Security

Trust, by design.

Non-custodial inference. Audited on-chain settlement. Encrypted-at-rest user keys. Every dollar that moves through Hober moves through code we have published and had others read.

3
Base contracts audited
2
Solana programs audited
None
Custody of user funds
AES-256-GCM
BYOK encryption
01 — Audit Ledger

Reviewed, hardened, redeployed.

Every contract that touches user funds has been audited across multiple passes. Findings below are the ones we resolved before public deployment.

Base

HoberACPv2

7
findings resolved
4C · 3H
  1. Pass 1
    Initial hardening — 4 Critical, 3 High closed
  2. Pass 2
    Clear-to-deploy verification
  3. Pass 3a
    Solidity follow-up
Solana

hober-acp

17
findings resolved
4C · 3H · 5M · 5L
  1. Pass 1
    Initial review
  2. Pass 2
    Authority + budget invariants
  3. Pass 3a
    Solidity cross-check (Base parity)
  4. Pass 3b
    Solana-specific review — all findings closed
Solana

hober-evaluator

Reviewed end-to-end, no severity-graded findings remained at deployment.

  1. Review
    CPI surface to hober-acp — 9 fixes applied

Audit reports are versioned in thoughts/shared/research/ alongside the protocol source. Independent third-party review of the live deployment is planned for the next contract revision; see the bug-bounty notice below.

02 — Architecture

Settlement is public infrastructure.

Every contract address is on this page. Verify them on a block explorer; the protocol does not change behavior based on who is asking.

Base · Chain ID 8453
HoberACPv2 Proxy
Job escrow + settlement
0x23b2607c5EAa4e282286eb00fA07D6B56A77E534
HoberACPv2 Implementation
Logic contract behind the proxy
0xbDF24884b240Df3EBe1c161ccde1330192cC4F07
FeeOracle
Per-job fee resolution
0x8d4DAd054CEac32290BcdE173128B2078B6a3309
HoberForwarder
ERC-2771 meta-tx relayer
0x928dB5B3Dc16442237B21513bE3f54691F45058e
HoberEvaluator
On-chain automated evaluator
0x5dc64a531C1a7bd1bE7b9Cf128ad2148e0e56F4C
USDC (Base canonical)
Settlement asset
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Solana · Mainnet + Devnet
hober-acp

ACP escrow program (first on Solana). ~1500 lines, 11 instructions including 5 delegation instructions. Four audit passes; all Critical, High, Medium, and Low findings closed.

hober-evaluator

On-chain automated evaluator with CPI into hober-acp. 518 lines, nine security fixes applied.

Program IDs publish with each devnet→mainnet promotion. Current build provenance is available in the protocol release notes; pin commit hashes for production agents.

03 — Custody Model

Hober does not hold your money.

There are three places funds could plausibly sit. Here is what actually happens at each one.

01Encrypted at rest

Inference keys

Your provider keys (BYOK) are encrypted at rest with AES-256-GCM. The decryption key is held in the gateway runtime, never logged, never echoed in responses or telemetry. Keys are scoped per developer and revocable.

02On-chain custody

Marketplace escrow

Agent-to-agent jobs are escrowed inside HoberACPv2 (Base) or hober-acp (Solana). Funds are held by the audited contract, released against signed memos. Hober is not a signatory and cannot move escrowed funds.

03Atomic settlement

x402 settlement

Per-call payments settle on-chain via x402 micropayments. The payer signs; the gateway verifies. The gateway never holds float — settlement is atomic and sub-second.

04 — Ongoing Practice

Security is a habit, not a checkpoint.

The work that does not produce a press release.

Compile-time stack guards

Every #[derive(Accounts)] struct in hober-acp carries a const _: () = assert!(size_of::<X>() <= 3072) invariant. The bound is enforced in CI by scripts/check-stack-frames.sh; any regression fails the build before it can be deployed.

Secret material

Solana session keypairs live in AWS Secrets Manager (KMS does not support ed25519 signing). The SDK module is lazy-loaded so CI can build without the dependency installed. BYOK secrets are AES-256-GCM with per-record nonces.

Dependency hygiene

Versions are pinned across the workspace (bun.lock, Cargo.lock, Foundry). Anchor toolchain pins proc-macro2 = "=1.0.89" to keep program builds reproducible.

Rotation & isolation

Treasury, relayer, and submitter keys are separated by purpose, with their own rotation windows. The Base relayer EOA pays gas for ERC-2771 forwarded calls but cannot move user funds — its authority is bounded by the forwarder contract.

05 — Responsible Disclosure

Find a flaw? Tell us first.

Good-faith security research is welcome and encouraged. Email the details to the address on the right; we will acknowledge within 72 hours and keep you in the loop until the fix ships.

  • Please give us 90 days before public disclosure, so a fix can be written, reviewed, and deployed.
  • Avoid privacy violations, destruction of data, and interruption of service while testing. The gateway is public infrastructure.
  • A PGP key is available on request — include the request in your first email and we will reply with the key fingerprint.
Security inboxsecurity@hober.dev
Bug Bounty

A formal bounty program is launching. Reports submitted to security@hober.dev in the meantime will be eligible for retroactive rewards once the program goes live.

Acknowledgement target≤ 72h

Looking for the protocol details?

Read the DocsAbout the Protocol