Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

Agentify Info

www.agentifyai.org

Agentify empowers AI agents to interact, adapt, and automate Web3 tasks using the Model Context Protocol (MCP). From DeFi to cross-chain operations, deploy agents that evolve and monetize as they work.

Agentify Logo
Onboarded date 20/05/2025

Team and KYC Verification

The team has securely submitted their personal information to SolidProof.io for verification.

In the event of any fraudulent activities, this information will be promptly reported to the relevant authorities to ensure accountability and compliance.

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

77.74
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

Select the audit
"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
N/A
Network N/A
License N/A
Compiler N/A
Type N/A
Language Solidity
Onboard date 2025/05/22
Revision date 2025/06/02

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Contract is upgradeable

The contract uses a proxy pattern or similar mechanism, enabling future upgrades. This can introduce risks if the upgrade mechanism is not securely managed.

Scope of Work

This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.

The auditing process consists of the following systematic steps:

  1. Specification Review: Analyze the provided specifications, route documentation, and architectural context to fully understand the backend system's purpose, data flows, and API surface area.
  2. Manual Code Examination: Conduct a thorough, line-by-line review of the backend source code to identify security risks, access control weaknesses, logic flaws, and maintainability issues.
  3. Specification Alignment: Ensure that the implemented logic aligns with the intended specifications, particularly for critical operations such as authentication, authorization, data updates, and user-based access.
  4. Test Coverage Assessment: Review the presence and depth of test coverage (unit and integration), focusing on critical modules such as authentication, transaction processing, and user data handling.
  5. Configuration & Security Review: Examine configuration files, middleware, and startup logic to verify secure settings, proper environment variable usage, and safe third-party integrations (e.g., CORS, secrets, cookies, JWT).
  6. Best Practices Evaluation: Assess the codebase against established backend security and engineering best practices, including RBAC enforcement, input validation via Pydantic, structured error handling, and clean logging.
  7. Actionable Recommendations: Provide specific and prioritized recommendations to improve the backend’s security, reliability, and maintainability, with a focus on remediation of critical and high-severity findings.

A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

This security audit of the Agentify-AI backend codebase focused on evaluating the FastAPI-based application for vulnerabilities in access control, configuration, input validation, logging, and data handling. The goal was to identify risks that could impact data confidentiality, integrity, or system reliability and to ensure that the application meets production-grade security expectations.

The backend is modular and logically organized, but the audit uncovered multiple security and maintainability issues. Most issues have been successfully addressed, with only three remaining items requiring attention before production deployment.

Technical Summary
  • Authorization & Access Control: Critical progress has been made in user endpoint security. Most user operations now include proper ownership validation. However, POST /users/ still allows arbitrary user_id creation and GET /users/ exposes all user data to any authenticated user without role restrictions. STATUS: PARTIALLY RESOLVED
  • Input Validation: Routes handling agent creation and updates have been updated to use proper Pydantic models instead of accepting raw dict objects, eliminating the risk of malformed or malicious payloads. STATUS: RESOLVED
  • Authentication Integration: User preference endpoints have been secured to derive user identity from JWT tokens rather than accepting manipulatable user_id parameters. Transaction retrieval now properly validates user authorization. STATUS: RESOLVED
  • Secrets & Configuration Management: Hardcoded sensitive data including JWT verification keys and API cookies have been externalized to environment variables, improving security and deployment flexibility. STATUS: RESOLVED
  • Endpoint Exposure & CORS Policy: CORS configuration has been restricted from permissive wildcard settings to trusted domains. However, the /api/v1/agents/list-agents/ endpoint remains unauthenticated due to EXCLUDED_PATHS configuration, potentially exposing agent metadata. STATUS: PARTIALLY RESOLVED
  • Runtime Logic & Agent Loading: Agent loading has been optimized with primary loading occurring at startup. Fallback loading logic has been streamlined to reduce potential race conditions and inefficiencies. STATUS: RESOLVED
  • Error Handling & Logging: Print statements have been replaced with proper logging frameworks across utility and route files. However, some endpoints still use overly broad exception handling and inconsistent error response formats. STATUS: PARTIALLY RESOLVED
  • Data Integrity & Storage Consistency: MongoDB operations have been standardized to use consistent key names (agentId) for agent operations. Checkpoint collection naming has been corrected to match MongoDBSaver configuration. STATUS: RESOLVED
  • Code Quality & Maintainability: Dead code, commented sections, and redundant function names have been cleaned up across multiple files. Complex checkpoint handling logic has been simplified and utility functions with hardcoded values have been removed or refactored. STATUS: RESOLVED
Remediation Roadmap
  1. Complete user access control implementation: Restrict POST /users/ to use token-derived user_id and implement role-based access for GET /users/ endpoint (CRITICAL - PARTIALLY RESOLVED).
  2. Secure agent listing endpoint: Evaluate whether /api/v1/agents/list-agents/ should remain public or be moved to authenticated access (MEDIUM - UNRESOLVED).
  3. Standardize error handling: Replace remaining broad exception handlers with specific exception types and ensure consistent error response formats across all endpoints (LOW - PARTIALLY RESOLVED).
  4. Maintain security standards: Continue regular dependency audits and version pinning in requirements.txt.

