Universal Crypto MCP

PAYMENTS_SECURITY_AUDIT.md•32.6 KiB

# Agent 3: Payments, Wallets & Security Audit Report **Audit Date:** January 30, 2026 **Auditor:** Agent 3 (Blockchain Security Specialist) **Repository:** `nirholas/universal-crypto-mcp` **Scope:** Payments, Wallets, Security Packages & x402 Protocol --- ## Section 1: Executive Summary ### Overview of Payment/Wallet Capabilities The universal-crypto-mcp repository provides a comprehensive suite of cryptocurrency wallet implementations and payment processing capabilities designed for AI agent interactions via the Model Context Protocol (MCP). The packages under audit enable AI agents to manage digital assets, execute payments, and interact with blockchain networks autonomously while maintaining security controls. ### Supported Blockchains and Standards | Category | Supported Chains/Standards | |----------|---------------------------| | **EVM Chains** | Ethereum, Arbitrum, Base, Optimism, Polygon | | **Non-EVM** | Solana (mainnet, devnet, testnet) | | **Wallet Standards** | BIP-32, BIP-39, BIP-44 (via viem/ethers) | | **Token Standards** | ERC-20, SPL Tokens | | **Multi-sig** | Safe (Gnosis) integration | | **Connection** | WalletConnect MCP server | | **Payment Protocols** | x402 (HTTP 402), Lightning Network (via Alby) | ### Critical Security Findings | Severity | Count | Summary | |----------|-------|---------| | **Critical** | 2 | Private key exposure in MCP tools, seed file stored in predictable location | | **High** | 5 | Missing input validation, hardcoded defaults, rate limiting absent | | **Medium** | 8 | Incomplete error handling, simulated security checks, missing audit trails | | **Low** | 6 | Documentation gaps, test coverage needs improvement | ### Overall Security Posture Rating **Rating: 6.2/10 (MODERATE RISK)** The codebase demonstrates good architectural patterns using established libraries (viem, ethers.js, @solana/web3.js) but contains several security concerns that must be addressed before production deployment. The heavy reliance on simulated/mock data in security tools and the potential for private key exposure through MCP tool parameters are primary concerns. --- ## Section 2: Wallet Package Deep Dive ### 2.1 Wallet Types Supported The wallet package (`packages/wallets/`) provides multiple wallet implementations: | Wallet Type | Location | Implementation | |-------------|----------|----------------| | **EVM Hot Wallet** | `wallets/evm/src/wallet.ts` | Single private key using viem | | **Solana Wallet** | `wallets/solana/src/wallet.ts` | Keypair using @solana/web3.js | | **Safe Multi-sig** | `wallets/safe-gnosis-mcp/` | Safe (Gnosis) protocol integration | | **WalletConnect** | `wallets/walletconnect-mcp/` | WalletConnect v2 MCP bridge | ### 2.2 Key Derivation Implementations **EVM Wallet (wallet.ts#L82-L89):** ```typescript this.account = privateKeyToAccount(config.privateKey); this.address = this.account.address; ``` The EVM implementation uses viem's `privateKeyToAccount` which internally uses proper Ed25519/secp256k1 derivation. However, **no HD wallet support is implemented** - only raw private keys are accepted. **Solana Wallet (wallet.ts#L55-L62):** ```typescript if (typeof config.privateKey === "string") { const decoded = bs58.decode(config.privateKey); this.keypair = Keypair.fromSecretKey(decoded); } else { this.keypair = Keypair.fromSecretKey(config.privateKey); } ``` Uses native Solana libraries for keypair generation. Supports both base58 strings and raw Uint8Array formats. ### 2.3 BIP-32/39/44 Compliance ⚠️ **FINDING:** The wallet implementations do **NOT** implement BIP-39 mnemonic generation or BIP-44 derivation paths. Users must provide raw private keys. **Risk:** Users cannot derive multiple addresses from a single seed phrase, limiting wallet recovery options. ### 2.4 Mnemonic Handling Security No mnemonic handling is implemented in the current codebase. The Solana security checklist (`wallets/solana/security/SECURITY_CHECKLIST.md`) documents proper practices