Problem
Once issue #78 (block-builder-level budget enforcement) lands, the gas budget becomes a chain-side invariant. Any waiver path — committee 2-of-N quorum lifting the cap for emergency drain, operator-set overrides, epoch resets — is a potential escalation vector. A buggy waiver flow lets an attacker silently inflate cap or trigger an unintended drain, undoing the protective intent of the budget.
We need an explicit security audit of every code path that can raise, reset, or bypass an agent's gas budget.
Proposed Approach
- Enumerate all paths that mutate
AgentBudget state:
release events that increment *_spentx402_middleware.settle events that increment *_spentwaiveEpoch(agentId, newCap) (committee path)resetEpoch() (time-based reset)setCap(agentId, hourly, daily) (initial provisioning)
- For each, identify the trust assumption (which key signs, which contract calls, what state transitions are allowed).
- Threat model:
- Malicious committee member tries to silently raise cap during a release window
- Reentrancy via
release -> external call -> waiveEpoch -> release chain
- Replay of an old waiver signature against a new epoch
- Time-based reset triggered ahead of schedule via chain re-org
- Doc:
docs/security/gas-budget-threat-model.md covers all enumerated paths + the mitigation per path.
- Third-party review on the waiver flow specifically (target: existing Switchboard auditor, or one of the Lux ecosystem auditors).
Acceptance Criteria
References
Problem
Once issue #78 (block-builder-level budget enforcement) lands, the gas budget becomes a chain-side invariant. Any waiver path — committee 2-of-N quorum lifting the cap for emergency drain, operator-set overrides, epoch resets — is a potential escalation vector. A buggy waiver flow lets an attacker silently inflate cap or trigger an unintended drain, undoing the protective intent of the budget.
We need an explicit security audit of every code path that can raise, reset, or bypass an agent's gas budget.
Proposed Approach
AgentBudgetstate:releaseevents that increment*_spentx402_middleware.settleevents that increment*_spentwaiveEpoch(agentId, newCap)(committee path)resetEpoch()(time-based reset)setCap(agentId, hourly, daily)(initial provisioning)release -> external call -> waiveEpoch -> releasechaindocs/security/gas-budget-threat-model.mdcovers all enumerated paths + the mitigation per path.Acceptance Criteria
(agentId, epoch, nonce)tupleReferences