Risk Insights & Score

PENGUARDS assigns each session key a quantitative risk score and converts the result into visual indicators that support rapid triage.

Overall indicator (brand glow)

The penguin emblem in the top-left corner of the header illuminates red, amber, or green based on the most severe active session.
Hovering over the emblem reveals a concise status summary such as "1 critical session detected" or "All sessions meet best-practice thresholds."

Session badges

Every session card contains a badge detailing:

Severity label (Critical, High, Medium, Low, Info).
Raw score (for example, 42 / 100).
Percentile rank (for example, 42nd percentile among this wallet's sessions), which also drives the default sorting order.

Principal risk signals

The "Risk signals" panel lists the top contributing factors—such as "Unlimited spend permitted," "Approval target not reviewed," or "Very long / effectively no expiry."
Selecting "View all signals" opens the complete breakdown aligned with the dimensions described below.

Detailed permission breakdown

Expand a session card to see:

Call policies: contract address, function signature, per-use spend caps, and parameter constraints.
Transfer policies: recipient/target, per-use caps, lifetime or periodic value limits (reset period shown only when LimitType = Allowance).
Fee limits & expiration: lifetime gas budget; reset timers appear only when feeLimit.limitType = Allowance; expiration timestamp when applicable.
Registry status: whether the call or approval is marked Allowed, Unset, or Blocked on the Abstract Session Key Policy Registry.

Tooltips give extra context, and links let you cross-check anything directly on abscan or Abstract documentation.

Severity reference

Critical (0-29%) - immediate remediation required (blocked approvals or open-ended permissions).
High (30-49%) - significant exposure that should be tightened promptly.
Medium (50-74%) - manageable but warrants revision in the near term.
Low (75-89%) - largely aligned with guidance; continue periodic reviews.
Info (90-100%) - conforms to best practices.

The sections below describe how those severities are produced.

How the score is calculated

PENGUARDS mirrors Abstract's mainnet enforcement rules when computing each session's score.

Data sources

Source

Purpose

Session config (createSession payload)

Provides signer, expiry, fee limits, call/transfer policies, constraints, and approval selectors.

Session Key Policy Registry (0xA146…b93)

Confirms whether each (target, selector) and (token, spender) pair is Allowed, Unset, or Blocked; the UI shows the decoded spender alongside the verdict for approvals.

Session Key Validator

Returns the live status (Active, Expired, Closed). The client computes getSessionHash(sessionConfig) locally and compares it with the validator's stored hash to confirm integrity.

Optional telemetry

Flags reused signers or unusually high counts of active sessions.

Mainnet sessions run through every registry check. Testnet sessions skip the enforcement but still surface warnings so you can practise safer setups.

Dimensions weights

Dimension

Weight

What earns points

What reduces them

Registry compliance

Policies marked Allowed

Blocked entries cap the total at 60; Unset gets half credit on mainnet.

Approval safety

Spender is pinned and (token, spender) is Allowed

Missing pins, Blocked, or failed lookups drop to 0 and cap at 50.

Constraints coverage

Sensitive params have Equal/range constraints

No metadata or unconstrained inputs score near zero.

Scope breadth

Few targets/selectors, no generic routers

Broad scopes or execute selectors lower the score.

Native value protection

Low per-use spend and finite lifetime caps

Unlimited or high limits tank the score.

Fee budget

Tight lifetime/allowance gas budgets

Unlimited or very high budgets score poorly.

Expiration

Short lifetimes (≤ 24h best)

Long or missing expiries lose credit.

Allowance period

Short reset windows for LimitType.Allowance

Missing or very long periods score low.

Transfer policies

Tight caps, or no transfer policy at all

Unlimited transfers hurt the score.

Session liveness

Validator says Active and hash matches

Expired/unknown states lose points.

Signer reuse

Unique signer per wallet/session

Reused signers for multiple wallets score zero.

Open session count

≤ 3 active sessions

More than 3 drops to zero.

Partial credit for approvals

Unset spender in the registry ➝ partial credit (5/15) plus a warning.
Multi-spender allowlist (small curated list) ➝ partial credit and a surfaced warning so reviewers notice multiple spenders.
Blocked or failed lookup ➝ 0 points and the score is capped at 50.

Hard gates ("caps")

Blocked registry policies limit the overall score to 60 until removed.
Unsafe approvals (spender not pinned, blocked, or lookup failed) limit the overall score to 50.

When a cap is active you'll see a badge such as blockedRegistry or approvalSafetyHardGate listed in the session detail.

Severity mapping

Scores convert to severities using these bands:

Score

Severity

90-100

Info

75-89

Low

50-74

Medium

30-49

High

0-29

Critical

The brand glow uses the worst severity detected so you always see the highest exposure immediately.

Interpreting the breakdown

Inside each expanded session card you'll find:

A per-dimension list (e.g. "Registry 12/15 - 2 Unset policies").
Warnings for unset approval spenders, multi-allowlists, or missing constraints.
Explorer shortcuts to review the relevant policy or transaction on abscan.

Focus on dimensions below ~50%; those usually offer the quickest wins to improve your score.

How often the score updates

Every time you open the popup or hit Refresh.
Immediately after a revoke confirms (the session disappears or drops to 0).
Periodically while the popup stays open, so expirations and limits stay fresh.

PreviousCore Features NextRevoking Sessions Safely

Last updated 1 month ago

Good morning