The Meshline whitepaper.

Base is one of the fastest-growing L2s, with new contracts deployed every day. That growth comes with a problem: users and agents have no fast, neutral way to tell a safe contract from a honeypot, a rug, or an unverified proxy.

Traditional audits are slow, expensive, and static — a snapshot that ages the moment it's published. Block explorers show raw data, not judgment. The result is a trust gap that throttles onchain adoption and exposes users to avoidable loss. Meshline closes that gap with an instant, neutral, verifiable risk read on any address.

Paste any Base address — a contract, a wallet, or an app. Meshline then:

• Pulls onchain and source data (Basescan, RPC, EAS).
• Runs a deterministic signal engine across known risk vectors.
• Synthesizes a structured, readable report with a language model.
• Computes a 0–1000 MESH Score and a letter tier.
• Attests the result onchain so it is verifiable and portable.

Today a full scan takes about 30 seconds; the roadmap brings the core result to under 15. The output is the same whether a human or an agent asked for it.

Every scan resolves to one number from 0 to 1000 — higher is safer — and a letter tier. The score is a weighted aggregation of severity-tagged signals, with weights continuously recalibrated against false positives seen in production scans.

Beneath the score sits a deterministic engine of independent checks, each carrying a severity (low, medium, high, critical) that penalizes the base score. Signals include:

• Source verification — Is the contract verified, and does the source match the bytecode?
• Proxy & upgradeability — Can the logic be swapped out from under users?
• Deployer history — What has this deployer shipped before — clean or rugged?
• Honeypot detection — Can funds actually be withdrawn, or only deposited?
• Ownership & privilege — Mint, pause, blacklist, and other privileged powers.
• Exploit similarity — Bytecode matched against a curated database of known exploit signatures.

The exploit-similarity set is sourced from incident archives such as Rekt.news and DeFiHackLabs, and expands over time to sharpen detection accuracy.

Signals and onchain context are passed to a language model (Gemini 2.0 Flash), which writes a structured report: what the contract is, the key risks in plain language, and a clear recommendation. The model explains the score — it never invents it. Reports are exportable as PDF for sharing and record-keeping.

Every result is written as an attestation on the Ethereum Attestation Service (EAS) on Base. That turns a one-off report into reusable public infrastructure. A MESH Score becomes:

• Verifiable — anyone can check the attestation onchain.
• Portable — other contracts, apps, and agents can read it.
• Tamper-evident — the score can't be silently edited after the fact.

An indexer ingests all Meshline attestations into a searchable public registry, so lookups are fast and don't depend on re-scanning.

Meshline is pay-per-use, settled in USDC on Base through x402 — no accounts or API keys required to make a single scan.

• Free — 5 scans per month to evaluate Meshline.
• Pro — Deeper analysis, scan history, alerts, and batch scanning.
• Enterprise — $199/mo — Private audits, bulk API, SSO, SOC2 export, and an SLA.

Bulk scanning is priced from 0.0005 USDC per address.

MESH is the network's coordination and access asset. Its utility ties directly to using the protocol:

• Discounts — hold MESH for cheaper scans — e.g. 100 MESH for 20% off, 1,000 for 40%, 10,000 for free Pro.
• Burn-for-scan — burn 1 MESH onchain for a one-time scan credit.
• Pro access — holding 10,000 MESH unlocks Pro with no recurring payment.
• Staking — stake MESH to earn a share of protocol revenue (below).

Token utilities are forward-looking and roll out over the roadmap; see the disclaimer.

A MeshStaking contract lets holders stake MESH to earn a share of real protocol revenue. Each week a fixed portion (target 20%) of scan revenue is deposited to the contract and distributed pro-rata to stakers in USDC. Stakers also receive priority, sub-5-minute alerting on watched contracts.

The intent is to tie token value to genuine protocol usage — fees from scans people actually run — rather than to token emissions alone.

Meshline is designed to be called by software, not just people. “Scan before you transact” becomes a primitive any agent can use:

• x402 payments — an agent's wallet pays per scan — no keys, no accounts, no signup.
• MCP endpoint — scan_contract, scan_wallet, and get_report exposed as tools for Claude, Cursor, and other runtimes.
• Discovery manifest — a capability manifest lets Agent.market and the x402 Bazaar auto-discover Meshline's tools, pricing, and schemas.

• Frontend — Next.js on Base, wallet-native via OnchainKit and agentic wallets.
• Backend — a scan pipeline — data ingestion → signal engine → AI synthesis → scoring → EAS attestation — with a Redis cache and a queue for scheduled re-scans.
• Onchain — EAS attestations, the MESH token, and the staking contract, all on Base L2.

Meshline ships post-launch in five waves over six months: report quality and Pro foundations, alerts and watched contracts, token and staking integration, enterprise and scale, and agent-native discovery — followed by a more exploratory phase shaped with the community.

This document is informational only and is not financial, investment, legal, or security advice. A MESH Score is a risk signal, not a guarantee of safety — never treat it as a substitute for your own due diligence. Token utilities described here are planned and may change as the protocol develops. Always do your own research.