Note: This audit covers only the backend Python FastAPI implementation. Frontend code and smart contract logic were not part of this review. The remaining unresolved issues should be addressed according to severity and re-tested before deployment to production environments handling sensitive user data or transactions.

Files and details

Findings and Audit result

Critical
High
1
Medium
2
Low
Optimization
Informational
critical Issues | 1 findings

Resolved

#1 critical Issue
Missing Authorization / Insufficient Access Control on User Endpoints
app/routes/user.py (via main.py middleware)
LN/A (Applies to all routes in user.py)
Description

While user endpoints are authenticated, any authenticated user can perform CRUD operations on any user's data due to lack of authorization checks.

Comments

Implement role-based access control (RBAC) or ownership checks for all user management endpoints. Authenticated users should not be able to modify or access other users' data without explicit permissions.

Alleviation

Not fully resolved. While some parts have ownership checks, the user creation and user listing endpoints have critical authorization vulnerabilities. GET /users/{user_id}, PUT /users/{user_id}, DELETE /users/{user_id} correctly check if the authenticated user is operating on their own data. This part is good. Vulnerability: POST /users/ (create user): Any authenticated user can call this. user_id is taken from the request body, allowing potential creation of users with arbitrary user_ids. It should ideally use the token's user_id for the new user or ensure the user_id in the body matches the token. Vulnerability: GET /users/ (list all users): Any authenticated user can list all users' details (user_id, wallet_address). This endpoint should typically be restricted to administrative roles.

high Issues | 4 findings

Resolved

#1 high Issue
Lack of Input Validation
app/routes/agents.py
LN/A (Applies to /create-agent and /update-agent)
Description

Endpoints /create-agent and /update-agent/{agent_id} accept 'agent_data: dict' without schema enforcement or validation, risking errors or malicious input.

Comments

Use Pydantic models for strict input validation on the 'agent_data' dictionary to prevent malformed data and potential injection vulnerabilities.

Resolved

#2 high Issue
User ID as Query Parameter Allowing Unauthorized Updates
app/routes/agents_v1.py
LN/A (Applies to /agents/preferences/ endpoint)
Description

The /agents/preferences/ endpoint accepts 'user_id' as a query parameter, potentially allowing users to update preferences for other users if not strictly validated server-side against the authenticated user.

Comments

The 'user_id' for preference updates should be derived from the authentication token, not accepted as a query parameter, to prevent users from updating others' preferences.

Alleviation

The PUT /agents/preferences/ route in app/routes/agents_v1.py takes user_id as a query parameter and uses it directly, instead of deriving it from the authenticated user's token (request.state.user). The function does not have request: Request in its signature to access the token details.

Resolved

#3 high Issue
Potential Missing Authorization Check in Transaction Retrieval
app/routes/transactions.py
LN/A (Applies to get_transaction function call)
Description

The GET /transactions/{transaction_id} endpoint doesn't seem to use the authenticated user's ID when calling 'get_transaction', potentially allowing any authenticated user to retrieve any transaction.

Comments

Ensure the 'get_transaction' function (and similar data access functions like 'update_transaction', 'delete_transaction') checks if the authenticated user is authorized to access/modify the specific transaction, e.g., by passing the user_id from the token.

Resolved

#4 high Issue
Hardcoded Cookie in API Request
app/utils/lifi_utils.py
LN/A (get_advanced_routes function)
Description

The 'get_advanced_routes' function includes a hardcoded cookie in its API request headers, which is a security risk.

Comments

Remove the hardcoded cookie from the 'get_advanced_routes' function. If a cookie is necessary, manage it securely (e.g., obtain dynamically, use configuration).

medium Issues | 12 findings

Resolved

#1 medium Issue
Hardcoded Cryptographic Key
app/utils/privy_utils.py, main.py
LN/A
Description

The JWT public verification key (VERIFICATION_KEY) is hardcoded in 'privy_utils.py' and duplicated in 'main.py'.

Comments

Store the JWT public verification key in a secure configuration (e.g., environment variable) instead of hardcoding it in source files to facilitate key rotation and reduce exposure.

