We check
what you sign.

What gets checked

• Recipient analysis — a known safe contract (Uniswap, Aave, OpenSea, Jupiter) or an unknown? The AI judges the full context.
• Calldata decoding — what are you actually signing? A plain transfer? approve(unlimited)? setApprovalForAll? Each type gets its own UI; critical ones require holding the button for 1–2 seconds.
• NFT protection — setApprovalForAll hands an operator control of ALL your NFTs in a collection. The #1 NFT-drainer pattern gets a big red warning with the collection name and operator address.
• Off-chain authorizations — Permit2 and EIP-2612 are off-chain signatures that can drain your wallet later. Most wallets show them as ordinary signatures. Nox warns explicitly.
• ChainId mismatch — signing for network X while connected to network Y gets blocked.
• Solana multi-instruction decoder — every instruction shown with colour coding; known programs (Jupiter, Raydium) are recognised and collapsed.
• Token2022 transfer hooks — the newest Solana attack: malicious tokens with a hook program that executes code when you send. Guardian detects and blocks.