Skip to content
/ shield Public

Shield is a zero trust transaction validation library built for Yield.xyz integrations. It ensures that every transaction generated by the Yield API is structurally correct, safe, and untampered before being signed or broadcast, protecting users, partners, and SDKs from invalid or malicious transaction data.

yield.xyz/

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stakekit/shield

BranchesTags

Repository files navigation

🛡️ @yieldxyz/shield

CI npm version License: MIT

Zero-trust transaction validation for Yield.xyz integrations. Shield ensures every transaction is structurally correct and untampered before signing.

Installation

npm install @yieldxyz/shield

Usage

import { Shield } from '@yieldxyz/shield';

const shield = new Shield();

// Get transaction from Yield API
const response = await fetch('https://api.yield.xyz/v1/actions/enter', {
  method: 'POST',
  headers: { 
    'Content-Type': 'application/json',
    'X-API-Key': process.env.YIELD_API_KEY // Your API key
  },
  body: JSON.stringify({
    yieldId: 'ethereum-eth-lido-staking',
    address: userWalletAddress,
    arguments: { amount: '0.01' }
  })
});

const action = await response.json();

// Validate before signing
for (const transaction of action.transactions) {
  const result = shield.validate({
    unsignedTransaction: transaction.unsignedTransaction,
    yieldId: action.yieldId,
    userAddress: userWalletAddress,
    args: action.arguments  // Optional
  });
  
  if (!result.isValid) {
    throw new Error(`Invalid transaction: ${result.reason}`);
  }
}

How It Works

Shield automatically detects and validates transaction types through pattern matching. Each transaction must match exactly one known pattern to be considered valid.

Supported Yield IDs

  • ethereum-eth-lido-staking
  • solana-sol-native-multivalidator-staking
  • tron-trx-native-staking

API Reference

shield.validate(request)

Validates a transaction by auto-detecting its type.

Parameters:

{
  unsignedTransaction: string;  // Transaction from Yield API
  yieldId: string;              // Yield integration ID
  userAddress: string;          // User's wallet address
  args?: ActionArguments;       // Optional arguments
  context?: ValidationContext;  // Optional context
}

Returns:

{
  isValid: boolean;
  reason?: string;         // Why validation failed
  details?: any;          // Additional error details
  detectedType?: string;  // Auto-detected type (for debugging)
}

shield.isSupported(yieldId)

Check if a yield is supported.

shield.getSupportedYieldIds()

Get all supported yield IDs.

Error Messages

Common validation failures:

  • "Invalid referral address" - Wrong referral in transaction
  • "Withdrawal owner does not match user address" - Ownership mismatch
  • "Transaction validation failed: No matching operation pattern found" - Transaction doesn't match any supported pattern
  • "Transaction validation failed: Ambiguous transaction pattern detected" - Transaction matches multiple patterns

License

MIT

About

Shield is a zero trust transaction validation library built for Yield.xyz integrations. It ensures that every transaction generated by the Yield API is structurally correct, safe, and untampered before being signed or broadcast, protecting users, partners, and SDKs from invalid or malicious transaction data.

yield.xyz/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.1 Latest
Oct 9, 2025

Contributors 2

  •  
  •  

Languages