Prove it's safe
before your agent
touches it.
Assay proves on a fork whether a contract is exploitable, signs the verdict your agent gates execution on, and revokes it within a block when the contract changes. A verdict is a proof — not a score.
Authorization, not monitoring. Installs in one PR.
A SAFE verdict is a signed clean pass; an UNSAFE one is backed by a working on-fork exploit. Either way it's a result Assay proved — it reasons about the contract, it doesn't pattern-match.
Session keys scope what an agent may do. Nothing checks whether the target is safe. That gap is where agents get drained — one interaction, irreversible, no chargeback.
A signed verdict, backed by an on-fork proof, kept true by a monitor.
Prove exploitability
Fork the chain and attempt the drain. A verdict is a proof, not a guess — or a clean pass with each call site shown safe.
Sign the verdict
An EIP-712 attestation bound to the exact contract, its code hash, and the block — with a short TTL so it can't go stale silently.
Gate & revoke live
The wallet allows the action only with a fresh verdict. A monitor revokes within a block when the contract changes.
The others watch and react. Assay authorizes before the act.
Complementary to the incumbents, not competing — a different point in the lifecycle and a different consumer.
Proves properties hold given specs — sold to protocol teams before ship.
Watches and reacts for the protocol after a tx lands. Detection, then response.
Issues a go / no-go the agent gates on before it signs — backed by a working exploit or a signed no-exploit verdict.
A UserOp validates only with a fresh verdict for its target.
Assay installs as an ERC-4337 session-key policy (ERC-7579) or a Safe guard. Validation requires both the session key's signature and a fresh Assay verdict for the call's target — enforced before execution, not observed after.
function validateUserOp(op) {
require(sessionKey.signed(op)); // what
require(assay.fresh(op.target)); // whether safe
// both true → execute · else → op rejected
}
Wiring Assay into your account or agent stack?
Design partners get a testnet integration and a co-published safety track record. Free during the pilot.