DappGuardian is a comprehensive security solution for decentralized applications (dApps), designed to protect users from malicious code changes and ensure integrity of web3 front-ends.
DappGuardian consists of three main components:
- Smart Contracts: On-chain registry for storing IPFS CIDs of dApp file manifests
- Browser Extension: User-facing tool that verifies dApp integrity in real-time
- Developer CLI: Tools for dApp developers to register and update their applications
In the current web3 landscape, users have no way to verify if the front-end code they're interacting with is the same code that was audited or reviewed by the developer. DappGuardian solves this by:
- Allowing developers to generate cryptographic hashes of their dApp files
- Storing these hashes in IPFS for scalability and cost-efficiency
- Registering the IPFS CID on-chain for verifiable integrity
- Enabling users to automatically verify these hashes when they visit dApps
- Creating an immutable record of dApp versions and changes
Comprehensive documentation is available in the docs directory:
- Installation Guide - Complete setup instructions
- Smart Contracts - Contract architecture and usage
- Browser Extension - Extension functionality and development
- CLI Tools - Developer utilities for hash generation and registration
- IPFS Integration - How the system leverages IPFS for storage
dapp-security/
├── contracts/ # Smart contract code (Solidity)
├── extension/ # Browser extension (TypeScript/React)
├── cli/ # Developer tools (Node.js)
└── docs/ # Documentation files
The DappGuardian contract serves as a secure, decentralized registry for dApp releases, allowing:
- Developers to register domains and publish IPFS CIDs pointing to file manifests
- Users to verify file integrity through the IPFS-stored manifests
- History tracking of all dApp versions and changes
Setup:
cd contracts
npm install
cp .env.example .env # Configure with your environment values
npx hardhat compile
npx hardhat testA browser extension that automatically verifies dApp integrity when users visit web3 sites:
- Detects when users visit registered dApps
- Computes hashes of loaded resources
- Retrieves manifest data from IPFS using multiple gateways for reliability
- Verifies local hashes against the manifest data
- Alerts users if any discrepancies are found
Development:
cd extension
yarn install
yarn dev # Start development mode
yarn build # Build production versionInstallation:
- Build the extension using
yarn build - In Chrome/Brave, go to Extensions
- Enable Developer Mode
- Click "Load unpacked" and select the
extension/distdirectory
Tools for dApp developers to easily integrate with DappGuardian:
generate-manifest: Creates a manifest of file hashes for your dAppsubmit-update: Uploads the manifest to IPFS and registers the CID on-chain
Usage:
cd cli
npm install
cp .env.example .env # Configure with your environment values
# Generate a manifest for your dApp
./manifestGenerator.js path/to/your/dapp
# Submit an update to IPFS and the registry
./submitter.jsDappGuardian uses IPFS to store file manifests, providing several key benefits:
- Cost Efficiency: Transaction costs remain constant regardless of how many files are in the build
- Scalability: No limit to how many files can be included in a release
- Transparency: Anyone can verify the manifest contents by accessing the IPFS CID
- Permanence: Content is pinned on IPFS and retrievable as long as at least one node has it
- Manifest Generation: The CLI tool generates a JSON manifest with cryptographic hashes of all dApp files
- IPFS Upload: The manifest is uploaded to IPFS and pinned via Pinata or another pinning service
- On-Chain Registration: Only the IPFS CID is stored on-chain, significantly reducing gas costs
- Verification: The browser extension retrieves the manifest from IPFS and verifies file integrity
For more details, see the IPFS Integration Guide.
- Smart Contracts: Solidity, Hardhat
- Extension: TypeScript, React, Chrome Extension API
- CLI: Node.js, ethers.js, IPFS HTTP Client
- Storage: IPFS, Pinata
For a quick start guide to setting up the complete system, see the Installation Guide.
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.