FailSafe AI Secures Base's BTC Lending Protocol, Bitmor

What is Bitmor?

Bitmor is a novel DeFi lending primitive that provides non-liquidating loans for acquiring Bitcoin. Built on Base, the protocol manages collateralized loans and Chainlink oracle integrations, the kind of multi-layered DeFi infrastructure where subtle edge cases only surface under adversarial analysis.

Ahead of their public launch, the Bitmor team engaged FailSafe for a proactive security review of their core smart contracts. Our agentic AI system, SWARM (Systemic Weakness Analysis and Remediation Mechanism), completed a preliminary assessment and surfaced a valuable finding, resolved before the assessment concluded.

"FailSafe's agentic security system helped us catch an important issue and provided us with a great threat model which we can utilize for further development."

How SWARM Works

SWARM does not ask an LLM to find bugs. It builds a structured threat model of the codebase, then systematically stress-tests it using game theoretic models and multi-LLM quorum. The pipeline follows three stages: Understand, Attack, Prove.

Five parallel LLM specialists mapped Bitmor's architecture: trust boundaries, privilege flows, state invariants, and economic invariants across the lending engine, collateral management, liquidation logic, and oracle price feeds. The output was not a bug list. It was a model of how the system should behave and where those guarantees might break.

For Bitmor, key invariants included ensuring that a borrower's loan state remains consistent across all operations, and that liquidation eligibility always reflects the borrower's true position.

From that model, three to five LLMs independently generated adversarial attack scenarios across technical, economic, and operational dimensions. For the lending engine, multiple models converged on a hypothesis involving the repayment flow and its interaction with loan state accounting. The independent convergence elevated this from a theoretical concern to a high-confidence lead.

Each hypothesis was then independently challenged by both Claude and Gemini. A finding must survive dual-model scrutiny with code-level evidence to be confirmed. This is where false positives die.

What SWARM Found

A thorough assessment of any non-trivial protocol will surface areas for improvement. That is the entire point of engaging a security review before launch. SWARM identified a key finding in Bitmor's contracts, and the team addressed it promptly.

SWARM identified an edge case in the repayment flow where loan state could become inconsistent under specific conditions. The lending lifecycle involves multiple state transitions (borrowing, repayment, collateral adjustments, and liquidation checks) and SWARM's threat model flagged a scenario where certain operations could affect the accuracy of a position's health factor. This category of finding is difficult for traditional static analysis to detect because it requires tracing economic invariants across the full lending lifecycle, not just individual functions. The Bitmor team addressed the issue by tightening access controls and adding validation checks around the affected flow.

Why Agentic Security Matters

Attackers are already using AI to find and exploit vulnerabilities faster than ever. The question is not whether your protocol will face AI-powered threats. It is whether your security is keeping pace.

Lending protocols carry a unique risk profile. Unlike simple token swaps, they manage persistent state (loans, collateral ratios, health factors) across time. A subtle inconsistency in any of these can compound into a material issue under the right market conditions. Vulnerabilities in lending state management do not show up in pattern-based scans. They emerge from the interaction between multiple contract functions, economic assumptions, and trust boundaries.

Agentic security approaches like SWARM address this reality by building threat models, generating adversarial hypotheses, and validating invariants across complex contract systems using multiple collaborating models. It is the same adversarial thinking that attackers use, applied defensively, before launch.

The Bitmor team's decision to invest in agentic security ahead of launch reflects the kind of forward-thinking approach that builds real trust with users. All findings were resolved before the assessment concluded, and the protocol is stronger for it.