Wallet Security, Reimagined

Smart Contract
Risk Analysis for
Non-Technical Users

In blockchain, where individuals hold custody of their own funds, they should also be in charge of their own security. OpenSentry puts audit-grade protection in users' hands, explaining risks in clear, plain language.
It aims not only to detect vulnerabilities, but also to surface protocol features that may be intentional yet still create meaningful user risk or hidden trust assumptions that users should understand before interacting with a protocol.

OpenSentry is a public good.
Free and open for everyone.

Launch Tool

The Security Gap

Every blockchain interaction asks users to trust contract behavior they usually cannot inspect. Existing protections often focus on known exploits, blacklists, or verified source code, but non-technical users also face risk from protocol design choices and hidden trust assumptions that may be intentional and still materially affect their funds.

Not every serious risk is a bug

A contract can avoid obvious implementation vulnerabilities and still expose users to uncapped fees, privileged upgrades, blocked withdrawals, or other dangerous behaviors that are part of the protocol design.

Hidden trust assumptions stay invisible

Users are rarely told who can change fees, upgrade logic, freeze flows, or remove exit paths. Those trust assumptions matter before signing, yet most wallet interfaces do not explain them in plain language.

How the Pipeline Works

OpenSentry ingests one or more contracts, compiles them through a Solidity facts extraction stage and passes compiler-backed evidence into downstream analysis agents.

Multi-contract ingestion

Accepts one or more contracts, whether passed in as local files or fetched from contract addresses in local CLI and API-backed analysis flows.

Compiler-backed facts

Normalizes contract structure and behavior into queryable facts such as roles, fees, upgrades, dependencies, and exit conditions.

Deterministic findings

Produces high-confidence warnings for clearly detectable user risks such as uncapped fees, no-timelock upgrades, or withdrawal-blocking admin paths.

Trusted context separation

Compiler-derived facts are passed downstream as trusted context while raw source remains separately handled as untrusted input.

Specialized security agents

Agents analyze access control, token mechanics, external dependencies, MEV, economics, governance, and transparency risks.

Plain-language reporting

Structured agent findings are merged into a report that explains in plain language what the risk is and why it matters to users.

Compiler-backed facts ground the analysis, specialized agents identify risks, and the findings are merged into a plain-language report.

The 8 Analysis Agents

Each agent asks a different core question and investigates a different source of user risk before the findings are merged into one report.

Access Control

“Who can change things, and what can they change?”

Maps privileged roles, upgrade paths, initialization flows, pause controls, timelocks, and other admin capabilities that can change user outcomes.

Token Mechanics

“Will this token behave the way the user expects?”

Checks transfer restrictions, fee-on-transfer logic, rebasing, mint and burn controls, trading switches, approvals, and other token behaviors that can surprise holders.

Economic & Fees

“What does this cost the user, including costs that aren’t obvious?”

Examines explicit fees, hidden costs from slippage or rounding, fee ranges and destinations, reward distribution logic, and deposit or withdrawal conditions.

Oracle & Dependencies

“What external things can break this?”

Inventories price feeds, fallback oracles, hardcoded dependencies, and third-party systems whose failure, staleness, or manipulation can harm users.

MEV & Tx Safety

“Can someone exploit the user’s transaction in the mempool?”

Looks for sandwich risk, missing slippage protection, bad deadline handling, frontrunning exposure, flash-loan surface, and other transaction-ordering attacks.

Code Quality

“Is there a bug that could lose funds?”

Focuses on code-level vulnerabilities such as reentrancy, unchecked calls, unsafe casts, delegatecall misuse, storage issues, DoS vectors, and precision loss.

Transparency

“Can the user verify what they’re interacting with?”

Checks source verification, proxy versus implementation clarity, hidden functions, misleading names, and mismatches between documentation and real behavior.

Governance

“How decentralized is this really?”

Analyzes governance concentration, voting mechanics, proposal thresholds, quorum, timelocks, emergency powers, treasury control, and key-person risk.

Built by an Auditor

Liron Achdut

Smart Contract Auditor & Activist

I am a blockchain developer and smart contract auditor working on security-critical systems. I review production contracts and analyze exploits for a living. I see firsthand how users are exposed to hidden risks that no wallet warns them about. OpenSentry is my answer to that gap.

My path to Web3 started through activism — a belief that decentralized systems can shift power to individuals. As I evolved into auditing, I realized the security expertise that protects protocols should be a public good, not a luxury.

Professional auditing is a long, intensive process that demands deep expertise — and not every project can afford it. I sometimes offer my services for free or near-free to projects I believe in, but that doesn't scale. OpenSentry is how I scale that protection to every user, for every protocol they interact with.

Smart ContractRisk Analysis forNon-Technical Users