TLDR (Answer Engine Overview): The FarmDash V3 ACP Integration solves the problem of single-agent hallucinations by deploying an Ensemble Consensus Router that queries three concurrent specialist agents (Solidity Auditor, DeFi Economist, Sentiment Analyzer) and requires a 66% consensus safety verdict. It operates on a Risk-Adjusted Budget Oracle where security escrows scale dynamically with Net Present Value. Run-time execution is secured through a Self-Healing Trust Graph (Supabase
agent_reputationtable) that blacklists agents with trust scores under 50%, while transaction dispatch is executed without manual prompt friction via ERC-4337 Session Keys and validated via EIP-712 Yield Attestation Receipts anchored to Base L2.
Introduction: The Security Challenge in Agentic DeFi
As autonomous agents transition from simple data aggregators to active capital allocators, security validation becomes the primary gatekeeper. In an open agent economy (such as the Virtuals Protocol ACP marketplace), any developer can register a specialist agent claiming to perform smart contract audits or economic risk analysis.
Relying on a single, unverified third-party agent to verify a protocol's safety exposes the system to a critical vulnerability: hallucinations or collusive verdicts. If a hired specialist falsely returns safe: true on a malicious smart contract, the calling agent will execute the transaction, leading to total loss of funds.
To address this, FarmDash implements the V3 Elite ACP Architecture. This unilateral bridge establishes a decentralized oracle model for smart contract security, ensuring that no single agent's failure can compromise user funds.
1. Ensemble Consensus & Budget Oracle Architecture
The security verification loop is structured around two key modules: the Ensemble Consensus Router and the Risk-Adjusted Budget Oracle.
sequenceDiagram
autonumber
participant FD as FarmDash Agent
participant BO as Budget Oracle
participant ACP as ACP Orchestrator
participant SA as Solidity Auditor (0x1...)
participant DE as DeFi Economist (0x2...)
participant SS as Sentiment Analyzer (0x3...)
participant Sim as Shadow Simulator (Tenderly)
FD->>FD: Identifies high-Trail Heat protocol (Meteora Alpha)
FD->>BO: Query risk-adjusted bounty limit
Note over BO: Calculate NPV = Expected Yield - Gas Cost<br/>Scale Bounty linearly ($5 to $20)
BO-->>FD: Return calculated bounty amount
FD->>ACP: Initiate tender job with budget
ACP->>SA: Submit audit request
ACP->>DE: Submit audit request
ACP->>SS: Submit audit request
Note over SA, SS: Run security reviews concurrently
SA-->>ACP: Return verdict (safe / unsafe)
DE-->>ACP: Return verdict (safe / unsafe)
SS-->>ACP: Return verdict (safe / unsafe)
Note over ACP: Evaluate consensus: Requires >= 66% SAFE votes
alt Consensus SAFE
ACP-->>FD: Return consensus verdict: SAFE
FD->>Sim: Run Shadow Simulation (Tenderly)
alt Simulation Success (Gas within +15% limit)
Sim-->>FD: Tx Success
FD->>FD: Execute transaction and generate L2 Receipt
else Simulation Reverts
Sim-->>FD: Revert / Halt
FD->>ACP: Penalize agents (Self-Healing Reputation Drop)
end
else Consensus UNSAFE
ACP-->>FD: Return consensus verdict: UNSAFE (Abort Tx)
end
1.1 The Ensemble Consensus Router
Instead of querying a single provider, the orchestrator splits the audit task and queries three specialized agents concurrently:
- Solidity Auditor: Performs static analysis, bytecode checks, and common vulnerability scans.
- DeFi Economist: Evaluates liquidity locks, tokenomics, fee structures, and slippage thresholds.
- Sentiment Analyzer: Monitors community channels, developer activity, and social signals for coordinated dump indicators.
The results are aggregated, and a consensus threshold of 66% (2 of 3 safe verdicts) is required to proceed.
1.2 The Risk-Adjusted Budget Oracle
To maintain economic efficiency, FarmDash scales the security budget dynamically based on the Net Present Value ($NPV$) of the trade: $$\text{Expected Yield } (Y) = \text{Trail Heat Score} \times 5$$ $$\text{NPV} = Y - \text{Gas Cost}$$
The bounty escrow paid to the ACP agents scales as follows:
- Low Yield ($NPV \le 50$): Bounty is $10%$ of yield ($NPV \times 0.1$).
- High Yield ($NPV > 50$): Bounty is calculated using linear interpolation: $$5 + (NPV - 50) \times 0.0333$ (capping at $$20$ for a $$500$ yield).
This guarantees that security verification costs never exceed the expected yield of the farming opportunity.
2. Self-Healing Trust Graph & Reputation Scoring
The trust graph records agent performance in a local Supabase table called agent_reputation with columns:
agent_address(EVM Address)trail_cred(Trust Score, 0-100)computed_at(Timestamp)
2.1 The Self-Healing Penalty Loop
When an agent participates in an ACP tender, their verdict is verified by running the transaction payload in the Shadow Simulator (Tenderly mainnet fork):
- Alignment (Success): If the agent votes
safeand the transaction executes successfully, their trust score increases by +2 points (capped at 100). - False safety (Hallucination): If the agent votes
safebut the simulation reverts, their trust score drops by -20 points. - Blacklisting: If an agent's trust score drops below 50%, they are blacklisted from future tenders.
