ShieldForge — Web3 授权扫描器与 Permit 解码器 作者： R228

ShieldForge brings the Web3 approval scanner and EIP-712 permit decoder into your browser toolbar. Self-custodial — no keys held, no custody, no relayer. Wallet signing always happens in your wallet's own UI.

What it does

• 🔍 Scan token approvals across 88 chains — Ethereum, Base, Arbitrum, Polygon, BNB Smart Chain, Optimism, Linea, Scroll, zkSync, Mantle, Sonic, Blast, Berachain, Cronos, Avalanche, Tron, Ronin, Etherlink, Hemi, BOB, ApeChain, Immutable zkEVM, Story, ZetaChain, Worldchain, Unichain, opBNB, Ink, and 60+ more. Risk-classified results sorted CRITICAL → LOW.
• ✍️ Decode EIP-712 typed-data signatures before you sign — Permit2, EIP-2612, OpenSea listings, Permit. Plain-text breakdown of domain, message, primary type. Warnings when value = 2^256-1 (unlimited allowance).
• 🛡️ Phishing watch on dApps — when a dApp asks for a typed-data signature with a permit-shaped payload, a non-blocking floating banner offers a one-click decode. Excludes banking domains, Google login, ShieldForge web app.
• 📊 Local scan history — past scans stored in chrome.storage.local, never uploaded.
• 🔔 Weekly hygiene reminder (opt-in) — browser notification if your last scan showed unrevoked CRITICAL approvals more than a week ago.
• 🌍 5 languages — English, Español, 日本語, Русский, 中文 — auto-detected from browser locale.

Privacy

We never read wallet keys or send PII. The scanner API receives the wallet address you scan (a public on-chain identifier) along with standard HTTP request metadata. Full policy at https://shieldforge.xyz/privacy.

Why we built this

Most token-approval drains in 2026 happen via blind EIP-712 signatures. Standard wallet UIs show "Sign typed data?" without explaining what it means. ShieldForge fills that gap — decode before you sign, audit before you forget, revoke before it costs you.

Backed by the same scanner running at https://shieldforge.xyz across +100 chains.