but these are not fully implemented: - ✅ Zeroization mentioned in documentation - ❌ No `zeroize` crate usage visible - ❌ No secure memory clearing after key use ### 2.5 Private Key Storage Patterns **CRITICAL FINDING (CWE-312, CWE-522):** Private keys are accepted as direct constructor parameters and environment variables without additional encryption. **EVM Configuration (`types.ts#L14-L25`):** ```typescript export interface EVMWalletConfig { /** Private key with 0x prefix */ privateKey: `0x${string}`; chainId: string; rpcUrl?: string; } ``` **x402 Agent (`payments/x402/src/index.ts#L52-L53`):** ```typescript const seedFilePath = path.join(documentsDir, "mpc_info.json"); ``` ⚠️ **CRITICAL:** Coinbase MPC wallet seeds are stored in `~/Documents/mpc_info.json` - a predictable location without encryption at rest. ### 2.6 Encryption at Rest **Status: NOT IMPLEMENTED** No encryption at rest is applied to: - Wallet private keys - MPC seed files - Configuration files ### 2.7 Wallet Connection Protocols **WalletConnect MCP Server:** - Located at `wallets/walletconnect-mcp/` - Implements WalletConnect v2 protocol - Provides MCP tools for session management **Safe (Gnosis) MCP Server:** - Located at `wallets/safe-gnosis-mcp/` - Provides multi-sig transaction proposal and management - Integrates with Safe API ### 2.8 Hardware Wallet Support **Status: NOT IMPLEMENTED** No hardware wallet integrations (Ledger, Trezor) are present in the codebase. ### 2.9 Address Generation and Validation **EVM Validation:** Uses viem's type system (`0x${string}`) but no checksum validation visible. **Solana Validation:** Basic PublicKey construction without explicit validation: ```typescript const toPubkey = new PublicKey(to); ``` ⚠️ **FINDING (CWE-20):** Missing explicit address format validation could allow malformed addresses. ### 2.10 Chain-Specific Implementations | Chain | Key Management | Transaction Signing | RPC Handling | |-------|---------------|---------------------|--------------| | EVM | viem accounts | EIP-1559 support | Configurable HTTP | | Solana | Native Keypair | Ed25519 | Configurable connection | --- ## Section 3: Payments Package Analysis ### 3.1 Payment Flow Architecture The payments package (`packages/payments/`) implements multiple payment methods: ``` ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ MCP Client │────▶│ Payment Server │────▶│ Blockchain │ │ (AI Agent) │ │ (x402/Alby) │ │ Settlement │ └─────────────────┘ └─────────────────┘ └─────────────────┘ │ │ │ 402 Response │ │◀──────────────────────│ │ │ │ Payment Payload │ │──────────────────────▶│ ``` ### 3.2 Supported Payment Methods | Method | Package Location | Status | |--------|-----------------|--------| | **x402 Protocol** | `payments/x402/` | Production-ready | | **Lightning** | `payments/lightning/` | Alby integration (simulated) | | **Coinbase MPC** | `payments/x402/src/index.ts` | Active with gasless USDC | ### 3.3 Payment Confirmation Handling **x402 Flow (`payments/x402/src/index.ts#L174-L190`):** ```typescript await defaultAddress.createTransfer({ amount: amount, assetId: Coinbase.assets.Usdc, destination: ethers.getAddress(recipientAddr), gasless: true }) ``` ⚠️ **FINDING:** No confirmation waiting - transaction is scheduled but completion not verified in tool response. ### 3.4 Webhook Implementations **Status: NOT IMPLEMENTED** No webhook receivers for payment notifications are present. ### 3.5 Idempotency Handling **Status: NOT IMPLEMENTED** ⚠️ **HIGH (CWE-362):** No idempotency keys or duplicate prevention mechanisms exist. Multiple identical MCP tool calls could result in duplicate payments. ### 3.6 Refund Mechanisms **AIServiceMarketplace.sol (`contracts/marketplace/AIServiceMarketplace.sol#L304-L327`):** ```solidity function resolveDispute( bytes32 serviceId, uint256 disputeIndex, DisputeStatus status, uint256 refundAmount ) external onlyOwner { // ... refund logic escrowBalances[serviceId] -= refundAmount; paymentToken.safeTransfer(dispute.initiator, refundAmount); } ``` Smart