Summary
This connects Claude to Yearn V3 vault security analysis, though the repository is actually Quantum Shield, a post-quantum cryptography protocol for Ethereum, not a Yearn-specific tool. The codebase includes L1 Sepolia contracts for vault custody with dual NIST post-quantum signatures (ML-DSA-65 and SLH-DSA), a Rust API backend, and PostgreSQL for tracking lock/unlock operations. If you're auditing DeFi vaults or need AI assistance analyzing time-locked custody mechanisms with quantum-resistant cryptography, this could expose relevant data. The naming mismatch suggests the MCP implementation may wrap specific vault analysis features from the broader Quantum Shield project, but the actual MCP server code isn't visible in this source tree.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
1 tools
auditAuditor de Secretos y Ciberseguridad .env — /api/audit endpoint. Fee: $0.03 USDC via x402.1 params
Auditor de Secretos y Ciberseguridad .env — /api/audit endpoint. Fee: $0.03 USDC via x402.
Parameters* required
payloadstringJSON-encoded request body for the /api/audit endpoint.
Quantum Shield
Post-quantum asset protection protocol for Ethereum using NIST-standardized cryptography
What is Quantum Shield?
Quantum Shield protects smart contract assets against quantum computing threats using NIST FIPS 204 (ML-DSA/Dilithium) and FIPS 205 (SLH-DSA/SPHINCS+) dual post-quantum signatures, combined with a decentralized Prover Pool, VRF-based selection, and time-locked custody.
Key Features
- Dual PQC Signatures — ML-DSA-65 + SLH-DSA for defense-in-depth
- Prover Pool — Decentralized verification with stake-weighted selection via VRF
- Time-Locked Custody — 24h normal unlock, 7-day emergency path with bond
- Observer Network — Independent challenge system with quadratic slashing
- On-Chain Governance — veQS token voting, security council, insurance fund
- 11 Sub-Applications — Consumer, Prover, Observer, Explorer, Enterprise, Governance, Admin
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Frontend (Next.js 15) 11 apps, 136 routes, ja/en i18n │
├─────────────────────────────────────────────────────────────────┤
│ Backend API (Rust/Axum) REST API, SIWE auth, Auto-Claim │
├──────────────────┬──────────────────────────────────────────────┤
│ L1: Sepolia │ L3: Arbitrum Sepolia │
│ • Vault │ • CoreLayer • Governor │
│ • ProverRegistry│ • veQS • RewardRouter │
│ • SPHINCS+ Vfy │ • QSToken • InsuranceFund │
└──────────────────┴──────────────────────────────────────────────┘
9 Core Sequences
| # | Flow | Path |
|---|---|---|
| 1 | Consumer Lock | Frontend → API → DB → L1 Vault |
| 2 | Normal Unlock | 24h timelock → Prover verification → L1 claim |
| 3 | Emergency Unlock | Bond deposit → 7-day lock → Emergency path |
| 4 | Prover Registration | Stake → VRF selection → Proof generation |
| 5 | Observer Challenge | Monitor → Challenge → VRF arbitration |
| 6 | Slashing | Quadratic penalty → L1 ProverRegistry |
| 7 | Governance | veQS voting → Proposal execution on L3 |
| 8 | Emergency Pause | Security council → L1 pause |
| 9 | Token Hub | Stake QS → veQS → Rewards |
Tech Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js 15, TypeScript, Tailwind CSS, Wagmi, RainbowKit |
| Backend | Rust, Axum, PostgreSQL, Redis, RabbitMQ |
| Contracts | Solidity 0.8.24 (Foundry), deployed to Sepolia + Arbitrum Sepolia |
| Cryptography | NIST FIPS 204 (ML-DSA-65), FIPS 205 (SLH-DSA), SHA3-256 |
| SDK | WASM (Rust → wasm-pack), npm-publishable |
| Testing | Playwright (E2E), Vitest, cargo test, Foundry forge test |
Deployed Contracts
L1: Ethereum Sepolia
| Contract | Address |
|---|---|
| Vault | 0x07012aeF87C6E423c32F2f8eaF81762f63337260 |
| ProverRegistry | 0x08e1fc1A0d614bc132B48950760c7A291cCB8946 |
| SPHINCS+ Verifier | 0xD090b5A627d9bd6D96a8b5f6F504ebCa79980103 |
L3: Arbitrum Sepolia (12 contracts)
| Contract | Address |
|---|---|
| CoreLayer | 0xb04F4DFe093dC80420117EDC8300f5EB6F6EDBf0 |
| veQS | 0xE72dFa97C9E452dC0b8E6aa026c910D21B20fCAE |
| Governor | 0xe93b8129DC3dBD48E5d78C5A4C156DD1BFa8D65B |
| QSToken | 0xBD66beBE19E664dF143da54808d746192e4f2ee2 |
All L3 contracts verified on Sourcify.
Quick Start
Prerequisites
- Docker & Docker Compose
- Rust 1.75+ with cargo
- Node.js 20+ with pnpm
- Foundry (forge, anvil)
Development Setup
# 1. Start infrastructure
docker compose up -d postgres redis rabbitmq l3-node minio minio-init
# 2. Run database migrations
cd src/api/api
DATABASE_URL="postgresql://quantum:quantum_dev@localhost:5432/quantum_shield" sqlx migrate run
# 3. Start backend API (port 8080)
cargo run --bin api-server
# 4. Start frontend (port 3000)
cd src/frontend/web
pnpm install
pnpm dev
Verify
curl http://localhost:8080/v1/health
# {"status":"healthy"}
Project Structure
quantum-shield/
├── src/
│ ├── api/api/ # Rust/Axum backend
│ │ ├── src/routes/ # API route handlers
│ │ ├── src/services/ # Business logic
│ │ ├── migrations/ # PostgreSQL migrations (17 files)
│ │ └── config/ # YAML configuration
│ ├── frontend/web/ # Next.js 15 frontend
│ │ ├── src/app/ # App Router pages (11 apps)
│ │ ├── src/components/ # 300+ React components
│ │ ├── src/hooks/ # React Query hooks per app
│ │ └── locales/ # ja/en translations
│ ├── l1/contracts/ # L1 Solidity contracts (Foundry)
│ ├── l3/ # L3 governance contracts
│ └── frontend/sdk/wasm/ # WASM SDK (Dilithium + SPHINCS+)
├── docs/
│ ├── core/SEQUENCES.md # 9 core sequence specifications
│ ├── ACTUAL_STATE.md # Current implementation state
│ └── pitch/ # Pitch deck, grant applications
├── docker-compose.yml # Development infrastructure
└── .github/workflows/ # CI/CD pipelines
Testing
# Backend
cd src/api/api && cargo test
# Frontend E2E
cd src/frontend/web && npx playwright test
# Smart Contracts
cd src/l1/contracts && forge test
Test Coverage: 137 E2E tests passing, 107 integration tests, 0 failures.
Security
- Cryptography: NIST FIPS 204 ML-DSA-65 + FIPS 205 SLH-DSA (post-quantum)
- Hashing: SHA3-256 (no keccak256 in application layer)
- Authentication: SIWE (Sign-In with Ethereum) + JWT
- Time Locks: 24h normal, 7-day emergency with bond collateral
- Slashing: Quadratic penalty for malicious provers
Audit Status
- Internal code review
- External audit (planned)
License
This project is licensed under the MIT License. See LICENSE for details.
Built for a post-quantum future.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packagevaultguard-mcp
TransportSTDIO
UpdatedMar 27, 2026