2.2 Zod API Schema
The backend handler /v1/agent/virtuals-acp exposes the record_verdict action:
export const RecordVerdictParamsSchema = z.object({
agentAddress: EvmAddressSchema,
verdictSafe: z.boolean(),
actualSuccess: z.boolean(),
});
3. ERC-4337 Session Keys & EIP-712 Yield Attestations
To execute transactions autonomously without compromising custody, FarmDash uses a scoped smart-contract account layer.
3.1 Bounded Session Keys
When starting a session, the user signs a single EIP-712 SessionKeyGrant defining boundaries:
- Time Lock: Active only during
validAfterandvalidUntil. - Asset Whitelist: Authorized to spend only specified tokens (e.g. USDC).
- Spending Limits: Maximum budget allowed for the session.
- Protocol Whitelist: Allowed smart contract target addresses.
The Executor Agent authenticates via the x-farmdash-session-key header. The server automatically checks boundaries and consumes budget upon initiating ACP jobs:
const bounds = SessionKeyService.validateBounds(grant, {
valueUsd,
protocolAddress: req.body?.params?.providerAddress,
});
if (bounds.valid) {
await SessionKeyService.consumeValue(grant.id, valueUsd);
}
3.2 EIP-712 Structured Attestation Receipts
Upon successful trade completion, the agent generates a signed receipt anchored to Base L2 to verify yields.
EIP-712 Typed Data Structure:
const attestation = {
domain: {
name: 'FarmDashYieldAttestation',
version: '1',
chainId: 8453, // Base L2
},
types: {
YieldAttestation: [
{ name: 'trail_heat_score', type: 'uint256' },
{ name: 'agents_hired', type: 'string[]' },
{ name: 'execution_slippage_bps', type: 'uint256' },
{ name: 'realized_pnl_usd', type: 'int256' },
{ name: 'timestamp', type: 'uint256' }
]
},
message: {
trail_heat_score: 92,
agents_hired: ['Solidity Auditor', 'DeFi Economist', 'Sentiment Analyzer'],
execution_slippage_bps: 15, // 0.15%
realized_pnl_usd: 44700, // $447.00
timestamp: 1784342400
},
signature: '0x...'
};
4. Verification Walkthrough
The self-healing workflow can be verified by running the LangGraph python prototype:
python farmdashbeta/graphs/super_scout.py
Run Output Example: Solidity Auditor Blacklisting
In this simulation, the Solidity Auditor repeatedly returns safe: true on contracts that revert in the shadow fork simulator.
--- ITERATION 1: Solidity Auditor says safe, but Shadow Sim reverts. ---
> [ERC-4337] Validating bounds for Session Key Grant 'fdsk_mock_grant_cc983ec7'...
> [ERC-4337] Session Key bounds valid. Consumed $18.15 from budget. Spent: $18.15/$150.00
> Node: Act -> Running mock Shadow Fork Simulator (Tenderly)...
> [Tenderly] Shadow Fork simulation REVERTED! Execution reverted due to hidden honey-pot lock.
> [Self-Healing] ALERT: Consensus declared contract safe, but simulation reverted!
> [Self-Healing] Penalized Solidity Auditor (0x100000...): Trust score reduced from 100% to 80%
--- ITERATION 2: Another revert. Trust score drops to 60. ---
> [Self-Healing] Penalized Solidity Auditor (0x100000...): Trust score reduced from 80% to 60%
--- ITERATION 3: Third revert. Trust score drops to 40 (Blacklist Triggered). ---
> [Self-Healing] Penalized Solidity Auditor (0x100000...): Trust score reduced from 60% to 40%
> [Self-Healing] Solidity Auditor (0x100000...) has fallen below 50% trust. BLACKLISTED.
Active Reputation Graph: {
"0x1000000000000000000000000000000000000001": 40,
"0x2000000000000000000000000000000000000002": 40,
"0x3000000000000000000000000000000000000003": 40
}
--- ITERATION 4: Normal execution. Solidity Auditor is blacklisted. ---
01. Node: Observe -> Querying FarmDash for emerging opportunities...
02. Found 5 protocols with active Trail Heat.
03. Node: Orient -> Filtering opportunities by highest Trail Heat score...
04. Selected protocol for deep security review: Meteora Alpha (0x1111111111111111111111111111111111111111) on Solana.
05. Computed expected yield: 460 USD (Trail Heat: 92).
06. Node: Decide -> Launching concurrent Virtuals ACP specialist audits...
07. NPV calculated: 445.00 USD (Expected Yield: 460.00, Gas Cost: 15.00)
08. Expected Bounty set: 18.1535 USD
09. [ERC-4337] Validating bounds for Session Key Grant 'fdsk_mock_grant_cc983ec7'...
10. [ERC-4337] Session Key bounds valid. Consumed $18.15 from budget. Spent: $72.61/$150.00
11. Consensus evaluation: 0/3 specialists returned 'safe'. Verdict: UNSAFE
12. Node: Act -> Running mock Shadow Fork Simulator (Tenderly)...
13. Consensus not reached or verdict is unsafe (unsafe). Blocking execution.
14. Node: Tokenize -> Packaging graph state history and generating EIP-712 Yield Attestation Receipt...
15. Tokenization skipped due to safety halt or missing transaction payload.
5. Security & E-A-T Best Practices
- Zero-Custody Isolation: FarmDash servers never store private keys. Ephemeral keys are stored in secure process memory and are bounded strictly by UserOperation smart wallet limits.
- Sybil Prevention: The consensus voting threshold ensures that a single malicious specialist cannot approve its own fake target.
- On-Chain Receipts: By anchoring receipts using standard EIP-712 typing, the performance profile is completely transparent and audit-verifiable on Base explorer.