contract implements refund via dispute resolution, but no client-side refund mechanism exists. ### 3.7 Fee Calculation Logic **Platform Fee (`AIServiceMarketplace.sol#L74-L75`):** ```solidity uint256 public platformFee = 250; // 2.5% in basis points uint256 public constant MAX_FEE = 1000; // 10% max ``` Fee calculation uses basis points with 10% maximum cap - properly implemented. ### 3.8 Multi-Currency Support | Currency | Package | Status | |----------|---------|--------| | USDC | x402, Marketplace | Active | | USDs | x402-ecosystem | Active (Arbitrum) | | Native tokens | EVM/Solana wallets | Supported | | Lightning BTC | Alby integration | Simulated | ### 3.9 Payment State Machine **Agent Daily Limits (`agent.ts#L268-L276`):** ```typescript checkDayReset(): void { const now = Date.now(); const dayMs = 24 * 60 * 60 * 1000; if (now - this.lastDayReset >= dayMs) { this.dailySpend = 0; this.lastDayReset = now; } } ``` ✅ Implements spending limits and daily resets. However, state is in-memory only and resets on restart. ### 3.10 Timeout Handling **x402 Protocol (`specs/x402-specification-v2.md#L97`):** ``` maxTimeoutSeconds: 60 ``` Protocol specifies timeout, but client-side timeout enforcement not visible in implementation. --- ## Section 4: x402 Protocol Review ### 4.1 Protocol Specification Compliance The x402 protocol implementation follows the v2 specification (`x402/specs/x402-specification-v2.md`) with the following components: | Component | Specification | Implementation | |-----------|--------------|----------------| | Version | 2 | ✅ Implemented | | Payment Required Response | JSON payload | ✅ Implemented | | Payment Payload | Base64 encoded | ✅ Implemented | | Network Format | CAIP-2 | ✅ Implemented | | Facilitator | Verification + Settlement | ⚠️ External dependency | ### 4.2 HTTP 402 Implementation **Payment Required Schema:** ```json { "x402Version": 2, "error": "PAYMENT-SIGNATURE header is required", "resource": { "url": "https://api.example.com/premium-data", "mimeType": "application/json" }, "accepts": [{ "scheme": "exact", "network": "eip155:84532", "amount": "10000", "asset": "0x036CbD53842c5426634e7929541eC2318f3dCF7e", "payTo": "0x209693Bc6afc0C5328bA36FaF03C514EF312287C", "maxTimeoutSeconds": 60 }] } ``` ### 4.3 Payment Negotiation Flow The protocol supports multiple payment options via the `accepts` array: 1. Client receives 402 with payment requirements 2. Client selects compatible payment method 3. Client signs payment authorization 4. Server verifies via facilitator 5. Server grants resource access ### 4.4 Proof of Payment Verification **Status: EXTERNAL DEPENDENCY** Verification is delegated to facilitator service (`DEFAULT_FACILITATOR_URL`). No local verification fallback. ### 4.5 Token-Gated Access Patterns **Lifecycle Hooks (`x402.md#L1-L150`):** ```typescript server.onAfterSettle(async (context) => { await recordPayment({ payer: context.result.payer, transaction: context.result.transaction, amount: context.requirements.amount, }); }); ``` Supports hooks for custom access control and payment recording. ### 4.6 Session Management ⚠️ **FINDING:** No session management visible in x402 implementation. Each request requires new payment verification. ### 4.7 Caching Strategies **Status: NOT IMPLEMENTED** No payment verification caching to reduce facilitator calls. ### 4.8 Error Response Handling Protocol defines standard error types but implementation lacks comprehensive error handling for edge cases. --- ## Section 5: Smart Contract Audit ### 5.1 Contract Architecture Overview The marketplace contracts (`contracts/marketplace/`) consist of: | Contract | Purpose | Upgradeability | |----------|---------|----------------| | `AIServiceMarketplace.sol` | Service registry, subscriptions, disputes | Non-upgradeable | | `ToolRegistry.sol` | Tool registration, revenue splits | UUPS Upgradeable | | `RevenueRouter.sol` | Payment distribution | UUPS Upgradeable | | `ToolStaking.sol` | Stake-based quality signals | UUPS Upgradeable | ### 5.2 