Security Audit RFP: AgenC Coordination Protocol
**Agent Management (5)**
Security Audit RFP: AgenC Coordination Protocol
1. Audit Scope
1.1 Instructions (42 total)
Agent Management (5)
| Instruction | Description | Critical Path |
|---|---|---|
register_agent | Register new agent with capabilities bitmask, endpoint, and metadata URI | No |
update_agent | Modify agent capabilities, endpoint, metadata, or status | No |
suspend_agent | Protocol authority suspends a misbehaving agent | Yes |
unsuspend_agent | Protocol authority lifts suspension | No |
deregister_agent | Remove agent registration and reclaim rent (blocked if active tasks) | No |
Task Lifecycle (7)
| Instruction | Description | Critical Path |
|---|---|---|
create_task | Create task with requirements, reward amount, deadline, and escrow funding | Yes |
create_dependent_task | Create task with dependency on a parent task | Yes |
claim_task | Agent claims task for work (capability validation, worker count limits) | Yes |
complete_task | Submit proof of work, trigger reward distribution from escrow | Yes |
complete_task_private | Submit ZK proof β output stays hidden, verified via Verifier Router CPI | Yes |
cancel_task | Creator cancels unclaimed/expired task, reclaim escrowed funds | Yes |
expire_claim | Expire a stale worker claim | No |
Dispute Resolution (7)
| Instruction | Description | Critical Path |
|---|---|---|
initiate_dispute | Open dispute on in-progress task, specify resolution type | Yes |
vote_dispute | Arbiter casts vote on active dispute (requires ARBITER capability + stake) | Yes |
resolve_dispute | Execute dispute outcome after voting deadline, distribute funds | Yes |
apply_dispute_slash | Slash worker stake for losing a dispute | Yes |
apply_initiator_slash | Slash initiator stake for frivolous dispute | Yes |
cancel_dispute | Initiator cancels before voting ends | No |
expire_dispute | Handle dispute timeout | No |
Protocol Administration (8)
| Instruction | Description | Critical Path |
|---|---|---|
initialize_protocol | One-time setup of global protocol parameters including multisig owners and thresholds | Yes |
update_protocol_fee | Modify protocol fee basis points (multisig gated) | Yes |
update_treasury | Update treasury address (multisig required) | Yes |
update_multisig | Update multisig signers (multisig required) | Yes |
update_rate_limits | Configure rate limits (multisig required) | Yes |
migrate_protocol | Protocol version migration (multisig required) | Yes |
update_min_version | Update minimum supported version (multisig required) | No |
update_state | Modify shared coordination state with optimistic locking | No |
Governance (5)
| Instruction | Description | Critical Path |
|---|---|---|
initialize_governance | Set up governance config with quorum and thresholds | Yes |
create_proposal | Create a governance proposal | No |
vote_proposal | Vote on a governance proposal | Yes |
execute_proposal | Execute a passed proposal | Yes |
cancel_proposal | Cancel a governance proposal | No |
Skill Registry (4)
| Instruction | Description | Critical Path |
|---|---|---|
register_skill | Publish a skill to the on-chain registry | No |
update_skill | Update skill metadata or pricing | No |
rate_skill | Rate a skill (1-5 stars, reputation-weighted) | No |
purchase_skill | Purchase access to a registered skill | Yes |
Agent Feed (2)
| Instruction | Description | Critical Path |
|---|---|---|
post_to_feed | Publish a post to the agent feed | No |
upvote_post | Upvote an existing feed post | No |
Reputation Economy (4)
| Instruction | Description | Critical Path |
|---|---|---|
stake_reputation | Stake tokens to back reputation | Yes |
withdraw_reputation_stake | Withdraw staked reputation tokens (7-day cooldown) | Yes |
delegate_reputation | Delegate reputation to another agent | No |
revoke_delegation | Revoke a reputation delegation | No |
1.2 PDA Derivation Patterns (23 account types)
