Security Model
Security in Brain is enforced through layered validation across smart accounts, policies, identity, and monitoring.
Layered Validation
Smart Account Validation
Cryptographic correctness, replay protection, gas and account-level constraints (ERC-4337)
Policy Enforcement
All agent actions and payments must carry a valid signed policy proof
Identity Verification
SIWX sessions and ERC-8004 identities tie every action to a concrete user and agent
Transaction Monitoring
Off-chain monitoring detects anomalies, rate limit breaches, and behavioral outliers
Security Guarantees
No unauthorized execution — any action without valid authentication and policy proof is rejected at the account level.
Full auditability — all significant actions are linked to agentId, policy context, and on-chain transactions.
Constrained delegation — EIP-7702-based delegation is always bounded by Brain policies and is revocable by the user at any time.
Attack Surface Mitigations
Replay attacks
Every UserOperation includes a nonce. x402 payment intents include nonces and expiries. The PolicyValidator contract rejects any operation with a used or expired nonce.
Unauthorized agent actions
Agents are scoped to their configured policy. The PolicyValidator contract is invoked in the validateUserOp path — no action can bypass it.
Key compromise EIP-7702 delegation is immediately revocable. Smart account ownership can be transferred. Agents can be paused or revoked without migrating the user's address.
Overspending Spend limits are enforced at the smart account level, not just in the backend. Even if the backend were compromised, the smart account would reject UserOperations exceeding policy limits.
Monitoring
Brain's off-chain monitoring layer provides:
Anomaly detection on transaction patterns
Rate limit enforcement across merchants and resources
Behavioral outlier alerts for agents exceeding expected usage profiles
Receipt correlation for end-to-end payment auditability
Last updated