Access Control Patterns **ToolRegistry Roles (`ToolRegistry.sol#L34-L37`):** ```solidity bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE"); bytes32 public constant VERIFIER_ROLE = keccak256("VERIFIER_ROLE"); bytes32 public constant REVENUE_ROUTER_ROLE = keccak256("REVENUE_ROUTER_ROLE"); ``` ✅ Proper role-based access control using OpenZeppelin's AccessControlUpgradeable. ### 5.3 Upgradeability Mechanisms **UUPS Pattern (`ToolRegistry.sol#L6-L7`):** ```solidity import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; ``` ✅ Uses secure UUPS pattern with `_authorizeUpgrade` protection (requires admin role). ### 5.4 Reentrancy Protections **All payment contracts include:** ```solidity import "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol"; function processPayment(...) external nonReentrant whenNotPaused { ``` ✅ Consistent use of `nonReentrant` modifier on state-changing functions. ### 5.5 Integer Safety **Solidity Version:** `^0.8.20` ✅ Solidity 0.8+ provides built-in overflow/underflow protection. **Basis Points Calculation (`RevenueRouter.sol#L46-L47`):** ```solidity uint256 public constant BASIS_POINTS = 10000; uint256 public constant MAX_PLATFORM_FEE = 1000; // 10% max ``` ✅ Proper basis point math with maximum caps. ### 5.6 Oracle Usage **Status: NOT APPLICABLE** No oracle dependencies in current contracts. ### 5.7 Gas Optimization **Storage Gaps (`ToolRegistry.sol#L66`):** ```solidity uint256[44] private __gap; ``` ✅ Storage gaps for upgrade safety. **Batch Operations (`RevenueRouter.sol#L261-L278`):** ```solidity function executeBatchPayout(address[] calldata recipients) external nonReentrant ``` ✅ Batch payout for gas efficiency. ### 5.8 Event Emission Patterns ✅ Comprehensive events emitted for all state changes: - `ToolRegistered`, `ToolUpdated`, `ToolPaused` - `PaymentReceived`, `RevenueDistributed`, `PayoutClaimed` - `Staked`, `Unstaked`, `Slashed` ### 5.9 Storage Layout Concerns **Tool Struct (`ToolRegistry.sol#L200-L210`):** ```solidity _tools[toolId] = Tool({ owner: msg.sender, name: name, endpoint: endpoint, ... createdAt: block.timestamp, updatedAt: block.timestamp }); ``` ⚠️ **MEDIUM:** Storing full endpoint strings on-chain increases gas costs. Consider IPFS hash storage. ### 5.10 Initialization Security **Disable Initializers (`ToolRegistry.sol#L118-L120`):** ```solidity constructor() { _disableInitializers(); } ``` ✅ Proper initialization protection for upgradeable contracts. --- ## Section 6: Security Package Review ### 6.1 Cryptographic Primitives Used | Library | Usage | Security | |---------|-------|----------| | viem | EVM signing (secp256k1) | ✅ Well-audited | | ethers.js | Transaction signing, hashing | ✅ Well-audited | | @solana/web3.js | Ed25519 signatures | ✅ Official library | | bs58 | Base58 encoding/decoding | ⚠️ Input validation needed | ### 6.2 Signature Verification Implementations **EVM Signing (`wallet.ts#L241-L244`):** ```typescript async signMessage(message: string): Promise<string> { return this.walletClient.signMessage({ message }); } ``` Delegates to viem which uses proper EIP-191 message signing. **Solana Signing (`wallet.ts#L233-L236`):** ```typescript async signMessage(message: string): Promise<string> { const messageBytes = new TextEncoder().encode(message); const signature = await this.keypair.sign(messageBytes); return bs58.encode(signature); } ``` ⚠️ **MEDIUM (CWE-347):** No domain separation for message signing - could allow signature replay across different contexts. ### 6.3 Hash Function Usage Uses standard library functions: - `keccak256` via viem/ethers for EVM - Native SHA-256 via Solana libraries ### 6.4 Random Number Generation **Solana Keypair Generation (`wallet.ts#L357-L363`):** ```typescript export function generateSolanaKeypair() { const keypair = Keypair.generate(); return { publicKey, privateKey }; } ``` ✅ Uses `Keypair.generate()` which internally uses CSPRNG. ⚠️ **FINDING:** ChainAware client uses `Math.random()` extensively for simulated data - acceptable for mocks but