Skip to content

ZendIQ/ZendIQ-Extension-Lite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

36 Commits
assets
assets
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
manifest.json
manifest.json
Β 
Β 

Repository files navigation

ZendIQ Lite

Free Solana swap guardian. Analyses token risk and warns you before you sign β€” on Jupiter, Raydium, and Pump.fun.

🌐 zendiq.ai · Chrome Web Store

What it does

ZendIQ Lite sits silently in your browser and activates the moment you click Swap. Before your wallet is asked to sign anything, a risk overlay appears with:

  • A 0–100 Risk Score for the output token
  • A plain-English breakdown of every warning signal found
  • Proceed or Cancel β€” you stay in control

It works on Jupiter, Raydium, and Pump.fun with no wallet connection and no account required.

Risk levels

Score Level What it means
0–24 🟒 LOW On-chain hygiene looks clean
25–49 🟑 MEDIUM Some risk signals present
50–74 🟠 HIGH Significant red flags β€” review carefully
75–100 πŸ”΄ CRITICAL Multiple severe warning signs

16 scoring signals

Signal Source
Mint authority (can devs print unlimited tokens?) Solana RPC
Freeze authority (can devs lock your tokens?) Solana RPC
Top-1 holder concentration Solana RPC
Top-5 holder concentration Solana RPC
RugCheck risk flags (known rug, danger / warning items) RugCheck API
Speculative / memecoin market risk Token metadata
LP lock status RugCheck API
3-month price change GeckoTerminal
Long-term price change (up to 6 months) GeckoTerminal
Volume trend / activity collapse β€” 7-day vs 30–90-day baseline GeckoTerminal
Token age DexScreener
24 h price change DexScreener
Liquidity depth DexScreener
Market cap DexScreener
Serial deployer β€” tokens the creator wallet launched (last 30 days) Solana RPC
Bundle launch detection β€” Jito bundle manipulation at token creation Solana RPC

Wallet Security tab

The popup's Wallet Security tab scans your connected wallet for:

  • SPL Token and Token-2022 accounts with unlimited delegations β€” the most common attack vector used by drainer contracts
  • Matches against a list of known drainer contract addresses
  • Provides a Security Score (0–100) with per-finding detail and a direct link to revoke.cash for any unlimited approvals

No transaction is required. The scan is read-only.

Install

From Chrome Web Store

Install ZendIQ Lite

Manual / Developer install

  1. Clone or download this repository
  2. Open chrome://extensions (or brave://extensions)
  3. Enable Developer mode (top-right toggle)
  4. Click Load unpacked β†’ select the extension/ folder inside zendiq-lite/

Privacy & data collection

Transparency is a core commitment. Here is exactly what ZendIQ Lite sends to our server at zendiq-backend.onrender.com, and why.

What IS sent

Every event shares this common envelope:

Field Value Purpose
type event name (see below) Categorise the event
v extension version string Understand adoption across versions
ts Unix timestamp (ms) Time-series aggregation
ext_id chrome.runtime.id β€” a random ID assigned by Chrome to the extension install, not tied to your wallet or identity Deduplicate daily-active counts

The 9 event types currently logged:

Event When Fields sent
extension_installed Once on install or update reason, prev_version, browser
daily_active At most once per UTC day day (YYYY-MM-DD only)
token_checked After every risk scan completes mint, score, level, site
high_risk_detected When score β‰₯ 50 mint, score, level, site
transaction_initiated When a swap is intercepted mint, score, level, site, path
transaction_completed User clicks Proceed on low/medium risk mint, score, level, trade_usd*, site
transaction_aborted User clicks Cancel on low/medium risk mint, score, level, trade_usd*, site
proceeded_high_risk User clicks Proceed on high/critical risk mint, score, level, trade_usd*, site
avoided_high_risk User clicks Cancel on high/critical risk mint, score, level, trade_usd*, site

* trade_usd is sourced from Jupiter's own /order API response (the USD value Jupiter calculated for the swap). It is null when not available. It is never derived from your wallet balance.

Why we collect this: These aggregated counts let us measure how many high-risk tokens users encounter, how often users proceed vs cancel, and whether ZendIQ's risk scores correlate with real rug events. The data is never sold and never linked to an identity.

