Skip to main content

Documentation Index

Fetch the complete documentation index at: https://yieldxyz.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Overview

When interacting with on-chain yield protocols through the Yield API, transaction integrity is critical. Even a small modification can redirect funds or trigger unintended contract calls. Shield is a lightweight validation library that lets you verify unsigned transactions from the Yield API before presenting them for signing. It’s designed to be embedded directly into your integration — giving you full control over when and how validation occurs.

GitHub Repository

View source code

NPM Package

Install via npm

Key Features

Zero-trust verification

Every transaction must match a pre-audited pattern

Multi-chain support

Works across EVM, Solana, and Tron (Cosmos and other L2s coming soon)

Easy to integrate

Add one validation call before your signing logic — no extra middleware required

Clear error reporting

Immediate feedback on invalid or ambiguous transactions

Installation

npm install @yieldxyz/shield

Usage Example

import { Shield } from '@yieldxyz/shield';
const shield = new Shield();

// 1. Get transaction from Yield API
const response = await fetch('https://api.yield.xyz/v1/actions/enter', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': process.env.YIELD_API_KEY,
  },
  body: JSON.stringify({
    yieldId: 'ethereum-eth-lido-staking',
    address: userWalletAddress,
    arguments: { amount: '0.01' },
  }),
});

const action = await response.json();

// 2. Validate each transaction before signing
for (const tx of action.transactions) {
  const result = shield.validate({
    unsignedTransaction: tx.unsignedTransaction,
    yieldId: action.yieldId,
    userAddress: userWalletAddress,
  });

  if (!result.isValid) {
    throw new Error(`Invalid transaction: ${result.reason}`);
  }
}

// 3. Proceed with signing

How It Works

Shield uses pattern matching to analyze each transaction’s structure, function calls, and parameters, validating them against a verified template for the specified yield integration. If the transaction doesn’t match the safe pattern — for example, if an attacker modified a withdrawal address — Shield immediately flags it: 
Invalid transaction: Withdrawal owner does not match user address
You can decide how to handle the result: block the signing flow, display a warning, or log it for review.

Supported Yield Integrations

ChainYield IDDescription
Ethereumethereum-eth-lido-stakingLido ETH staking
Solanasolana-sol-native-multivalidator-stakingNative SOL staking
Trontron-trx-native-stakingTRX native staking
More integrations (Cosmos, Polkadot, Bittensor, additional EVM yields) are being continuously added.
Check programmatically: 
shield.getSupportedYieldIds();

API Reference

shield.validate(request)

Validates a transaction by auto-detecting its type. Parameters: 
{
  unsignedTransaction: string;  // Transaction from Yield API
  yieldId: string;              // Yield integration ID
  userAddress: string;          // User's wallet address
  args?: ActionArguments;       // Optional arguments
  context?: ValidationContext;  // Optional validation context
}
Returns: 
{
  isValid: boolean;
  reason?: string;         // Why validation failed
  details?: any;           // Additional error info
  detectedType?: string;   // Auto-detected transaction type (for debugging)
}

shield.isSupported(yieldId: string): boolean

Checks whether a given yield integration is supported.

shield.getSupportedYieldIds(): string[]

Returns a list of all supported Yield IDs.

Common Validation Errors

ContextError MessageMeaning
SolanaTransfer recipient does not match new stake accountYour SOL is being sent to a different wallet instead of the intended stake account
SolanaDelegate authority is not user addressSomeone else would gain control over your staked SOL
EVM / EthereumTransaction not to Lido stETH contractThe transaction targets a fake contract attempting to steal your ETH
Pattern DetectionNo matching operation pattern foundThe transaction type doesn’t match any valid pattern — likely malicious or corrupted

Decoding & Visualization

Shield allows clients to locally decode and visualize unsigned transactions before signing or broadcasting them. This feature enhances transparency and compliance by letting integrators inspect every on-chain instruction — including target addresses, function calls, and parameter values — directly on their own systems.

How It Works

1

Retrieve transaction

Get an unsigned transaction from the Yield API (e.g., /v1/actions/enter or /v1/actions/exit)
2

Decode locally

Pass the transaction into Shield’s decode() method
3

Inspect results

Shield returns a structured, human-readable view including target contract, function/method, parameters, token amounts, and associated accounts

Why It Matters

  • Transparency: Visually confirm every on-chain call before user signing
  • Security: Reduces man-in-the-middle or tampering attacks by verifying locally
  • Compliance: Log decoded transactions for audit trails or regulator review
  • Zero Trust: Decoding occurs entirely client-side — no external API calls needed

Shield — Go Package

For institutional and high-security deployments, Shield is also available as a Go package designed for hardware-secure, compiled environments (e.g., secure enclaves, HSMs, air-gapped systems) where TypeScript cannot be executed. Shield Go provides the same validation and decoding functionality as the TypeScript package.

Capability Comparison

CapabilityShield TypeScriptShield Go
Transaction validation
Local transaction decoding
Multi-chain support (EVM, Solana, Tron)
Secure enclave compatibility⚠️ Limited✅ Full
Embeddable in hardware / compiled binaries
CLI / SDK usage

Why Shield Matters

Each API layer in a DeFi integration increases potential attack surfaces. Shield enforces a zero-trust model, guaranteeing that the transaction users sign is exactly the one intended by Yield.xyz. By validating before signing, you:
  • Prevent tampering and phishing attempts
  • Maintain user trust through transparency
  • Add structural security without sacrificing UX

Next Steps

Security Overview

Full security architecture

HyperNative

Pre-transaction simulation

Security Tiers

Deployment models

Quickstart

Integrate Shield into your app