must not reach production. ### 6.5 Input Sanitization Utilities **Status: MINIMAL IMPLEMENTATION** Smart contracts include length validation: ```solidity if (bytes(name).length > MAX_NAME_LENGTH) revert NameTooLong(); if (bytes(endpoint).length > MAX_ENDPOINT_LENGTH) revert EndpointTooLong(); ``` TypeScript tools lack comprehensive input sanitization. ### 6.6 Rate Limiting Implementations **Agent Spending Limits (`agent.ts#L280-L298`):** ```typescript canAfford(amount: string): { allowed: boolean; reason?: string } { if (amountFloat > maxPerRequest) { return { allowed: false, reason: `Amount exceeds limit` }; } } ``` ✅ Per-request and daily limits implemented. ⚠️ No API rate limiting for MCP tools. ### 6.7 IP Blocking/Allowlisting **Status: NOT IMPLEMENTED** No IP-based access controls in the codebase. ### 6.8 JWT/Token Handling **Status: NOT APPLICABLE** No JWT implementation - MCP uses its own transport security. ### 6.9 CORS Configuration **Status: NOT VISIBLE** No CORS configuration in TypeScript server implementations. ### 6.10 CSP Headers **Status: NOT APPLICABLE** No web frontend requiring CSP in the audited scope. --- ## Section 7: Key Management Analysis ### 7.1 Key Generation Methods | Wallet Type | Generation Method | Entropy Source | |-------------|-------------------|----------------| | EVM | Not generated (input only) | N/A | | Solana | `Keypair.generate()` | CSPRNG | | Coinbase MPC | Coinbase CDP SDK | Coinbase-managed | ### 7.2 Key Storage Security **CRITICAL FINDING (CWE-256):** Multiple insecure key storage patterns: 1. **Environment Variables:** ```typescript const COINBASE_CDP_API_KEY_NAME = process.env.COINBASE_CDP_API_KEY_NAME!; const COINBASE_CDP_PRIVATE_KEY = process.env.COINBASE_CDP_PRIVATE_KEY!; ``` 2. **Plaintext File Storage:** ```typescript const seedFilePath = path.join(documentsDir, "mpc_info.json"); wallet.saveSeedToFile(seedFilePath); ``` ### 7.3 Key Rotation Support **Status: NOT IMPLEMENTED** No key rotation mechanisms exist. ### 7.4 Backup and Recovery Coinbase MPC supports seed file backup, but: - ❌ No encryption of backup files - ❌ No secure deletion of old backups - ❌ No recovery phrase generation ### 7.5 Multi-Party Computation **Coinbase MPC Integration:** ```typescript let wallet = await Wallet.create({ networkId: "base-mainnet" }); wallet.saveSeedToFile(seedFilePath); ``` Uses Coinbase CDP for MPC wallet creation, but local seed file negates MPC security benefits. ### 7.6 Threshold Signatures **Status: NOT IMPLEMENTED** No threshold signature schemes beyond Coinbase MPC. ### 7.7 HSM Integration **Status: NOT IMPLEMENTED** No Hardware Security Module support. ### 7.8 Environment Variable Handling **Patterns Found:** ```typescript // x402 Agent this.accessToken = config.accessToken || process.env.ALBY_ACCESS_TOKEN; // ChainAware this.apiKey = apiKey || process.env.CHAINAWARE_API_KEY; // Private Keys privateKey: process.env.X402_PRIVATE_KEY as `0x${string}` | undefined, ``` ✅ Uses environment variables (proper) ⚠️ No validation of key format before use ### 7.9 Secrets in Logs Prevention **Logging Patterns (`mev-protection-mcp/src/utils/logger.js`):** The Logger utility is used but no explicit redaction of sensitive data is implemented. ⚠️ **FINDING (CWE-532):** Private keys passed to MCP tools could be logged in error scenarios. --- ## Section 8: Authentication & Authorization ### 8.1 Authentication Mechanisms | Component | Authentication Method | |-----------|----------------------| | MCP Servers | None (transport-level) | | Coinbase CDP | API Key + Secret | | Alby Lightning | OAuth Access Token | | Smart Contracts | On-chain signatures | ### 8.2 Session Management **Agent Payment Sessions:** ```typescript private dailySpend = 0; private lastDayReset = Date.now(); private paymentHistory: PaymentHistoryEntry[] = []; ``` ⚠️ In-memory session state lost on restart. ### 8.3 Permission Models **Smart Contract Roles:** - `DEFAULT_ADMIN_ROLE` - Full control - `ADMIN_ROLE` - Configuration changes - `VERIFIER_ROLE` - Tool