Safety attestations for on-chain agents

Prove it's safe
before your agent
touches it.

Assay proves on a fork whether a contract is exploitable, signs the verdict your agent gates execution on, and revokes it within a block when the contract changes. A verdict is a proof — not a score.

Authorization, not monitoring. Installs in one PR.

Installs as ERC-4337 session-key policy ERC-7579 validation module Safe transaction guard EIP-712 attestation
Why the verdict holds

A SAFE verdict is a signed clean pass; an UNSAFE one is backed by a working on-fork exploit. Either way it's a result Assay proved — it reasons about the contract, it doesn't pattern-match.

The gap

Session keys scope what an agent may do. Nothing checks whether the target is safe. That gap is where agents get drained — one interaction, irreversible, no chargeback.

Assay → Attest → Enforce

A signed verdict, backed by an on-fork proof, kept true by a monitor.

01 · Assay

Prove exploitability

Fork the chain and attempt the drain. A verdict is a proof, not a guess — or a clean pass with each call site shown safe.

02 · Attest

Sign the verdict

An EIP-712 attestation bound to the exact contract, its code hash, and the block — with a short TTL so it can't go stale silently.

03 · Enforce

Gate & revoke live

The wallet allows the action only with a fresh verdict. A monitor revokes within a block when the contract changes.

Where Assay sits

The others watch and react. Assay authorizes before the act.

Complementary to the incumbents, not competing — a different point in the lifecycle and a different consumer.

Certora
Dev-time · static

Proves properties hold given specs — sold to protocol teams before ship.

Forta · Hypernative
Runtime · monitor

Watches and reacts for the protocol after a tx lands. Detection, then response.

⬡ Assay
Runtime · authorize

Issues a go / no-go the agent gates on before it signs — backed by a working exploit or a signed no-exploit verdict.

One PR to integrate

A UserOp validates only with a fresh verdict for its target.

Assay installs as an ERC-4337 session-key policy (ERC-7579) or a Safe guard. Validation requires both the session key's signature and a fresh Assay verdict for the call's target — enforced before execution, not observed after.

+ ERC-7579 policy + Safe guard + zero app-side work
// session-key policy — enforced in validateUserOp
function validateUserOp(op) {
  require(sessionKey.signed(op)); // what
  require(assay.fresh(op.target)); // whether safe
  // both true → execute · else → op rejected
}
Design partners

Wiring Assay into your account or agent stack?

Design partners get a testnet integration and a co-published safety track record. Free during the pilot.