Agent Completes First Successful Audit with KALOS, Includes Solady’s ERC-1271

The Importance of Security at Agent

The success of our products and brand will only go as far as our commitment to security, which falls in line with our overarching goal of account accelerationism (acc/acc), i.e., advancing the adoption of smart contract accounts. Although Agent isn't competing against custodians (e.g., Gnosis Safe, Anchorage), we do place strong emphasis on security as our flagship product, the Agent Account Platform, does manage user funds in a non-custodial manner.

The technical challenges our team needs to solve are unique in that our approach must optimize for both security and user experience, while minimizing trade-offs in each. For that reason, we have chosen to use Solady as the backbone of our Account product. Solady is an open-source repository containing highly-optimized Solidity snippets. It has amassed over 2.2k+ stars on GitHub.

Audit by KALOS: Agent Account & Solady’s ERC-1271

Security is one of the most important aspects of our product and we wanted to work with the best. For the first audit of our flagship product, we’ve chosen to work with KALOS, the team that placed 2nd in the Paradigm CTF competition last year. Since its founding in 2018, KALOS has completed over 400 security audits and is trusted by leading DeFi applications like 1inch and Sushiswap.   

Last week, we completed a successful audit for our flagship product, the Account Platform. This first audit can be broken down into two components:

    ● First was the code for the Agent Account Token in which only one low-severity issue was surfaced.

    ● Second was an audit of Solady’s implementation of ERC-1271. Two high severity issues were found, both of which were resolved before mainnet deployment.

Both of these reports can be found on our GitHub (AgentExchange/audits).

Advancing Public Goods: Contributing to Solady

Our team is grateful for the opportunity to advance public goods like Solady. Following the audit, Solady creator and ERC-6551 co-author Vectorized (@optimizoor on Twitter) said, “Full marks. I finally found an auditoor I can trust on the same level as Zach Obront.”

Hun Lee (@push0ebp on Twitter), security researcher at KALOS, said the following:

“I was so glad to work with the team behind Agent and Vectorized, the creator of Solady. I encountered issues in Solady's enhanced ERC1271 implementation using nested EIP712, which could be used for phishing vectors to drain wallet users' assets. Despite the difficulty, I was impressed by their quick responses and fixes for our interesting issues I found. I was happy to have active and great discussions. Now, I'm excited to contribute to enhancing the security of the remarkable Solidity library Solady, and advancing smart contract account standards to protect wallet users. I'm looking forward to further collaborations.”

About Agent

Agent is a platform for creating, managing, and trading Web3 Sub-Accounts. To learn more about Agent, please visit our website at https://agent.exchange

Working at Agent

Agent is hiring across the board. We invite talented smart contract engineers and full-stack Web3 developers to join us on the exciting journey of accelerating the adoption of smart contract accounts. If interested, please get in touch on Twitter at @AgentLabs.