Resolved

#2 medium Issue
Duplicate Route Definition
app/routes/agents.py
LN/A (Route /list-agents)
Description

The route /list-agents is defined twice in agents.py; the second definition will overwrite the first.

Comments

Remove the redundant definition of the /list-agents endpoint to avoid confusion and ensure intended behavior.

Resolved

#3 medium Issue
Potentially Risky Endpoint Exposed
app/routes/agents.py
LN/A (Route /load-agents)
Description

The /load-agents endpoint calls 'load_agents_on_startup()'. Exposing this as an API might lead to unintended re-initializations or side effects.

Comments

Evaluate if the '/load-agents' endpoint, which calls 'load_agents_on_startup()', needs to be publicly accessible. If it's an initialization step, it should not be an open API endpoint.

Resolved

#4 medium Issue
Complex Agent Loading Logic in Request Path
app/routes/chat.py
LN/A
Description

The chat endpoint has logic to load agents if not found in AGENT_REGISTRY by calling load_agents_on_startup(), which could be inefficient and lead to side effects.

Comments

Simplify agent loading. Agents should ideally be loaded once at application startup (as done in main.py) rather than potentially reloading within a request path.

Alleviation

Primary agent loading is at startup. app/routes/chat.py (via check_agent_registry in agent_utils.py) can trigger load_agents_on_startup() as a fallback if an agent is in REGISTERED_AGENTS but not AGENT_REGISTRY. This fallback reloads all agents and could be inefficient if triggered.

Resolved

#5 medium Issue
Redundant User ID Path Parameter
app/routes/threads.py
LN/A (All routes)
Description

Endpoints in threads.py take 'user_id' as a path parameter but then use the 'user_id' from the authenticated token, making the path parameter redundant.

Comments

Remove the 'user_id' path parameter from thread routes and rely solely on the authenticated user's ID from the token to simplify the API and align with RESTful practices.

Resolved

#6 medium Issue
Potentially Unauthenticated Statistics Endpoint
app/routes/transactions.py
LN/A (Route /statistics/)
Description

The /statistics/ endpoint does not appear to have authentication, which could expose sensitive aggregate data if not intended for public view.

Comments

Verify if the /statistics/ endpoint is intended for public access. If the data is sensitive, enforce authentication and authorization.

Resolved

#7 medium Issue
Agent Loading Strategy
app/utils/agent_utils.py, main.py
LN/A
Description

Agent loading via 'load_agents_on_startup()' could be inefficient if called multiple times. 'main.py' calls it once, which is good. Concerns in 'chat.py' and 'agents.py' about calling it should be reviewed to ensure they don't cause reloads.

Comments

The 'load_agents_on_startup()' is correctly called in 'main.py'. Ensure this remains the single point of agent initialization to avoid inefficiencies.

Resolved

#8 medium Issue
Inconsistent Key for Agent Database Updates
app/utils/mongodb_utils.py
LN/A
Description

'save_agent_to_db' uses 'agentName' for upserting, while 'update_agent_to_db' uses 'agentId'. This inconsistency can lead to data issues.

Comments

Standardize on using 'agentId' as the unique key for all agent database operations (updates, queries) to ensure consistency.

Resolved

#9 medium Issue
Potential Incorrect Collection Name for Deleting Checkpoints
app/utils/mongodb_utils.py
LN/A (delete_messages_by_thread_id function)
Description

'delete_messages_by_thread_id' uses 'db["checkpoints"]', but 'MongoDBSaver' uses 'checkpoint_ns="AGY"'. The actual collection name might differ.

Comments

Verify and use the correct MongoDB collection name when deleting chat history checkpoints, ensuring it matches how 'MongoDBSaver' stores them (related to 'checkpoint_ns="AGY"').

Alleviation

delete_messages_by_thread_id in app/utils/mongodb_utils.py uses hardcoded collection db["checkpoints"]. MongoDBSaver (used for saving checkpoints) with checkpoint_ns="AGY" will use the collection checkpoints_AGY. This mismatch means deletions won't target the correct collection.

Resolved

#10 medium Issue
Silent Error Handling Obscuring Failures
app/utils/lifi_utils.py
LN/A (get_advanced_routes function)
Description

The 'get_advanced_routes' function returns an empty dictionary '{}' on API request failure, which can hide the error from the caller.

Comments

Modify 'get_advanced_routes' to propagate errors more explicitly (e.g., return None, raise custom exception) instead of returning an empty dictionary on failure.

Resolved

#11 medium Issue
Overly Permissive CORS Policy
main.py
LN/A (CORS Middleware)
Description

CORS is configured with 'allow_origins=["*"]', which is too permissive for a production environment.

