How Softstack’s Smart Contract Audit Made Fetch AI’s Agentverse More Secure

Discover how Softstack’s audit fixed high‑severity bugs in Fetch AI’s Agentverse Launchpad, boosting trust in tokenised AI agents.

Client

Fetch AI

Project

Agentverse

Industry 

Web3

Service

smart contract audit

In a decentralised world where autonomous software agents buy, sell and negotiate value, trust is coded, not promised. That’s why Fetch AI engaged Softstack, Germany’s Web3 security experts, to audit every function of the Agentverse Launchpad, the smart‑contract backbone that mints and lists AgentCoins for the Fetch AI ecosystem.

What Is Agentverse?

Agentverse is a permissionless launchpad that lets developers:

  • Create AgentCoins that represent individual AI agents.
  • Sell tokens via a bonding curve, ensuring transparent price discovery.
  • Automate liquidity listings once on‑chain metrics hit predefined thresholds.

By combining AI, blockchain, and multi‑agent systems, Fetch AI enables autonomous economic activity without human bottlenecks.

Audit Scope and Methodology

Softstack’s auditors followed a four‑step process, manual line‑by‑line review, automated symbolic‑execution testing, best‑practice benchmarking, and attack‑scenario simulation. The scope covered token sale integrity, fund flow, access control, gas efficiency, and extreme‑input resilience.

1. Security Vulnerabilities & Risk Levels
  • Critical Issues: Could break contract functionality and pose security threats.
  • High Issues: May allow unintended behaviors that compromise functionality.
  • Medium Issues: Affect contract behavior in specific scenarios.
  • Low Issues & Informational: Minor inconsistencies that could improve efficiency and clarity.
2. Code Review & Testing Approaches
  • Manual Line-by-Line Review to detect vulnerabilities.
  • Automated Security Testing using symbolic execution and test coverage analysis.
  • Best Practice Checks ensuring compliance with industry standards.
  • Attack Scenario Simulations to assess potential exploits such as reentrancy, front-running, and logic failures.

Key Findings and Fixes

Severity

Issue

Impact

Resolution

High

Signature malleability in multisig

Potential unauthorised parameter changes

Adopted OpenZeppelin ECDSA; nonce & replay protection

Medium

Arbitrary pricing divisor

Economic manipulation of bonding‑curve price

Parameterised divisor; added NatSpec docs

Low

Hard‑coded liquidity target

Inflexible economic model

Acknowledged (design‑driven constant)

Low

Unlimited ERC‑20 allowance

Potential token drain if router compromised

Time‑bound, exact‑sum approvals

All issues were fixed or acknowledged before mainnet deployment, leaving zero open findings.

Why It Matters

  • For developers, a clean audit means you can integrate Agentverse knowing its core contracts resist common exploits.
  • For traders, every AgentCoin purchase follows math that has been independently verified.
  • For enterprises building on Fetch AI, the launchpad demonstrates rigorous governance and upgrade patterns.

📌 Softstack’s audit cements Agentverse Launchpad as a secure, gas‑optimized, and future‑proof gateway to tokenised AI agents. Dive into the full technical report on GitHub or reach out to Softstack for your own smart‑contract security assessment.

Explore the audit report at GitHub

Services we provide

Web3 Development

Web3 Security

Web3 Consulting

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.

Smart Contract Audit – Fetch AI

Softstack completed a smart contract audit for Fetch AI’s Agentverse Launchpad, resolving vulnerabilities in bonding curves, multisig, and ERC-20 logic to ensure secure tokenized agent deployment.
Explore
unichxsoftstackaudit

Securing Unich: Softstack’s Smart Contract Audit for OTC Trading

Softstack audited Unich’s OTC smart contracts on EVM & Solana, resolving security risks and optimizing efficiency. Learn how Unich improved its security in our full report.
Explore
fijaxsoftstackauditblog

Fija’s Smart Contracts: Audited & Secured

To strengthen DeFi security, softstack audited Fija’s smart contracts—identifying vulnerabilities, enhancing protections, and reinforcing trust.
Explore
bitcoin.comxsoftstackaudit

Auditing Bitcoin.com’s Farming Contracts for Security

Softstack audited Bitcoin.com’s Dynamic Reward Farming contract, enhancing a secure and efficient experience for users. Learn how Bitcoin.com strengthened its Verse ecosystem.
Explore
XRP Ledger Security Audit

Security Auditing Ripple’s Multi-Purpose Token on XRP Ledger.

Explore our XRP Ledger security audit for Ripple's Multi-Purpose Token, ensuring robust implementation and scalable blockchain solutions.
Explore
pantosxsoftstack_infrastructuresecurityaudit2

Security Audit of Pantos Node Infrastructure and Smart Contracts

Discover how Softstack’s in-depth security audit strengthened Pantos’ cross-chain nodes and smart contracts, setting new standards in blockchain interoperability and security.
Explore

We’re here to be your preferred service partner
for software development, cybersecurity and consulting in Web3. 

Request Audit

EXPLORE

Contact
Career
Press & Branding
Insights

SERVICES

Web3 Development
Web3 Security
Web3 Consulting

EXPERTISE

Ecosystems
Programming Languages
BioHash (BEKI)
Twitter Linkedin Github Telegram Wikipedia-w
hello@softstack.io
Legal Notice   Privacy Policy   Disclaimer

Co-Financed by the European Union – the Federal Government and Land Schleswig-Holstein (GRW)

Copyright © 2017 – 2025 Softstack GmbH. All rights reserved.