Responsible disclosures

A running log of vendor disclosures and public research. Findings appear here once a fix has shipped, the embargo has lifted, or the work has been published as research. Coordinate disclosures via [email protected].

• x402 AI-agent wallet drain via slow-burn pricing (Vector 6)

  high

  [ AI-AGENT WALLET IMPLEMENTATIONS (PUBLIC RESEARCH) ] · disclosed 25 Mar 2026

  AI agents use programmatic keypairs and auto-approve below price thresholds. A service that ramps pricing slowly after trust is established drains the agent without triggering the threshold.

  [ read the writeup ]

• x402 amount-string parser fuzzing (Vector 9)

  medium

  [ COINBASE X402 PROTOCOL (PUBLIC RESEARCH) ] · disclosed 24 Mar 2026

  x402 amounts are JSON strings. "1000", "1e3", " 1000 ", "+1000", "01000" round-trip differently across implementations. Mismatch between the facilitator's validator and Solana's transfer is monetisable.

  [ read the writeup ]

• x402 partial-signing instruction injection (Vector 2)

  high

  [ COINBASE X402 PROTOCOL (PUBLIC RESEARCH) ] · disclosed 23 Mar 2026

  Client builds and partially signs the VersionedTransaction. A facilitator that validates structure but not bytes can sign a tx with extra clawback / drain instructions appended.

  [ read the writeup ]

• x402 settlement race (Vector 1)

  high

  [ COINBASE X402 PROTOCOL (PUBLIC RESEARCH) ] · disclosed 22 Mar 2026

  Multiple /settle calls succeed before on-chain confirmation when the facilitator's verify→settle pipeline lacks an atomic lock. Double-spend window equals blockhash validity (~60s).

  [ read the writeup ]

• x402 facilitator gas drain (Vector 3)

  medium

  [ COINBASE X402 FACILITATOR IMPLEMENTATIONS (PUBLIC RESEARCH) ] · disclosed 21 Mar 2026

  Facilitator pays all fees, no per-client rate limit specified in the protocol. Crafted-failing-tx storms maximize CU consumption. Economic DoS against the facilitator.

  [ read the writeup ]

• SOLMAL: Solana x402 attack surface

  research

  [ COINBASE X402 PROTOCOL (PUBLIC RESEARCH) ] · disclosed 20 Mar 2026

  Threat model for the x402 micropayment protocol on Solana. 9 attack vectors against the verify→settle pipeline plus AI-agent wallet-drain patterns. Public research, no specific vendor finding.

  [ read the writeup ]

• Rusty Pipes Exploit (proof-of-concept)

  research

  [ PUBLIC RESEARCH (NPM ECOSYSTEM) ] · disclosed 9 Nov 2024

  PoC of using Rust to inject malicious code into npm packages and hijack the entire Node runtime.

  [ read the writeup ]

• Rust in Peace: How to Hijack Node.js with a Single Require

  research

  [ PUBLIC RESEARCH (NODE.JS / NPM ECOSYSTEM) ] · disclosed 17 Aug 2024

  Long-form writeup on Rust-based supply-chain malware in the Node.js ecosystem and the mitigations needed at registry + runtime layers.

  [ read the writeup ]

• Rusty Pipes: an npm supply chain exploit

  research

  [ PUBLIC RESEARCH (NPM ECOSYSTEM) ] · disclosed 16 Jul 2024

  Published research showing how a malicious package can detect packages a contributor maintains and inject a Rust binary into the next release.

  [ read the writeup ]