What is NEVER sent

Data Where it stays
Wallet public key or address chrome.storage.local only β€” never leaves your browser
Private keys or seed phrases Never accessed β€” not technically possible from a content script
Transaction signatures chrome.storage.local only
Full swap history (amounts, token pairs, quote accuracy) chrome.storage.local only
Wallet security scan results (approvals, drainer matches) chrome.storage.local only
Full risk factor breakdown (all 16 signal details) Computed and displayed locally; never uploaded
RugCheck / DexScreener / GeckoTerminal API responses Used locally for scoring; never forwarded
Deployer address or on-chain transaction history Used locally for scoring; never forwarded

Server-side safeguards

The backend validates every inbound event before storage:

  • Rate limit: 60 events per IP per minute
  • Type whitelist: only the 9 event names above are accepted
  • Field constraints: mint must be a valid base58 address, score must be 0–100, trade_usd capped at $50,000, site must be one of jup.ag / raydium.io / pump.fun
  • Payload size: data field capped at 2 048 bytes
  • No raw event rows are ever exposed via any public API endpoint β€” only aggregated statistics

Permissions

The extension requests the following browser permissions:

Permission Reason
storage Save swap history, security scan results, and settings locally
activeTab Detect the currently open DEX tab
scripting Inject the risk overlay and wallet hook into DEX pages
tabs Query open tabs to find the active DEX
*://jup.ag/*, *://raydium.io/*, *://pump.fun/* Intercept swap events on supported DEXes
https://api.rugcheck.xyz/* Fetch RugCheck risk flags for the output token
https://api.dexscreener.com/* Fetch token age, liquidity, 24 h price change
https://api.geckoterminal.com/* Fetch price history and volume trend
https://api.mainnet-beta.solana.com/*, https://solana.publicnode.com/* On-chain RPC calls (mint authority, holder data, wallet accounts)

No payment APIs, social networks, or ad networks are contacted.

Project structure

zendiq-lite/
β”œβ”€β”€ extension/                   Unpacked MV3 extension
β”‚   β”œβ”€β”€ manifest.json
β”‚   └── src/
β”‚       β”œβ”€β”€ background.js        Service worker β€” external fetches + analytics relay
β”‚       β”œβ”€β”€ scripts/
β”‚       β”‚   β”œβ”€β”€ page-config.js   Shared namespace (window.__zqlite)
β”‚       β”‚   β”œβ”€β”€ page-interceptor.js  Fetch hook + swap overlay (MAIN world)
β”‚       β”‚   β”œβ”€β”€ page-wallet.js   Wallet sign hook (MAIN world)
β”‚       β”‚   β”œβ”€β”€ page-security.js Wallet account scanner (MAIN world)
β”‚       β”‚   └── bridge.js        postMessage relay MAIN ↔ service worker (ISOLATED)
β”‚       β”œβ”€β”€ ui/
β”‚       β”‚   β”œβ”€β”€ popup.html       Extension popup (4 tabs)
β”‚       β”‚   β”œβ”€β”€ popup.js         Popup logic
β”‚       β”‚   β”œβ”€β”€ popup-monitor.js Monitor tab
β”‚       β”‚   β”œβ”€β”€ popup-history.js History tab
β”‚       β”‚   β”œβ”€β”€ popup-security.js Wallet Security tab
β”‚       β”‚   β”œβ”€β”€ popup-settings.js Settings tab
β”‚       β”‚   └── styles.css       Popup styles
β”‚       └── utils/
β”‚           β”œβ”€β”€ scoring.js       16-signal risk scoring engine
β”‚           β”œβ”€β”€ extraction.js    On-chain deployer lookup
β”‚           β”œβ”€β”€ rpc.js           Popup ↔ background message helpers
β”‚           └── analytics.js     Fire-and-forget event logger
└── backend/                     Optional self-hosted backend
    β”œβ”€β”€ .env.example
    β”œβ”€β”€ package.json
    └── src/
        β”œβ”€β”€ server.js            Express entry point
        β”œβ”€β”€ api/routes.js        POST /api/events Β· GET /api/stats Β· GET /api/version
        └── db/schema.sql        SQLite schema

Backend (self-hosted)

The extension works fully without a backend β€” all scoring is local. The optional backend enables:

  • Version checks β€” update banner when a new version is published
  • Aggregated analytics β€” anonymised event counts for the dashboard

Run locally

cd backend
cp .env.example .env
npm install
npm start

Then in the extension popup Settings, set the backend URL to http://localhost:3000.

APIs used

All free, no API key required:

API Used for
Solana RPC (publicnode.com + mainnet-beta) Mint authority, freeze authority, holder data
RugCheck.xyz Comprehensive risk report
DexScreener Price, liquidity, market cap, token age
GeckoTerminal 3M + 6M price history, volume trend

ZendIQ Pro

Need swap interception, MEV protection, and auto-optimised routing on jup.ag? Check out ZendIQ Pro β€” the full-featured swap guardian that saves you from bad routes and front-running bots.

Licence

MIT

About

Free Solana token rug detection browser extension. Protects traders from MEV attacks, sandwich bots, and rugpull tokens via risk scoring. Open source.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages