Use Cases/DeFi Agents

Your AI agent just swapped $2M into an unaudited liquidity pool. The transaction confirmed in 12 seconds. There is no undo button.

DeFi agents execute token swaps, bridge assets, and provide liquidity at machine speed. Veto intercepts every on-chain tool call before execution, enforcing swap limits, protocol allowlists, and approval workflows. Because on-chain, there is no chargeback.

MiCA (EU)TFRFATF Travel Rule

Start free View on GitHub

On-chain is irreversible

In traditional finance, a wire transfer can be recalled within hours. A credit card charge can be disputed for 120 days. On a blockchain, once a transaction confirms, it is final. There is no dispute process, no chargeback mechanism, no compliance officer who can reverse it. For AI agents operating in DeFi, authorization before execution is not a feature. It is the only line of defense.

The cost of ungoverned DeFi agents

DeFi exploits are accelerating. The Ronin bridge lost $625M to the Lazarus Group in March 2022. Wormhole lost $326M in February 2022. Nomad lost $190M in August 2022. Across 2024, DeFi protocols lost over $1B across 339 incidents according to Chainalysis. Q1 2025 was the worst quarter on record: $1.64B lost. These incidents involved human operators and audited smart contracts. Now add an autonomous AI agent making decisions at machine speed, 24 hours a day, without fatigue or hesitation.

Regulatory exposure compounds the technical risk. MiCA entered full application on December 30, 2024, requiring crypto-asset service providers to maintain internal control mechanisms and risk management frameworks. The Transfer of Funds Regulation imposes a zero-threshold Travel Rule for crypto transfers within the EU — every transfer, regardless of amount, requires originator and beneficiary information. FATF Recommendation 16 is being implemented by 73% of member jurisdictions, extending Travel Rule requirements to virtual asset service providers worldwide. An AI agent that moves tokens without these controls creates regulatory exposure with every transaction.

Irreversible execution

An agent swaps $500K into a low-liquidity pool. Slippage eats 40% of the position. On-chain, the transaction is final. No recall, no dispute, no reversal.

Smart contract risk

An agent interacts with an unaudited contract that drains its token approvals. The contract was deployed 3 hours ago. The agent didn't check.

Regulatory exposure

An agent executes cross-border token transfers without Travel Rule compliance. MiCA Article 68 requires internal controls for crypto-asset services. The audit trail shows nothing.

How Veto protects DeFi operations

Veto sits between the AI agent and your on-chain execution layer. Every tool call — swap, bridge, provide liquidity, interact with a contract — is intercepted, evaluated against your policies, and either allowed, denied, or routed for human approval. The agent cannot bypass this layer.

Token swap authorization

A trading agent receives a signal to swap $500,000 of USDC for ETH on Uniswap. Valid strategy, reasonable market conditions. Without guardrails, the swap executes immediately with whatever slippage the DEX returns. With Veto, the transaction is evaluated: amount exceeds the $50,000 auto-approval threshold, routes to the trading desk for review. The reviewer notices the liquidity pool depth wouldn't support this size without 8% slippage.

Cross-chain bridge controls

An arbitrage agent identifies a price discrepancy and initiates a $200,000 bridge transfer from Ethereum to Arbitrum via a bridge protocol. Veto checks the bridge protocol against the approved list, validates the destination chain is permitted, and confirms the value is within bridge transfer limits. A transfer to an unapproved bridge protocol is blocked outright.

Liquidity provision guardrails

A yield farming agent wants to provide $1M in liquidity to a new pool that launched 6 hours ago. Veto blocks the action: pool age is below the 7-day minimum threshold, and the position size exceeds the per-pool cap. The agent is redirected to established pools that meet policy criteria.

Contract interaction controls

An agent attempts to call approve() on an ERC-20 contract with an unlimited allowance (type(uint256).max). Veto blocks unlimited approvals by policy. The agent must specify an exact amount, reducing exposure if the spender contract is compromised.