verification - `REVENUE_ROUTER_ROLE` - Payment recording - `SLASHER_ROLE` - Stake slashing - `OPERATOR_ROLE` - Batch operations - `GOVERNANCE_ROLE` - Proposal voting ### 8.4 API Key Management **Coinbase CDP (`x402/src/index.ts#L38-L47`):** ```typescript const COINBASE_CDP_API_KEY_NAME = process.env.COINBASE_CDP_API_KEY_NAME!; if (!COINBASE_CDP_API_KEY_NAME) { console.error("Error: COINBASE_CDP_API_KEY_NAME environment variable is required"); process.exit(1); } ``` ✅ Validates presence of API key at startup. ### 8.5 OAuth Implementations **Alby Integration:** ```typescript this.accessToken = config.accessToken || process.env.ALBY_ACCESS_TOKEN; ``` Uses OAuth access token, but no token refresh mechanism visible. ### 8.6 Role-Based Access Control **Smart Contracts:** ✅ Comprehensive RBAC via OpenZeppelin AccessControl **MCP Tools:** ❌ No RBAC - all tools accessible to any MCP client ### 8.7 Audit Logging **Smart Contracts:** ✅ Events emitted for all state changes **TypeScript:** ⚠️ Minimal logging, no structured audit trail --- ## Section 9: Vulnerability Assessment ### 9.1 Common Vulnerability Checklist | Vulnerability | Status | Notes | |--------------|--------|-------| | **SQL Injection** | N/A | No SQL database | | **XSS** | N/A | No web frontend in scope | | **CSRF** | N/A | No web sessions | | **Path Traversal** | ⚠️ MEDIUM | `seedFilePath` could be manipulated | | **Insecure Deserialization** | ✅ Safe | Uses JSON.parse with try/catch | | **Sensitive Data Exposure** | ❌ CRITICAL | Private keys in tool params | | **Broken Access Control** | ⚠️ HIGH | No MCP tool authorization | | **Security Misconfiguration** | ⚠️ MEDIUM | Default RPC URLs, no HTTPS validation | | **Cryptographic Failures** | ⚠️ MEDIUM | No message domain separation | | **SSRF** | ⚠️ MEDIUM | RPC URLs from user input | ### 9.2 Specific Vulnerability Details **CWE-312: Cleartext Storage of Sensitive Information** - Location: `packages/payments/x402/src/index.ts#L52-L53` - Risk: MPC wallet seeds stored in plaintext JSON **CWE-522: Insufficiently Protected Credentials** - Location: `packages/payments/x402/src/agent.ts#L337` - Risk: Private keys passed as MCP tool parameters **CWE-362: Race Condition** - Location: `packages/payments/x402/src/index.ts` - Risk: No idempotency, duplicate payments possible **CWE-20: Improper Input Validation** - Location: Multiple wallet implementations - Risk: Insufficient address format validation **CWE-347: Improper Verification of Cryptographic Signature** - Location: `packages/wallets/solana/src/wallet.ts#L233` - Risk: No domain separation in message signing **CWE-918: Server-Side Request Forgery** - Location: `packages/security/mev-protection-mcp/src/tools/index.ts` - Risk: User-provided RPC URLs without validation --- ## Section 10: Compliance Considerations ### 10.1 Data Privacy (GDPR Considerations) | Requirement | Status | Notes | |-------------|--------|-------| | Data Minimization | ⚠️ Partial | Wallet addresses stored on-chain | | Right to Access | ❌ Not Implemented | No data export feature | | Right to Erasure | ❌ Impossible | Blockchain immutability | | Data Portability | ⚠️ Partial | JSON export possible | | Consent Management | ❌ Not Implemented | No user consent tracking | ### 10.2 Financial Regulations Awareness **Considerations:** - Payment processing may require money transmitter licenses - KYC/AML not implemented - No transaction monitoring for suspicious activity ### 10.3 Audit Trail Completeness **Smart Contracts:** ✅ Complete event emission **TypeScript:** ❌ Insufficient logging ### 10.4 Data Retention Policies **Status: NOT IMPLEMENTED** No data retention or deletion policies defined. ### 10.5 Right to Deletion Support **Status: PARTIALLY IMPOSSIBLE** - On-chain data cannot be deleted - Off-chain data (logs, seed files) can be deleted but no mechanism exists --- ## Section 11: Issues & Recommendations Table | Severity | Issue | Location | CWE ID | Description | Remediation | |----------|-------|----------|--------|-------------|-------------| | **CRITICAL** | Plaintext