Transaction security for the Ethereum ecosystem — a browser extension that analyzes contracts and signatures before you sign, detecting threats across EIP-7702 delegations, token approvals, permits, blind signatures, and more.
Users sign transactions they don't understand. Since May 2025, $12M+ has been stolen from 15,000+ wallets through malicious EIP-7702 delegations alone — and that's just one attack vector. Token approvals, permit signatures, and blind signing expose users to unlimited drains with a single click.
Testudo acts as an antivirus for every Ethereum transaction. It intercepts signature requests, analyzes the target contract's bytecode and intent, and presents human-readable warnings before users sign anything dangerous.
| Capability | Method |
|---|---|
| EIP-7702 delegation analysis | Bytecode capability extraction (14 detectors) |
Token approvals (approve, increaseAllowance) |
Calldata decoding + address check |
NFT setApprovalForAll |
Calldata decoding + marketplace allowlist |
| Permit / Permit2 signatures | Typed data primaryType detection |
Blind signatures (personal_sign) |
Phishing pattern scoring |
eth_sign hard block |
Always CRITICAL, typed confirmation required |
| Typed data address scanning | Recursive address extraction + batch check |
| Malicious transaction recipients | Address-only check pipeline |
| Deployer reputation | Nonce/age heuristic via Blockscout + RPC |
| Human-readable intent | Token metadata resolution + intent builder |
3-layer defense — every unknown address passes through:
- Safe Filter (local, instant) — known-good addresses skip API
- Threat Intelligence API (800ms timeout) — 15K+ malicious addresses + GoPlus real-time fallback
- Local Bytecode Analysis (parallel) — 14 deterministic detectors, no ML
All results are explainable: "This contract HAS capability X because of opcode Y at offset Z."
Install directly: Testudo on Chrome Web Store
# Install dependencies
yarn install
# Build all packages
yarn build
# Run tests
yarn test- Build the extension:
yarn workspace @testudo/extension run build - Open
chrome://extensions - Enable "Developer mode"
- Click "Load unpacked"
- Select
packages/extension/dist/
packages/
core/ # @testudo/core — Detection engine (190 tests)
extension/ # @testudo/extension — Chrome extension (Preact + Signals)
e2e/ # End-to-end tests (Playwright, 43 tests)
apps/
mock-dapp/ # Demo playground for testing
Note: The Threat Intelligence API lives in a separate private repository.
import { analyzeContract } from '@testudo/core';
const result = await analyzeContract('0x...');
// { risk: 'CRITICAL', threats: ['hasAutoForwarder'], blocked: true }Try Testudo in action: testudomock-dapp-production.up.railway.app
The playground simulates various transaction types:
- EIP-7702 delegations — safe (MetaMask delegator) and malicious (known drainer)
- Token approvals — unlimited amounts, malicious spenders
- NFT setApprovalForAll — unknown operators, marketplace allowlist
- Permit/Permit2 signatures — gasless approval attacks
- Blind signatures — phishing pattern detection
- eth_sign — hard block with typed confirmation
MIT