Check Contract Trust Before You Sign
Who Audited This? shows whether a wallet request touches a verified, changed, mismatched, unknown, or high-risk contract and links the verdict to Proof of Audits evidence.
Interaction preview
Ethereum address checked. Trust Passport available. Deployment Match reviewed.
Changed implementation or unknown contract state should be reviewed before signing.
Proof of Audits does not guarantee safety. It shows evidence, gaps, and risk signals before a wallet request reaches your decision point.
Why this is required
Wallet warnings need current proof, not audit claims alone.
Real crypto losses go far beyond direct theft. They trigger cascading downstream collateral contagion, frozen withdrawals, emergency governance, liquidity shocks, reputational ruin, and weeks of team time lost to incident-response panic.
Q2 2026 became the most active exploit period on record.
By late June 2026, DeFi platforms suffered over 120 exploits totaling $942M, with attack vectors shifting from simple contract bugs to governance manipulation, oracle attacks, and social engineering.
Drift Key ExploitCompromised admin keys bypass static audits.
On April 1, 2026, Drift Protocol suffered a $285M loss. Attackers spent months gaining the team's social trust to compromise admin keys and manipulate prices, highlighting that stale audit PDF records fail to prove live authority safety.
KelpDAO bridge exploitSingle-point bridge flaws trigger systemic contagion.
On April 18, 2026, KelpDAO lost $292M via a single-verifier bridge logic flaw. The stolen assets were collateralized on Aave, triggering cascading liquidity crunches and panic withdrawals across the ecosystem.
of 2026 crypto losses linked to NK state actors — supply-chain compromise is their primary vector
Extensions from unknown sources can inject malicious code into wallet interactions. Supply-chain attacks are rising — North Korean hackers were responsible for ~76% of crypto losses through April 2026.
Install from the right channel.
Public installs belong in the browser store once the listing is live. The direct package stays available for review and controlled manual installs.
Chrome Web Store
The intended end-user install path. This page can point to the live listing as soon as review is complete.
Manual package
A direct package for review, internal rollout, and users who intentionally install unpacked extensions.
Download packageProduction endpoint
The package defaults to the production Proof of Audits API. Custom endpoints are only for controlled testing.
DMM Bitcoin (May 2024) — compromised developer tooling led to private key theft
No easy way to verify the extension binary matches the audited source code. Compromised developer tooling was the entry point for one of the largest exchange thefts in 2024.
Manual install for review and testing.
Use this only when you intentionally want the unpacked extension package. The production API is the default endpoint.
Download manual package
Use this package for review, internal rollout, or developer-mode install while the store listing is not live.
Download packageLoad unpacked extension
Open chrome://extensions, enable Developer Mode, choose Load unpacked, and select the extracted folder.
chrome://extensionsKeep production API
The package defaults to the production Proof of Audits origin. Change it only when testing a controlled backend.
https://proofofaudits.comWallet popups show "Confirm Transaction" without any protocol trust context. By the time users manually research risk, the exploit window has already opened.
Decurity.io Exploit Timing ResearchProof, gaps, and risk signals before interaction.
Detect request
The extension reads the target contract before the wallet request reaches the signing decision.
Check registry
The address is checked against finalized protocol proof, deployment records, and known contract state.
Match deployment
Runtime bytecode, proxy implementation, and audited scope are compared before a green verdict is shown.
Show evidence
The user sees the score, badge, risk signal, and Trust Passport link when public proof exists.
Warn clearly
Changed, mismatched, unknown, or high-risk contracts require review before the user continues.
Trust evidence is buried in dashboards and audit pages. It does not appear at the moment the wallet asks for a signature — exactly when the user needs it most.
CertiK · KelpDAO Post-Mortem April 2026The extension makes protocol proof appear at the signing moment.
The investor page is for comparison. Contract Shield is for the moment when a wallet request needs a decision.
Exact 0-300 deployed-protocol score
Runtime bytecode and proxy implementation match
Changed deployment and UNVERIFIED_UPGRADE warnings
Trust Passport, VTI, and on-chain publication state
Authority-key evidence and pending key changes
Wallet request decision before signing
Wallets show pass/fail but not what was verified, what is missing, or what changed since the last audit. A clear verdict system could flag the exact gap that gets exploited.
Cetus Protocol (May 2025) — a math rounding bug that a clear verdict system could have flagged before users signed
Clear contract verdicts without safety overclaims.
Verified Match
This contract matches a finalized audited scope.
Audited Scope, Deployment Pending
The protocol has audit evidence, but deployed-code verification is not finalized yet.
Known Protocol, Changed Contract
This protocol is known, but the interacting contract or implementation has changed.
Scope Mismatch
This contract does not match the audited scope.
Unknown Contract
No Proof of Audits evidence was found for this contract.
High-Risk Signal
Proof of Audits found a warning signal that should be reviewed before continuing.
Proof of Audits does not guarantee safety. It shows evidence, gaps, and risk signals before a wallet request reaches your decision point.