seed storage | `payments/x402/src/index.ts#L52` | CWE-312 | MPC seeds stored in `~/Documents/mpc_info.json` without encryption | Implement encryption at rest using OS keychain or dedicated secrets manager | | **CRITICAL** | Private key in MCP params | `security/mev-protection-mcp/src/tools/index.ts#L149` | CWE-522 | Private key passed as tool parameter, could be logged | Remove private key from tool params; use secure key storage | | **HIGH** | No idempotency | `payments/x402/src/index.ts` | CWE-362 | Duplicate payments possible on repeated calls | Implement idempotency keys for payment operations | | **HIGH** | Missing rate limiting | All MCP tools | CWE-770 | No protection against resource exhaustion | Add rate limiting to MCP tool handlers | | **HIGH** | Insufficient address validation | `wallets/*/src/wallet.ts` | CWE-20 | Malformed addresses not rejected | Add checksum validation for EVM, format validation for Solana | | **HIGH** | SSRF via RPC URL | `security/mev-protection-mcp/src/tools/index.ts` | CWE-918 | User-provided RPC URL used directly | Validate RPC URLs against allowlist | | **HIGH** | No authorization on MCP tools | All MCP servers | CWE-285 | Any client can call any tool | Implement tool-level authorization | | **MEDIUM** | Simulated security data | `security/chainaware/src/index.ts` | CWE-330 | Uses Math.random() for security scores | Replace with real API integration or clearly mark as demo | | **MEDIUM** | No message domain separation | `wallets/solana/src/wallet.ts#L233` | CWE-347 | Signatures could be replayed across contexts | Add domain prefix to all signed messages | | **MEDIUM** | In-memory session state | `payments/x402/src/agent.ts` | CWE-384 | Spending limits reset on restart | Persist session state to secure storage | | **MEDIUM** | Missing input sanitization | Multiple locations | CWE-20 | Limited input validation in TypeScript | Add comprehensive input validation library | | **MEDIUM** | No secrets redaction | Logger implementations | CWE-532 | Sensitive data could appear in logs | Implement log redaction patterns | | **MEDIUM** | Predictable file paths | `payments/x402/src/index.ts#L52` | CWE-377 | Seed file location is guessable | Use OS-provided secure storage locations | | **MEDIUM** | Missing TX confirmation | `payments/x402/src/index.ts#L174` | CWE-754 | Transactions scheduled but not confirmed | Wait for blockchain confirmation before returning success | | **LOW** | No BIP-39 support | Wallet packages | N/A | Users cannot use seed phrases | Consider adding mnemonic support | | **LOW** | No hardware wallet support | Wallet packages | N/A | No Ledger/Trezor integration | Add hardware wallet support for high-value operations | | **LOW** | Limited test coverage | Security packages | N/A | Security tools lack comprehensive tests | Increase test coverage | | **LOW** | Endpoint storage on-chain | `contracts/marketplace/ToolRegistry.sol` | N/A | Full URLs stored, increasing gas costs | Use IPFS hash instead | | **LOW** | No OAuth token refresh | `payments/lightning/src/index.ts` | N/A | Alby tokens may expire | Implement token refresh flow | | **LOW** | Documentation gaps | Security package | N/A | Limited security documentation | Add comprehensive security documentation | --- ## Section 12: Action Items Summary ### Critical (Fix Immediately) 1. **Encrypt seed file storage** - Implement encryption for `mpc_info.json` using OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service) - Use `keytar` or similar library for cross-platform support 2. **Remove private key from MCP tool parameters** - Refactor `mev_send_private_transaction` to use secure key storage - Add warning to documentation about key handling ### High (Fix Within 1 Week) 3. **Implement idempotency for payments** - Add unique request IDs to payment operations - Store processed request IDs to prevent duplicates 4. **Add rate limiting to MCP tools** - Implement per-client rate limits - Add backoff handling for repeated failures 