DeFi agent policies

Policies are YAML, version-controlled, and evaluated locally in your process. No network dependency in the enforcement path.

defi_swap_policy.yamlyaml

rules:
  # Cap swap amounts
  - name: large_swap_approval
    description: Swaps over $50K require trading desk approval
    tool: swap_tokens
    when: args.amount_usd > 50000
    action: require_approval
    message: "Swap of ${{args.amount_usd}} exceeds $50K auto-approval limit"
    approvers: ["trading-desk@example.com"]

  # Enforce slippage tolerance
  - name: slippage_cap
    description: Block swaps with excessive slippage tolerance
    tool: swap_tokens
    when: args.max_slippage > 0.03
    action: deny
    message: "Slippage tolerance {{args.max_slippage}} exceeds 3% maximum"

  # Token allowlist
  - name: approved_tokens_only
    description: Only trade approved tokens
    tool: swap_tokens
    when: args.token_in NOT IN ["USDC", "USDT", "ETH", "WETH", "WBTC", "DAI"]
    action: deny
    message: "Token {{args.token_in}} is not on the approved trading list"

defi_bridge_policy.yamlyaml

rules:
  # Approved bridge protocols only
  - name: bridge_allowlist
    description: Only use audited bridge protocols
    tool: bridge_assets
    when: args.bridge_protocol NOT IN ["stargate", "layerzero", "wormhole", "across"]
    action: deny
    message: "Bridge protocol '{{args.bridge_protocol}}' is not approved"

  # Bridge value cap
  - name: bridge_value_limit
    description: Large bridge transfers require approval
    tool: bridge_assets
    when: args.amount_usd > 100000
    action: require_approval
    message: "Bridge transfer of ${{args.amount_usd}} exceeds $100K limit"

  # Block unlimited token approvals
  - name: no_unlimited_approvals
    description: Prevent agents from setting unlimited token allowances
    tool: approve_token_spending
    when: args.amount == "unlimited"
    action: deny
    message: "Unlimited token approvals are prohibited by policy"

Integration with DeFi agent frameworks

Veto wraps your existing tool implementations. Your DEX router calls, bridge SDK integrations, and contract interaction functions stay exactly the same. The SDK intercepts at the tool boundary.

defi_agent.tstypescript

import { Veto } from "veto-sdk";

const veto = new Veto({ apiKey: process.env.VETO_API_KEY });

// Your existing DeFi tools — unchanged
const defiTools = {
  swap_tokens: async (args: {
    token_in: string;
    token_out: string;
    amount_usd: number;
    max_slippage: number;
    dex: string;
  }) => {
    return await dexRouter.executeSwap(args);
  },

  bridge_assets: async (args: {
    token: string;
    amount_usd: number;
    source_chain: string;
    dest_chain: string;
    bridge_protocol: string;
  }) => {
    return await bridgeSDK.transfer(args);
  },

  provide_liquidity: async (args: {
    pool_address: string;
    amount_usd: number;
    token_a: string;
    token_b: string;
  }) => {
    return await liquidityManager.addPosition(args);
  },
};

// Wrap with Veto — one line per tool
const protectedTools = veto.wrapTools(defiTools, {
  policy: "defi",
  context: { agent_id: "yield-optimizer-v3" },
});

// Use protectedTools in your agent framework
// ElizaOS, Virtuals GAME, Olas, LangChain — all supported

The authorization check adds single-digit millisecond latency. Policy evaluation happens locally in your process.

Regulatory compliance mapping

DeFi regulation is crystallizing globally. Here's how Veto policies map to the requirements your compliance team cares about.

MiCA (EU Markets in Crypto-Assets)

Full application since December 30, 2024. Requires crypto-asset service providers to maintain internal control mechanisms, risk management frameworks, and client asset segregation.

Veto policies serve as documented internal control mechanisms
Decision audit trails provide risk management documentation
Per-agent, per-tenant policy scoping supports asset segregation

TFR (Transfer of Funds Regulation)

Imposes zero-threshold Travel Rule for crypto transfers within the EU. Every transfer, regardless of amount, requires originator and beneficiary information.

