Series → #x402 attack surface
-
SOLMAL: the x402 attack surface (series intro)
Mapping the attack surface of Coinbase's x402 micropayment protocol on Solana. Series intro covering the verify→settle pipeline, the actor model, the 9 vectors, and the responsible-disclosure timeline.
-
x402 Vector 1: settlement race condition
Coinbase x402's verify→settle pipeline isn't atomic. A client can submit the same PAYMENT-SIGNATURE to multiple facilitators in parallel, or race the facilitator with a direct on-chain submission. Double-spend within blockhash validity (~60s).
-
x402 Vector 2: partial-signing instruction injection
The x402 client builds and partially signs the entire VersionedTransaction. A facilitator that validates structure but not bytes can co-sign a tx with extra clawback / drain instructions appended after the legitimate transfer.
-
x402 Vector 3: facilitator gas drain
x402 facilitators pay all transaction fees and the spec defines no per-client rate limit. A flood of valid-looking transactions that fail at maximum compute-unit consumption is a per-request economic attack on the facilitator.
-
x402 Vector 6: AI-agent wallet drain via slow-burn pricing
AI agents on x402 use programmatic keypairs and auto-approve every payment under a price threshold. A service that ramps prices upward slowly after trust is established drains the agent without ever tripping the threshold.
-
x402 Vector 9: amount-string parser fuzzing
x402 amounts travel as JSON strings. "1000", "1e3", " 1000 ", "+1000", "01000" round-trip differently across implementations. Any disagreement between the facilitator's validator and Solana's transfer is monetisable.