Free x402 Security Checklist

Get the Full PDF

The full checklist with implementation pointers and reference code arrives in your inbox in under a minute. We will not spam you. We will email you when we publish new x402 security content.

Section 1 of 6 · 5 checks

Challenge and Verify Flow

Nonce replay protection. Every payment header carries a unique nonce that is rejected if seen within the payment window. Backed by a TTL-bounded store, not in-memory only.
Idempotency keys honored. Repeat requests with the same Idempotency-Key return the cached response instead of re-charging the agent.
Payment-window enforcement. Payments older than the configured window are rejected before adapter verification runs.
Schema validation hard-fails. Malformed payment headers return a 4xx, never reach adapter verification, and never log secrets.
Accepts array correctness. The 402 challenge lists every supported network, asset, amount, and payTo with the correct CAIP-2 identifiers.

Section 2 of 6 · 5 checks

On-Chain Settlement Verification

Confirmation depth tuned per chain. Base, XRPL, Solana, and Stellar each have different finality assumptions. Each adapter enforces its own minimum.
PayTo address validation. The on-chain transaction settles to your configured payTo, not an attacker-controlled address.
Amount in canonical base units. USDC at 6 decimals, XRP at 6 drops, every chain handled in its own unit. No floating-point math anywhere in the verify path.
Network mismatch detection. A payment claiming Base but settling on Polygon is rejected. CAIP-2 parsed before any RPC call.
RPC failure does not silently pass. A timeout or 5xx from the chain RPC fails closed, never open.

Section 3 of 6 · 5 checks

Smart Contract Surface

Reentrancy guard on every external call path. CEI pattern or ReentrancyGuard. No exceptions.
Access control reviewed. Every privileged function requires a verified role. No tx.origin checks anywhere.
Signature replay defenses. EIP-712 domain binding, chain-id binding, expiry, and seen-signatures store.
Oracle manipulation tested. If the contract reads a price feed, the audit covers single-block manipulation and TWAP defenses.
First-depositor share inflation. Vault contracts mint a minimum-liquidity dust amount on first deposit so share-price manipulation is not free.

Section 4 of 6 · 4 checks

Wallet and Key Management

Hot wallet exposure bounded. The agent wallet holds only the minimum runway, with a documented top-up policy and an alarm on balance drops.
Keys in KMS or Secrets Manager. No environment-variable-baked private keys, no plaintext in CI.
Multi-sig required for high-value routes. Routes priced above a configurable threshold require multi-sig approval before settlement counts as final.
Key rotation runbook documented. A written procedure exists, has been tested, and the engineering team has rehearsed it.

Section 5 of 6 · 3 checks

Tenant Isolation and Abuse

Per-tenant rate limiting tiered by plan. A free-tier tenant cannot exhaust the same Lambda concurrency a paid-tier tenant relies on.
Fraud event tracking on agent identity. Velocity rules across tenant + agent + IP, with a configurable suspension policy.
Route configuration injection blocked. Tenant-supplied route metadata cannot escape its sandbox into other tenants' settings.

Section 6 of 6 · 3 checks

Operational Resilience

Webhook delivery uses a DLQ. Failed webhooks land in a dead-letter queue with exponential backoff and a sweeper, not retried in the request hot-path.
Facilitator failover documented. If your facilitator (CDP or other) goes down, you have a documented degraded-mode path.
Incident response readiness. A written runbook for "wallet compromised", "facilitator down", and "RPC misconfigured" exists. The team has rehearsed at least one.

If your integration cannot tick all 25 boxes, an HSS x402 audit closes the gaps for a flat fee.

View Audit Tiers