Red Specter MIDAS

Passive reconnaissance against AI agent endpoints and on-chain addresses. Discovers wallet addresses associated with AI trading agents, maps DeFi positions (liquidity pools, lending positions, token holdings), identifies Web3 RPC endpoints, and profiles agent behaviour through public API interaction patterns.

• Wallet Discovery — Identifies agent-controlled addresses via API response analysis and on-chain heuristics
• Position Mapping — Enumerates Uniswap, Aave, Compound, and Curve positions
• RPC Endpoint Detection — Fingerprints Web3 provider usage (Infura, Alchemy, self-hosted)
• Agent Behaviour Profiling — Timing analysis, transaction frequency, gas price strategy

SCAN is passive — no --override required. All data sourced from public APIs and on-chain reads.

Tests unauthorised asset transfer vectors against AI agent wallets. Simulates ECDSA nonce reuse key recovery, tests approval hijacking via ERC-20 allowance exploitation, probes delegatecall vulnerabilities in agent proxy contracts, and validates access control on agent hot wallets.

• ECDSA Nonce Reuse Recovery — Recovers private keys from repeated nonce usage in transaction signatures using real mathematical attack (not simulation)
• Approval Hijacking — Tests ERC-20/ERC-721 allowance exploitation paths
• Proxy Vulnerability — Probes delegatecall and storage collision vectors in upgradeable agent contracts
• Access Control Gaps — Tests for missing ownership checks on agent wallet management functions

Requires --override. Mainnet execution requires --confirm-destroy.

Targets the RPC layer between AI agents and blockchain nodes. Positions a malicious RPC endpoint that returns manipulated blockchain state data, intercepts and replays signed transactions, and tests agent responses to false confirmation data.

• RPC Spoofing — Serves manipulated eth_call, eth_getBalance, and eth_getLogs responses
• Transaction Replay — Captures and replays signed transactions in altered context
• State Manipulation — Presents false block numbers, nonces, and gas price data
• Confirmation Fraud — Returns false transaction receipts to trigger premature agent actions

Requires --override.

Gas griefing and transaction spam attack simulation. Tests how AI agents respond to hostile on-chain conditions — mempool flooding, front-run exclusion, and deliberate transaction failure loops designed to exhaust agent gas reserves.

• Mempool Flooding — Submits high-volume transactions to crowd out agent transactions
• Gas Price Manipulation — Forces agent into gas auction spiral
• Front-Run Blocking — Uses pending transaction monitoring to continuously pre-empt agent actions
• Nonce Squatting — Occupies agent nonce slots to stall transaction pipeline

Requires --override.

MEV (Maximal Extractable Value) sandwich attack simulation. Detects AI agent swap transactions in the mempool and simulates front-run/back-run pairs that extract value at the agent's expense. Live validated against Uniswap v3 on EVM testnet.

• Transaction Detection — Monitors mempool for agent swap signatures (Uniswap, SushiSwap, Curve)
• Front-Run Simulation — Calculates optimal front-run transaction to move pool price before agent swap
• Back-Run Simulation — Reverses pool position post-agent-swap to extract profit
• Slippage Exploitation — Identifies agent transactions with loose slippage tolerance (common in AI agent configurations)
• Cross-Chain Bridge MEV — Tests MEV opportunities at bridge entry/exit points

Requires --override. Live validated: Uniswap v3 sandwich simulation on EVM testnet.

On-chain transaction attribution and wallet clustering. Builds a graph of wallet relationships using common-input-ownership heuristics, peel chain detection, and exchange deposit address clustering. Maps the full on-chain footprint of AI trading agent infrastructure.

• Common-Input-Ownership — Groups addresses that co-sign transactions as likely same controller
• Peel Chain Detection — Identifies mixing attempts and traces through them
• Exchange Cluster Mapping — Identifies exchange deposit addresses in agent transaction history
• Infrastructure Correlation — Links on-chain activity to API endpoints and agent identifiers

TRACE is passive — no --override required. All data sourced from public blockchain.

Injects false price and market data into AI agent memory stores and RAG pipelines. Causes agents to make trading decisions based on fabricated price feeds, false liquidity data, and poisoned historical market data.

• Price Oracle Poisoning — Injects false Chainlink, Band Protocol, and Pyth price data into agent memory
• RAG Poisoning — Embeds adversarial market analysis documents that skew agent strategy
• Liquidity Fabrication — Feeds false pool depth data to cause slippage miscalculation
• Historical Data Corruption — Poisons training context with manipulated backtesting data
• Sentiment Injection — Inserts fabricated news/social data to manipulate agent sentiment models

Requires --override.

Malicious DeFi plugin and tool injection for AI agents. Tests whether AI agents will invoke adversarially crafted DeFi tools that drain funds, exfiltrate private keys, or route transactions to attacker-controlled contracts.

• Tool Manifest Spoofing — Presents malicious tool definitions as legitimate DeFi integrations
• Contract Address Substitution — Replaces legitimate protocol addresses with attacker contracts
• Permission Escalation — Requests excessive token approvals via crafted tool calls
• Exfiltration via Tool — Embeds key exfiltration in seemingly benign tool responses

Requires --override.

Maps dark net AI trading infrastructure. Identifies Tor-routed AI trading endpoints, dark market DeFi aggregators, and covert AI agent coordination networks operating outside visible blockchain infrastructure.

• Tor Exit Node Detection — Identifies on-chain transactions originating from known Tor exits
• Dark Pool Mapping — Enumerates private/dark liquidity pools used by covert AI agents
• Coordination Network Discovery — Maps multi-agent coordination channels using on-chain message passing
• Infrastructure Attribution — Links dark net endpoints to on-chain agent identities

DARKNET is passive — no --override required.

Generates Ed25519-signed output from any MIDAS subsystem run. Aggregates findings across multiple subsystems, deduplicates overlapping findings, maps to MITRE ATLAS, and produces a signed report in Markdown or JSON format.

• Ed25519 Signing — Cryptographic signature on all output, tamper-evident
• MITRE ATLAS Mapping — All findings mapped to applicable ATLAS tactics and techniques
• Aggregation — Combines output from multiple MIDAS subsystem runs
• Formats — JSON (machine-ingestible, WARLORD-compatible) and Markdown (human-readable)

Report Schema

Every finding includes:

• finding_id — unique identifier
• subsystem — which MIDAS subsystem generated the finding
• severity — CRITICAL / HIGH / MEDIUM / LOW / INFO
• atlas_technique — MITRE ATLAS technique mapping
• target — address, URL, or contract tested
• evidence — transaction hash, API response, or on-chain proof
• description — what was found and how
• remediation — recommended fix
• signature — Ed25519 signature