5. **Add RPC URL validation** - Create allowlist of known RPC providers - Validate user-provided URLs before use 6. **Implement MCP tool authorization** - Add capability-based authorization for sensitive tools - Document required permissions for each tool 7. **Add comprehensive address validation** - Implement EIP-55 checksum validation for EVM - Add base58 format validation for Solana ### Medium (Fix Within 1 Month) 8. **Replace simulated security data** - Integrate real ChainAware API or remove mock data - Add clear "DEMO MODE" indicators if mocks remain 9. **Add message domain separation** - Prefix all signed messages with domain identifier - Follow EIP-191/EIP-712 for EVM, Solana memo program conventions 10. **Persist agent session state** - Store spending limits in secure persistent storage - Add state recovery on restart 11. **Implement log redaction** - Create patterns for sensitive data (keys, seeds, tokens) - Apply redaction before any logging 12. **Add transaction confirmation waiting** - Wait for blockchain finality before reporting success - Add configurable confirmation count ### Low (Track for Future) 13. Add BIP-39 mnemonic support 14. Implement hardware wallet integration 15. Increase test coverage for security packages 16. Optimize on-chain storage (IPFS for endpoints) 17. Implement OAuth token refresh for Alby 18. Create comprehensive security documentation --- ## Appendix A: Files Reviewed ### Wallet Package - `packages/wallets/evm/src/wallet.ts` (395 lines) - `packages/wallets/evm/src/types.ts` (113 lines) - `packages/wallets/solana/src/wallet.ts` (368 lines) - `packages/wallets/solana/security/SECURITY_CHECKLIST.md` (159 lines) - `packages/wallets/safe-gnosis-mcp/src/index.ts` (46 lines) - `packages/wallets/walletconnect-mcp/` (directory structure) ### Payments Package - `packages/payments/lightning/src/index.ts` (316 lines) - `packages/payments/x402/src/index.ts` (262 lines) - `packages/payments/x402/src/types.ts` (128 lines) - `packages/payments/x402/src/mcp.ts` (415 lines) - `packages/payments/x402/src/agent.ts` (438 lines) ### Security Package - `packages/security/chainaware/src/index.ts` (384 lines) - `packages/security/mev-protection-mcp/src/index.ts` (55 lines) - `packages/security/mev-protection-mcp/src/services/flashbots.ts` (167 lines) - `packages/security/mev-protection-mcp/src/services/mempool.ts` (185 lines) - `packages/security/mev-protection-mcp/src/tools/index.ts` (534 lines) - `packages/security/rugpull-detector-mcp/src/index.ts` (55 lines) - `packages/security/unified-adapter.ts` (100 lines) ### Smart Contracts - `contracts/marketplace/AIServiceMarketplace.sol` (417 lines) - `contracts/marketplace/ToolRegistry.sol` (560 lines) - `contracts/marketplace/RevenueRouter.sol` (475 lines) - `contracts/marketplace/ToolStaking.sol` (516 lines) - `contracts/marketplace/IToolRegistry.sol` ### x402 Protocol - `x402/specs/x402-specification-v2.md` (722 lines) - `x402/SECURITY.md` - `x402-deploy/src/` (directory structure) ### Documentation - `SECURITY.md` (85 lines) - `x402.md` (3677 lines) --- ## Appendix B: Testing Recommendations ### Security Test Cases to Add 1. **Key Handling Tests** - Verify keys are not logged in any scenario - Test key memory clearing after use - Validate key format rejection for invalid inputs 2. **Input Validation Tests** - Fuzz testing for address parsing - Boundary testing for amounts - Malformed RPC URL handling 3. **Concurrency Tests** - Race condition testing for payments - Parallel MCP tool execution - State consistency under load 4. **Smart Contract Tests** - Reentrancy attack simulation - Access control bypass attempts - Upgrade safety verification --- *This audit report was generated by Agent 3 as part of the comprehensive universal-crypto-mcp security review. For questions or clarifications, please contact the security team.*

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nirholas/universal-crypto-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

PAYMENTS_SECURITY_AUDIT.md•32.6 KiB