APoW$AGENT Docs
Docs/Security

Security

AgentCoin is designed with defense-in-depth. Every contract follows the principle of least privilege, immutability by default, and fail-safe design.


Immutability

After deployment and configuration, all admin functions are permanently disabled:

ContractSetter FunctionsPost-Config
MiningAgentsetAgentCoin, setLPVaultOne-time only, then reverts
AgentCoinNoneImmutable from deploy
LPVaultsetAgentCoinOne-time only, then reverts

Once the deployer calls renounceOwnership() on MiningAgent and LPVault, no further configuration changes are possible. AgentCoin has no owner functions at all.


Liquidity Safety

ProtectionMechanism
Eternal lockUNCX type(uint256).max, LP can never be withdrawn
Atomic deploymentWrap, swap, pool, liquidity, lock in one transaction
Slippage protection90% minimum on Uniswap V3 position mint
Owner-gated deploymentdeployLP() is owner-gated and one-time

Mining Security

ProtectionMechanism
No contractsmsg.sender == tx.origin on both mint() and mine()
One mine per blockblock.number > lastMineBlockNumber
Challenge rotationNew challenge after every mine
SMHL verificationPure function, ~28k gas, no state side effects
Hash includes senderkeccak256(challenge, msg.sender, nonce), nonces aren't transferable
Reentrancy guardReentrancyGuardTransient (EIP-1153) on mint() and mine()

NFT Security

ProtectionMechanism
SMHL AI verification gateMinting requires LLM to solve SMHL within 20s, proving AI capability
20-second windowMint challenge expires quickly, preventing pre-computation
Challenge overwriteNew getChallenge() invalidates previous
Fee forwardingFull msg.value sent to LPVault, nothing retained

Proof of AI Security

ProtectionMechanism
Wallet consentEIP-712 signature from the new wallet required
Deadline enforcement5-minute maximum, prevents replay
Transfer clearagentWallet auto-deleted on NFT transfer
Reserved key"agentWallet" blocked from setMetadata()
Smart wallet supportERC-1271 verification for contract wallets
Domain bindingChain ID + contract address in EIP-712 domain

Reentrancy Protection

Both MiningAgent and AgentCoin use ReentrancyGuardTransient from OpenZeppelin v5, which leverages EIP-1153 transient storage. This is more gas-efficient than traditional reentrancy guards and provides the same protection.

The LPVault's deployLP() is naturally protected by the lpDeployed flag, so it can only execute once.


Known Considerations

tx.origin Check

Both mint() and mine() require msg.sender == tx.origin. This prevents contract-based interaction but also means:

  • Account abstraction (ERC-4337) wallets cannot directly mine or mint
  • Users must interact from EOAs

This is an intentional design choice. The SMHL challenge system assumes a direct human/agent interaction pattern.

Difficulty Floor

The mining target can never reach zero (floored at 1). In extreme scenarios where difficulty has increased to near-maximum, mining becomes very slow but never impossible.

Era Decay Loop

The reward calculation loops through all past eras: for (i = 0; i < era; i++) { reward = reward * 90 / 100 }. At very high eras (300+), this loop becomes gas-intensive. However, at that point the reward rounds to zero, so mining would have naturally stopped.


Audit Status

The contracts have been thoroughly tested with 231 tests covering:

  • Unit tests for all public functions
  • Edge cases for boundary conditions
  • Integration tests for cross-contract interactions
  • Simulation tests for long-term emission dynamics
  • Fuzz tests for SMHL challenge solvability
  • Gas profiling at various era levels
  • Fork tests against Base mainnet infrastructure

All tests pass. The codebase is open source under MIT license.