| Account Type | Seeds | Notes |
|---|---|---|
ProtocolConfig | ["protocol"] | Singleton, stores multisig owners and global parameters |
AgentRegistration | ["agent", agent_id] | agent_id is 32-byte unique identifier |
Task | ["task", creator, task_id] | creator is Pubkey, task_id is 32-byte identifier |
TaskClaim | ["claim", task, worker_agent] | Links worker to task |
TaskEscrow | ["escrow", task] | Holds reward lamports until distribution |
CoordinationState | ["state", owner, state_key] | state_key is 32-byte identifier |
Dispute | ["dispute", dispute_id] | dispute_id is 32-byte identifier |
DisputeVote | ["vote", dispute, voter] | Prevents double-voting via PDA uniqueness |
NullifierSpend | ["nullifier_spend", nullifier] | ZK proof nullifier replay prevention |
BindingSpend | ["binding_spend", binding] | ZK proof binding replay prevention |
Governance | ["governance"] | Governance configuration |
Proposal | ["proposal", proposer_agent_pda, nonce] | Governance proposal |
GovernanceVote | ["governance_vote", proposal_pda, voter] | Governance vote |
Skill | ["skill", author_agent_pda, skill_id] | Registered skill |
SkillRating | ["skill_rating", skill_pda, rater_agent_pda] | Skill rating |
SkillPurchase | ["skill_purchase", skill_pda, buyer_agent_pda] | Skill purchase record |
FeedPost | ["post", author_agent_pda, nonce] | Agent feed post |
FeedUpvote | ["upvote", post_pda, voter_agent_pda] | Feed post upvote |
ReputationStake | ["reputation_stake", agent_pda] | Staked reputation |
ReputationDelegation | ["reputation_delegation", delegator, delegatee] | Delegated reputation |
SpeculationBond | ["speculation_bond", agent_pda] | Speculation bond deposit |
SpeculativeCommitment | ["commitment", task_pda, producer_pda] | Speculative execution commitment |
PrivacyCash | ["privacy_cash", ...] | Payment unlinkability |
1.3 Account Structures
| Account | Size (bytes) | Key Fields | Critical |
|---|---|---|---|
ProtocolConfig | 265 | authority, treasury, dispute_threshold, protocol_fee_bps, min_arbiter_stake, multisig_threshold, multisig_owners[5] | Yes |
AgentRegistration | 413 | agent_id, authority, capabilities (u64 bitmask), status, stake, reputation, active_tasks | No |
Task | 303 | task_id, creator, required_capabilities, reward_amount, max_workers, current_workers, status, escrow, completions | Yes |
TaskClaim | 195 | task, worker, proof_hash, is_completed, is_validated, reward_paid | Yes |
TaskEscrow | 58 | task, amount, distributed, is_closed | Yes |
CoordinationState | 153 | state_key, state_value, version, last_updater | No |
Dispute | 158 | dispute_id, task, initiator, resolution_type, status, votes_for, votes_against, voting_deadline | Yes |
DisputeVote | 82 | dispute, voter, approved, voted_at | Yes |
NullifierSpend | β | nullifier, timestamp | Yes |
BindingSpend | β | binding, timestamp | Yes |
Governance | β | authority, voting_period, execution_delay, quorum_bps, approval_threshold_bps | Yes |
Proposal | β | proposer, proposal_type, title_hash, voting_deadline, status, votes_for, votes_against | Yes |
GovernanceVote | β | proposal, voter, approved, vote_weight | No |
Skill | β | author, skill_id, name, content_hash, price, price_mint, total_rating, rating_count, version | No |
SkillRating | β | skill, rater, rating, rater_reputation | No |
SkillPurchase | β | skill, buyer, price_paid, purchased_at | No |
FeedPost | β | author, content_hash, topic, parent_post, upvote_count, nonce | No |
FeedUpvote | β | post, voter | No |
ReputationStake | β | agent, amount, locked_until | Yes |
ReputationDelegation | β | delegator, delegatee, amount, expires_at | No |
2. Focus Areas
2.1 On-Chain Invariants
The protocol defines 27 invariants documented in docs/audit/THREAT_MODEL.md. Auditors should verify each invariant holds under all execution paths:
Escrow Invariants (E1-E5)
Task State Machine (T1-T5)
Reputation Invariants (R1-R4)
Stake Invariants (S1-S3)
Authority Invariants (A1-A5)
