FRB security overview explains how the agent stays verifiable, isolated, and auditable.
This FRB security overview shows IT, compliance, and MEV searchers how the Windows agent is verified, how telemetry behaves, and how to escalate vulnerabilities. Share it with auditors whenever someone asks how the FRB MEV agent protects pending transactions and private keys.
Linkable summary
Security in one paragraph
FRB publishes a SHA-256 hash for every Windows build, documents isolation guidelines, and operates a public disclosure channel so exchanges and policy lists can link to a single security overview without vendor spin.
Integrity & Verification
Verify the installer's SHA‑256 checksum against the value published on the Download and Releases pages before running. This build is not yet code‑signed, so Windows SmartScreen may warn on first run — verify the hash, then choose "More info" → "Run anyway".
Get-FileHash .\FrbAgent_install_vr_8.6.exe -Algorithm SHA256Compare the printed hash with the SHA‑256 published on the Download page; the two must match exactly before you run the installer.
Isolation & Best Practices
- Use a dedicated non-primary Windows machine or isolated Windows profile first.
- Start in Simulation with strict slippage/budget caps.
- Use a burner wallet; never share keys/seed.
- Keep antivirus/EDR enabled; verify the SHA-256 before allowing the binary, and report any false positive to us.
Smart Contract & Approval Safety
A common concern in DeFi is "Unlimited Approvals." FRB Agent follows a strict Least Privilege model for on-chain interactions:
- No Treasury Approval Policy: FRB should not require a central treasury contract approval to spend user tokens. Verify every wallet prompt before signing.
- Limited Approval Review: Where approvals are needed, review the specific router, token, amount, and timing before live execution.
- Revocation Tools: The agent dashboard includes a built-in "Approval Manager" to revoke any active permissions instantly.
- Simulation First: Run simulation before signing live transactions to review expected balance changes, gas, slippage, and route behavior.
Incident response
If you suspect compromise:
- Disconnect the agent, revoke RPC keys, and snapshot logs.
- Alert security@ai-frb.com with timestamps.
- Reinstall from a fresh hash-verified build after root cause analysis.
We coordinate on disclosures and can provide extra metadata (signing cert, hash history) upon request.
Vulnerability disclosure & escalation
Report suspected vulnerabilities via /vulnerability or email security@ai-frb.com. Please include proof-of-concept steps, affected versions, and contact info for coordinated disclosure. We acknowledge within 48 hours and share remediation timelines when possible.
Telemetry & privacy highlights
See /telemetry for what FRB logs (agent version, anonymous health metrics) and how to opt out. We do not capture private keys or trade data; telemetry exists to improve node health alerts and refund guard behavior.
Apply the FRB security checklist
Move from review to action with the links below, then log every step inside your internal KB for audit trails.
Need to report an issue directly? Email security@ai-frb.com or visit /vulnerability with hashes, pending transaction context, and affected versions.
Related FRB resources
- Telemetry policy for data retention details.
- Responsible disclosure instructions for researchers.
- Refund & billing policy when incidents impact financial ops.
For ecosystem context
Ecosystem research: how FRB's telemetry and policies fit next to Flashbots and Blocknative