ V_safe). The baseline evolves to match safe behavior without retraining.python bench/self_attack.py --dry-run — zero API keys, zero config. Full pipeline demo in 30 seconds.pip install)The full pipeline, benchmark, and on-chain registry are open source under MIT. Run the self-attack replay in under a minute.