In interactions with Web3 crafting APIs the transaction integrity is one of the main risk factors. When users sign blockchain transactions, even a minor modification can redirect funds, swap addresses, or trigger the wrong contract call.
That’s why we built Shield, a zero-trust transaction validation library that guarantees every unsigned transaction from the Yield API is structurally correct, untampered, and matches a known-safe pattern before signing.
What Is Shield?
Shield acts as a guardrail between the Yield API and the user’s wallet.
It automatically validates every unsigned transaction returned by Yield’s integrations — staking, restaking, lending, or otherwise — and ensures it conforms to the expected contract structure.
- Zero-trust verification: Every transaction must match a known, pre-audited operation pattern.
- Chain-agnostic: Works across any network, starting with EVM, Solana, and Tron.
- User protection: Prevents tampered transactions from ever reaching a signing prompt.
In short, users only sign what’s intended.
→ GitHub
How It Works
When you generate transactions via the Yield API (e.g. deposit or withdrawal), the API constructs the unsigned transaction, which is then passed through Shield before prompting the user to sign..
Shield uses pattern matching to analyze each transaction’s structure, function calls, and parameters, validating them against a verified template for the specific yield integration.
If the transaction doesn’t match the expected safe pattern — for example, if an attacker modified the withdrawal address — Shield immediately flags it, returning a clear error such as:
Invalid transaction: Withdraw recipient is not user address
This ensures that no malicious transaction can slip through unnoticed.
Quick Start
Install Shield in your integration:
npm install @yieldxyz/shield
Example usage:
import { Shield } from '@yieldxyz/shield';
const shield = new Shield();
// Get transaction from Yield API
const response = await fetch('<https://api.yield.xyz/v1/actions/enter>', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.YIELD_API_KEY },
body: JSON.stringify({
yieldId: 'ethereum-eth-lido-staking',
address: userWalletAddress,
arguments: { amount: '0.01' },
}),
});
const action = await response.json();
for (const transaction of action.transactions) {
const result = shield.validate({
unsignedTransaction: transaction.unsignedTransaction,
yieldId: action.yieldId,
userAddress: userWalletAddress,
});
if (!result.isValid) throw new Error(`Invalid transaction: ${result.reason}`);
}
That’s all it takes — you now have a transaction integrity layer built into your integration.
Supported Yield Integrations
Shield currently supports validation for:
ethereum-eth-lido-stakingsolana-sol-native-multivalidator-stakingtron-trx-native-staking
…and more coming soon, including Polkadot, Bittensor, Cosmos and additional EVM yields that are supported by the Yield API.
Why It Matters
Yield integrations increasingly rely on off-chain orchestration and APIs to build user experiences. Every extra layer — front-end, middleware, or aggregator — introduces potential attack surfaces. Shield eliminates this risk by verifying that the transaction a user signs is exactly the one Yield intended.
It’s a critical step toward a zero-trust integration architecture, where trust is enforced by code, not assumption.
The Bigger Picture
Shield is part of Yield.xyz’s broader mission to create a secure, standardized yield infrastructure layer.
By embedding Shield into wallets, SDKs, and integrations, partners can offer users verifiable security while maintaining seamless UX.
In the future, Shield will extend to:
- Cosmos and Layer-2 protocols
- Cross-chain validator pattern detection
- Dynamic rule updates via on-chain registries
