Safety attestations for on-chain agents

Prove it's safe
before your agent
touches it.

Assay proves whether a contract is exploitable on a fork, signs a verdict your agent gates execution on, and revokes it within a block when the contract changes.

Session keys scope what an agent may do. They don't check whether the target is safe. That gap is where agents get drained — one interaction, irreversible, no chargeback.

Assay → Attest → Enforce

A signed verdict, backed by an on-fork exploit proof, kept true by a monitor.

01 · ASSAY

Prove exploitability

Fork the chain and attempt the drain. A verdict is a proof, not a guess — or a clean pass with the sites shown safe.

02 · ATTEST

Sign the verdict

An EIP-712 attestation bound to the exact contract, its code hash, and the block — with a short TTL.

03 · ENFORCE

Gate & revoke live

Your wallet allows the action only with a fresh verdict. A monitor revokes within a block when the contract changes.

Demonstrated, not asserted

Every claim below is reproducible.

Finds & proves

Discovers the vulnerability and writes a passing on-fork exploit — not a static heuristic.

Generalizes

Reproduced a canonical, third-party reentrancy it never authored, from only the source.

Precise

Zero false positives on a safe contract byte-identical in shape to a vulnerable one. It reasons; it doesn't pattern-match.

Live revocation

Proxy upgrade slips past code-hash pinning; the monitor catches it and the agent's next transaction is auto-blocked.

One PR to integrate

Assay installs as an ERC-4337 session-key policy (ERC-7579) or a Safe guard. A UserOp validates only with both the session key's signature and a fresh Assay verdict for its target — enforced before execution.

This is authorization, not monitoring. Runtime security watches the protocol and reacts. Assay authorizes the agent before it acts.

// session-key policy
validateUserOp(op) {
  require(sessionKey.signed(op));
  require(assay.fresh(op.target));
  // else → op rejected
}

Wiring Assay into your account or agent stack?

Design partners get a testnet integration and a co-published safety track record. Free during the pilot.

hello@getassay.xyz