Comments

For production, restrict 'allow_origins' in the CORS middleware to a list of known, trusted domains instead of '*'.

Acknowledged

#12 medium Issue
Unauthenticated Agent Listing Endpoints
main.py (EXCLUDED_PATHS), app/routes/agents_v1.py
LN/A
Description

The path '/api/v1/agents' is excluded from authentication, making agent listing endpoints public.

Comments

Determine if GET /api/v1/agents/ and GET /api/v1/agents/count-by-tag are intended to be public. If not, remove '/api/v1/agents' from EXCLUDED_PATHS in main.py.

Alleviation

GET /api/v1/agents/list-agents/ is unauthenticated due to its inclusion in EXCLUDED_PATHS in main.py. GET /api/v1/agents/count-by-tag is authenticated. If public listing of agent information is not intended, the unauthenticated list-agents endpoint is an issue.

low Issues | 8 findings

Resolved

#1 low Issue
Potential Dead or Commented-Out Code
app/routes/agents.py, app/routes/agents_v1.py, app/routes/transactions.py
LN/A
Description

Multiple files contain commented-out code sections or unused variables (e.g., 'ALLOWED_CHAINS' in lifi_utils.py) that should be removed.

Comments

Review and remove commented-out code blocks and unused variables across multiple files (agents.py, agents_v1.py, transactions.py, chat.py, lifi_utils.py) to improve code clarity and maintainability.

Resolved

#2 low Issue
Redundant User ID Query/Body Parameter
app/routes/agent_command.py, app/routes/transactions.py, app/routes/chat.py
LN/A
Description

Several endpoints accept 'user_id' as a query or body parameter which is then overwritten by the 'user_id' from the auth token.

Comments

Remove 'user_id' parameters from request bodies or query strings where the user's identity is already established via the authentication token ('request.state.user').

Alleviation

app/routes/agent_command.py (create_new_agent_command): command_data.user_id from body is overwritten by token user_id. app/routes/transactions.py (create_new_transaction, create_new_transaction_with_hash): transaction_data.user_id from body is overwritten by token user_id. app/routes/chat.py (chat_with_agent): chatRequest.userId from body is accepted but not used; token user_id is used.

Resolved

#3 low Issue
Use of 'print' for Logging
app/routes/mapping.py, app/utils/mongodb_utils.py, app/utils/lifi_utils.py, app/utils/web3_utils.py
LN/A
Description

Extensive use of 'print()' for logging/debugging in multiple utility and route files. This should be replaced with a dedicated logging library.

Comments

Replace 'print()' statements used for debugging or logging with a proper logging framework (e.g., Python's 'logging' module) for better control and output management. Redundant user_id parameters still exist in all three mentioned files/routes.

Acknowledged

#4 low Issue
Inconsistent Error Response Format
app/routes/threads.py
LN/A
Description

Error response structures vary between different endpoints in threads.py.

Comments

Standardize error response formats across all API endpoints. Consider using FastAPI's HTTPException consistently for error handling.

Alleviation

app/routes/threads.py uses a custom error structure but does not use HTTPException. The success flag in error responses is inconsistently True even for 404/500 errors.

Acknowledged

#5 low Issue
Overly Broad Exception Handling
app/routes/threads.py, app/utils/web3_utils.py
LN/A
Description

Generic 'except Exception' clauses are used, which can mask specific error types and make debugging harder.

Comments

Refine 'except Exception as e:' blocks to catch more specific exceptions where possible to improve error diagnostics and handling.

Resolved

#6 low Issue
Reused Python Function Names for Different Routes
app/routes/transactions.py
LN/A
Description

Some Python function names (e.g., 'create_new_transaction', 'agentUsage') are reused for different API routes. While FastAPI handles this, it's not a best practice.

Comments

Use unique Python function names for each FastAPI route handler to improve code readability and avoid potential confusion, even if paths are distinct.

Resolved

#7 low Issue
Complex Checkpoint Handling Logic
app/utils/mongodb_utils.py
LN/A
Description

The logic for handling chat history checkpoints in 'fetch_user_history' and 'update_last_tool_message' is complex and could be streamlined.

Comments

Simplify and make robust the logic for reading and updating chat history checkpoints to improve maintainability.

Resolved

#8 low Issue
Unused Utility Function with Hardcoded Values
app/utils/web3_utils.py
LN/A (read_from_contract function)
Description

The 'read_from_contract' function seems to be a standalone test script with hardcoded values and is likely unused by the main application.

Comments

Remove or refactor the 'read_from_contract' function if it's not used by the main application or is only for standalone testing. Avoid hardcoding addresses.