Responsible disclosures

A running log of vendor disclosures and public research. Findings appear here once a fix has shipped, the embargo has lifted, or the work has been published as research. Coordinate disclosures via [email protected].

x402 AI-agent wallet drain via slow-burn pricing (Vector 6)
high

[ AI-AGENT WALLETS ] · disclosed 25 Mar 2026

AI agents use programmatic keypairs and auto-approve below a price threshold. A service that ramps prices slowly after trust drains the agent without ever tripping the threshold.

[ read the writeup ]
x402 amount-string parser fuzzing (Vector 9)
medium

[ COINBASE X402 ] · disclosed 24 Mar 2026

x402 amounts ship as JSON strings. "1000", "1e3", " 1000 ", "+1000", "01000" round-trip differently across implementations. Mismatch between facilitator validator and Solana transfer is monetisable.

[ read the writeup ]
x402 partial-signing instruction injection (Vector 2)
high

[ COINBASE X402 ] · disclosed 23 Mar 2026

Client builds and partially signs the VersionedTransaction. A facilitator that validates structure but not bytes can sign a tx with extra clawback / drain instructions appended.

[ read the writeup ]
x402 settlement race (Vector 1)
high

[ COINBASE X402 ] · disclosed 22 Mar 2026

Multiple /settle calls succeed before on-chain confirmation when the facilitator's verify→settle pipeline lacks an atomic lock. Double-spend window equals blockhash validity (~60s).

[ read the writeup ]
x402 facilitator gas drain (Vector 3)
medium

[ COINBASE X402 ] · disclosed 21 Mar 2026

Facilitator pays all fees, no per-client rate limit. Crafted-failing-tx storms maximise CU consumption — economic DoS against the facilitator.

[ read the writeup ]
SOLMAL: Solana x402 attack surface
research

[ COINBASE X402 ] · disclosed 20 Mar 2026

Threat model for x402 on Solana. 9 attack vectors against the verify→settle pipeline plus AI-agent wallet-drain patterns.

[ read the writeup ]
Rusty Pipes Exploit (proof-of-concept)
research

[ NPM ECOSYSTEM ] · disclosed 9 Nov 2024

PoC: Rust used to inject malicious code into npm packages and hijack the entire Node runtime.

[ read the writeup ]
Rust in Peace: Hijacking Node.js with a single require
research

[ NODE.JS / NPM ] · disclosed 17 Aug 2024

Long-form on Rust-based supply-chain malware in Node.js and the mitigations needed at registry + runtime layers.

[ read the writeup ]
Rusty Pipes: an npm supply-chain exploit
research

[ NPM ECOSYSTEM ] · disclosed 16 Jul 2024

How a malicious package detects packages a contributor maintains and injects a Rust binary into the next release.

[ read the writeup ]

Responsible disclosures

x402 AI-agent wallet drain via slow-burn pricing (Vector 6)

x402 amount-string parser fuzzing (Vector 9)

x402 partial-signing instruction injection (Vector 2)

x402 settlement race (Vector 1)

x402 facilitator gas drain (Vector 3)

SOLMAL: Solana x402 attack surface

Rusty Pipes Exploit (proof-of-concept)

Rust in Peace: Hijacking Node.js with a single require

Rusty Pipes: an npm supply-chain exploit