Bridge and transfer tools can require metadata fields before execution
Audit logs capture full transfer context for compliance reporting
Policy rules can block transfers missing required Travel Rule data

FATF Recommendation 16

Being implemented by 73% of FATF member jurisdictions. Extends Travel Rule requirements to virtual asset service providers worldwide.

Cross-border transfer policies enforce jurisdiction-specific rules
Approval workflows route high-risk transfers for compliance review
Exportable decision logs support regulatory examination

Common DeFi agent policies

Block

Swaps exceeding daily limits
Interactions with unaudited contracts
Unlimited token approvals
Bridge transfers to unapproved chains
Liquidity to pools under minimum age
Swaps with slippage above cap

Allow

Swaps within threshold limits on approved DEXs
Transfers between approved chain pairs
Liquidity to established pools
Token approvals with exact amounts
Balance and price queries

Require Human Approval

Swaps above configurable threshold
First interaction with new protocol
Bridge transfers above value cap
Liquidity positions above pool limit
Token approvals above spending cap

The numbers

$1.64B

Lost in DeFi exploits in Q1 2025 alone. Worst quarter on record.

$3B+

Cumulative losses from bridge exploits since 2022. Cross-chain remains the highest-risk vector.

<10ms

Policy evaluation time. Auto-approved transactions proceed with no perceptible latency.

Veto vs alternatives

Capability	Prompt-based	Smart contract audits	Forta / monitoring
Pre-execution enforcement
Swap amount limits
Protocol allowlists			Partial
Human-in-the-loop approvals
Slippage enforcement
MiCA/TFR audit trails			Partial
Argument-level control
Agent-agnostic	Per model	N/A
Open source core

What Veto does not do

Veto authorizes the agent's decision to interact. It does not audit smart contract code, prevent MEV extraction, guarantee protocol solvency, or reverse executed transactions. Combine Veto with contract audits (CertiK, Trail of Bits), runtime monitoring (Forta), and risk management (Chaos Labs) for defense in depth.

Frequently asked questions

Can Veto prevent my agent from interacting with a rug-pull contract?

Veto blocks interactions with contracts not on your allowlist. This is the strongest practical defense — if the contract address isn't pre-approved, the agent cannot call it regardless of its reasoning. However, Veto cannot predict future exploits of contracts that are currently on your allowlist. For that, combine with contract audits and runtime monitoring.

How does Veto handle MEV and sandwich attacks?

Veto enforces maximum slippage tolerances before the transaction is submitted. If your policy caps slippage at 3%, the agent cannot submit a swap with 10% tolerance — which is what creates vulnerability to sandwich attacks. Veto does not operate at the mempool level and does not use private transaction relays like Flashbots Protect. It prevents the agent from creating vulnerable transactions in the first place.

Does Veto work with ElizaOS, Virtuals GAME, and other crypto agent frameworks?

Yes. Veto wraps tool functions at the call boundary, not the framework. Any framework that uses tool calls — ElizaOS, Virtuals GAME, Olas, or raw LangChain/OpenAI/Anthropic clients — works with the SDK. The authorization check happens before your tool implementation executes.

Does Veto make my protocol MiCA compliant?

No single tool makes you MiCA compliant. MiCA requires organizational governance, risk management frameworks, client asset segregation, and ongoing reporting — most of which are operational, not technical. What Veto provides is the runtime control layer: documented policies, decision audit trails, and approval workflows that your compliance team can point to as evidence of internal controls under MiCA Article 68.

How does policy evaluation latency affect on-chain execution?

Core policy evaluation runs in-process in under 10 milliseconds. Auto-approved transactions proceed with no perceptible impact on execution timing. Only transactions routed for human approval introduce latency — which is intentional. You are choosing to pause before a high-risk on-chain action, not introducing accidental delay.

Related use cases

Financial Agents

Transaction limits, approval workflows, and SOX compliance

Browser Agents

URL allowlists and credential protection for web automation

On-chain is forever. Authorize before you execute.

One blocked unauthorized swap pays for years of Veto.

Start free Read the quick start Talk to us