Umbra — Intelligent Firewall
Umbra is Blackhole’s offchain transaction firewall that filters risky or malicious execution routes before the user signs. It combines static contract pattern matching with lightweight machine learning models trained on historical execution data. This enables real-time detection of structural threats and behavioral anomalies — without running expensive simulations.
Key Capabilities:
Static Pattern Filtering:
— Detects known malicious patterns: honeypots, proxy traps, approval drainers, reentrancy, self-destruct logic
— Works instantly, without RPC or forked simulation
— Fully configurable by protocol risk tolerance
ML-Based Risk Scoring:
— Models trained on failed transactions, revert patterns, gas anomalies, and contract behavior
— Learns from live execution data to reduce false positives
— Classifies routes based on structural and behavioral signals
Pre-Signature Enforcement:
— Validates full execution paths before signature
— Ensures users never approve unsafe routes
— Integrates seamlessly with fallback logic (SafeSwitch) and runtime checks (GravCore)
Self-Learning Feedback Loop
— Continuously improves using post-execution outcomes
— Flags new threat signatures and high-risk contracts automatically
— Reduces human curation and audit dependency over time
How It Works in Practice:
Umbra is designed to run with minimal system load and sub-millisecond response times.
Average route validation time: 5–15ms (static filtering + ML classification)
Throughput: >2,000 transactions/sec per standard CPU core
Deployment: easily containerized and horizontally scalable — each instance operates statelessly and can run in parallel
No chain emulation, no EVM forks, no simulation delays. Umbra filters routes in real time, allowing wallets and dApps to show validated execution paths instantly — even for complex cross-chain flows.
This makes it practical for high-frequency transaction pipelines, including aggregator backends, relayers, agents, and real-time user interfaces.
How It’s Different:
Traditional DeFi flows detect risk after user signs — or not at all.
Umbra enforces security before signature by understanding both what the transaction does, and what it could do.
Unlike simulation engines (slow, RPC-intensive), Umbra is gasless, fast, and effective by design — combining firewall precision with machine learning adaptability.
Tech Stack Summary:
Languages: Python (ML), TypeScript (API), Solidity (integration layer)
Models: scikit-learn classifiers (logistic regression, trees)
Data: PostgreSQL for labeled tx outcomes, Redis for live threat data
Pipeline: Feature extractor → classifier → risk label → action (pass/block/flag)
Result:
Umbra gives DeFi teams a powerful tool to validate execution safety in real time — eliminating the blind spots that lead to fund loss, protocol exploits, and broken UX.
Last updated