security audit

factory security audit

an automated adversarial security audit of the public factory AMM, conducted with claude opus 4.8 (anthropic) across more than 100 specialized agents. every confirmed critical and high-severity finding in scope was fixed; the criticals were reproduced and re-verified on octra devnet.

auditor
claude opus 4.8 (anthropic), multi-agent adversarial review
agents
100+ specialized agents across two independent passes (96-agent fan-out + 6-agent council + per-finding verifiers)
scope
public AMM: factory, pool, router, quoter, OCS-01 tokens, and the frontend trust model
target
appliedml (.aml) contracts on octra devnet + the web app
date
june 2026
outcome
all confirmed critical & high findings resolved
1
critical · fixed
2
medium · fixed
4
hardening · applied
0
open

this automated review complements but does not replace a formal third-party human audit, which is planned ahead of a mainnet deployment. factory is currently beta software on devnet, where all tokens come from the faucet and have no real value.

methodology

the codebase was reviewed by more than 100 specialized agents across two independent adversarial passes: a 96-agent fan-out audit and a 6-agent council that debated each other's conclusions, with the results cross-validated. every reported issue was then re-checked by independent skeptic agents instructed to refute it; only findings that survived were kept. each confirmed critical was reproduced against the live contracts, fixed, and the fix re-verified on-chain (for example, attempting the liquidity-theft exploit and confirming it now reverts, while a legitimate operation still succeeds).

findings

idsevfindingresolutionstatus
C-1critical dapp approval gate could be bypassed. the approval message channel was handled before the privileged-sender check, so a connected web page's content script could read its own pending request id and auto-approve its own transaction with no user interaction. the sender check now gates the approval channel too, so only the wallet popup can read or resolve a pending request. every transaction requires an explicit user confirmation. fixed ✓
M-1medium signed amount derived from a lossy float. the micro-OCT integer placed into the signed preimage was computed via a javascript double, so the bytes that get signed could differ from the displayed amount. amounts are now parsed with exact integer math, and the approval screen uses the same conversion, so the signed value always equals what is shown. fixed ✓
M-2medium vault key derived with pbkdf2 (not memory-hard). the encrypted vault that protects the seed sits on disk; the only barrier was pbkdf2-sha256, cheap to brute-force on gpu/asic. the vault now derives its key with memory-hard scrypt; legacy pbkdf2 vaults still open and re-wrap to scrypt automatically on the next unlock. fixed ✓

additional hardening

while extending the swap engine, the review also surfaced a latent rounding flaw in the pool's native exact-output math (it could fail to converge and revert). the exact-output feature was built to route through the verified exact-input path instead, sidestepping the flaw with no risk to pool solvency.

disclaimer

security auditing reduces risk; it does not prove the absence of bugs. this report covers the public AMM at the time of review and does not cover the underlying octra chain or third-party wallets. use the protocol with funds you are comfortable risking on devnet software, and report any issue to @factory_oct or via the contact in the footer.