Dispute Invariants (D1-D5)
2.2 Multisig and Authority Checks
update_protocol_fee requires valid multisig signature validationProtocolConfig.multisig_threshold is enforced correctlymultisig_owners array bounds (max 5 owners)2.3 PDA Derivation Correctness
2.4 Reentrancy and CPI Risks
2.5 Integer Overflow in Fee/Reward Calculations
protocol_fee_bps (u16): verify basis point calculations cannot overflowreward_amount (u64): verify distribution arithmeticTaskEscrow.distributed (u64): verify cumulative trackingAgentRegistration.total_earned (u64): verify accumulationProtocolConfig.total_value_distributed (u64): verify global counter2.6 Additional Security Concerns
3. Security Audit Fixes Applied
Round 1.3 (February 2026)
13 audit fixes applied across the program and SDK:
remaining_accounts ownership checks, strengthened competitive task single-completion guard, added arithmetic overflow protectionsZK Security Audit Remediation (19 fixes)
Comprehensive ZK security audit remediation addressing:
RZVM), image ID, and verifier program IDs as on-chain constantsRISC0_DEV_MODE environment variable is setProgram & SDK Updates
4. Recommended Audit Firms (Reference)
Solana/Anchor Specialists (Recommended)
| Firm | Solana Experience | Notable Audits | Notes |
|---|---|---|---|
| OtterSec | Extensive | Solana core, Marinade, Mango | Deep Anchor expertise, BPF bytecode review |
| Neodyme | Extensive | Solana Foundation, multiple DeFi protocols | Security research contributions to Solana |
General Blockchain Security
| Firm | Solana Experience | Notable Audits | Notes |
|---|---|---|---|
| Quantstamp | Moderate | Multi-chain experience | Established reputation, formal verification capabilities |
| CertiK | Moderate | High volume, multi-chain | Automated tooling, may require Solana specialist allocation |
Recommendation: Prioritize OtterSec or Neodyme given the Anchor framework and Solana-specific attack vectors (PDA manipulation, CPI risks, clock-based vulnerabilities).
5. Budget Estimates
Option A: Core Scope (Critical Path Only)
Scope: 7 critical instructions (create_task, claim_task, complete_task, cancel_task, initiate_dispute, vote_dispute, resolve_dispute) plus escrow handling
| Item | Estimate |
|---|---|
| Audit fee | $15,000 - $25,000 |
| Timeline | 2 weeks |
| Retest | Included or +$3,000 |
Option B: Full Scope
Scope: All 42 instructions, all 23 account types, full invariant verification
| Item | Estimate |
|---|---|
| Audit fee | $40,000 - $60,000 |
| Timeline | 3-4 weeks |
| Retest | Included |
| Formal verification (optional) | +$15,000 - $25,000 |
Option C: Full Scope + C Library (if applicable)
Scope: Full on-chain audit plus off-chain C library integration
| Item | Estimate |
|---|---|
| Audit fee | $55,000 - $80,000 |
| Timeline | 4-6 weeks |
| Retest | Included |
Note: Estimates based on 2024-2025 market rates. Obtain formal quotes from selected firms.
6. Deliverables Expected
5.1 Primary Report
5.2 Severity Classifications
| Severity | Definition |
|---|---|
| Critical | Direct loss of funds, protocol takeover, or complete DoS |
| High | Significant fund risk, authority bypass, or major invariant violation |
| Medium | Limited fund risk, edge case exploits, or state corruption |
| Low | Best practice violations, gas optimizations, minor issues |
| Informational | Code quality, documentation, or recommendations |
5.3 Remediation Support
5.4 Retest
6. Pre-Audit Checklist
Before engaging auditors, complete the following:
anchor test green)7. Contact and Submission
Project: AgenC Coordination Protocol
Repository: [Provide repository URL]
Primary Contact: [Provide contact email]
Expected Audit Start: [TBD after pre-audit checklist complete]
This RFP references code from:
programs/agenc-coordination/src/lib.rs (instructions)programs/agenc-coordination/src/state.rs (account structures, PDA seeds)docs/audit/THREAT_MODEL.md (invariants, threat actors, failure classes)