If you discover a security vulnerability, please report it responsibly.
Contact: security@aiindigo.com PGP: Available on request Response time: We aim to acknowledge within 48 hours.
Please do NOT file public GitHub issues for security vulnerabilities.
- Base network: Coinbase x402 facilitator at x402.org — fee-free ERC-3009
- Solana network: NLx402 by PCEF (501c3 nonprofit) — nonce-locked, hash-bound, zero fees
- Payment IS authentication — no API keys to leak
- Agents sign requests with their wallet (Ed25519 for Solana, secp256k1 for EVM)
- Nonce-based replay protection (5-minute window, one-time use)
- Timestamp drift tolerance: 60 seconds max
- No API keys. No secrets. Just cryptographic proof.
- Agents can request encrypted responses via
X-Encrypt-Responseheader - Algorithm: Curve25519 key exchange + XSalsa20-Poly1305 (NaCl box)
- Ephemeral keypairs for each response (perfect forward secrecy)
- Only the requesting agent can decrypt the response
- YARA-style pattern matching on Bitcoin transactions
- Detects: tumbling, dust attacks, CoinJoin, peel chains, wash trading, consolidation
- Powered by patterns inspired by PCEF's Traceix and YARA rule engines
- Free tier: 100 req/min per IP+UA
- Signed tier: 500 req/min (wallet-verified requests)
- Paid tier: Unlimited (x402 micropayment)
- Staked tier: Unlimited + priority routing
- Progressive backoff for repeat violators
- Simulated Groth16 proofs (production: compiled circom circuits)
- Balance proofs: salted commitment hides exact balance, only threshold comparison revealed
- Age proofs: UTXO Merkle root proves set without revealing individual UTXOs
- Membership proofs: nullifier prevents proof reuse, Merkle path proves inclusion
- Verification endpoint allows Agent B to verify Agent A's proof without regeneration
- All proofs use
crypto.randomUUID()salts — no two proofs for the same input are identical - Cache policy:
no-store— proofs are never cached at edge or middleware
- SSE streams include inline CORS headers (middleware can't inject on custom Response objects)
Access-Control-Allow-Origin: *for cross-origin agent accessX-Content-Type-Options: nosniffto prevent MIME sniffing- Cache policy:
no-store— streams are never cached - Max connection duration: 5 minutes (prevents resource exhaustion)
- Heartbeat every 30 seconds (keeps connection alive, detects stale clients)
- Whale stream deduplicates via txid Set (prevents duplicate alerts)
All API responses include:
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'X-Content-Type-Options: nosniffX-Frame-Options: DENYStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadReferrer-Policy: strict-origin-when-cross-originPermissions-Policy: camera=(), microphone=(), geolocation=()
- API key leakage: No keys to leak. Payment = auth. Wallet signatures = identity.
- Replay attacks: Nonce-based protection with 5-minute TTL
- Response interception: Optional Curve25519 encrypted responses
- Rate limit evasion: IP+UA combined keys, progressive backoff
- Malicious address interaction: YARA-pattern threat analysis warns agents
- Facilitator tampering: NLx402 uses hash-bound, nonce-locked proofs
- Compromised agent wallets (agent's responsibility)
- Mempool.space API downtime (upstream dependency)
- On-chain transaction privacy (use ZK proof endpoints for privacy-preserving verification)
BTCFi stores zero user data.
- All Bitcoin data is proxied from mempool.space in real-time
- No queries are logged or stored
- No personal information is collected
- Rate limit counters use Vercel KV (persistent) with in-memory fallback
- Nonce store is in-memory (5-minute TTL, reset on cold start)
- Revenue counters use Vercel KV (persistent) with in-memory fallback
| Dependency | Purpose | Trust Level |
|---|---|---|
| mempool.space | Bitcoin data source | High — open source, widely used |
| NLx402 (thrt.ai) | Solana x402 facilitator | High — PCEF 501(c)(3) nonprofit |
| tweetnacl | Encryption (NaCl) | High — audited, pure JS, widely used |
| Web Crypto API | ZK proof hashing (SHA-256) | High — browser/Node built-in |
| Next.js | Web framework | High — Vercel maintained |
| Feature | Algorithm | Library |
|---|---|---|
| Response encryption | Curve25519 + XSalsa20-Poly1305 | tweetnacl |
| Solana signatures | Ed25519 | tweetnacl |
| EVM signatures | secp256k1 + keccak256 | ethers.js (dynamic import, rejects if unavailable) |
| ZK proofs (live) | Simulated Groth16 zk-SNARKs | Web Crypto SHA-256 (circom circuits planned) |
- PCEF (Perkins Cybersecurity Educational Fund): NLx402 facilitator, Traceix patterns, YARA inspiration
- zkRune: ZK circuit templates (Circom/Groth16)
- Clawd Bot: Vesting/staking patterns, Fomo3D game theory
- Utopian Contributors: P2P encryption architecture patterns
Built by AI Indigo. Open source security. No rugs. Just ships.