How FailSafe's Agentic AI Secured Megapot v2 Ahead of Launch

What is Megapot?

Megapot is a decentralized on-chain lottery protocol built on Base that enables users to participate in daily raffles for substantial jackpots. Liquidity providers fund the initial prize pools, earning fees from ticket sales, which in turn grow the jackpots. The v2 upgrade introduces LP pooling, cross-chain bridge claims, and automated subscription systems, making it a sophisticated piece of DeFi infrastructure with real capital at risk.

FailSafe's SWARM (Systemic Weakness Analysis and Remediation Mechanism) completed a full assessment across the v2 contracts. We identified four vulnerabilities, including a high-severity LP pool cap bypass that could have exposed liquidity providers to concentration risk beyond governance-approved limits. The Megapot team resolved the critical finding swiftly.

FailSafe's SWARM caught vulnerabilities that other AI security tools missed entirely. Their agentic approach found what traditional static analysis and competing AI reviewers couldn't.

How SWARM Works: Understand, Attack, Prove

SWARM does not ask an LLM to find bugs. It builds a structured threat model of the codebase, then systematically breaks it using game theoretic models and multi-LLM quorum.

1. Build an Adaptive, Living Threat Model (Understand)

Five parallel LLM specialists mapped Megapot v2's architecture, trust boundaries, privilege flows, state invariants, and economic invariants. This covered the interactions between the Jackpot, LP Manager, Bridge Manager, Auto Subscription, and Batch Purchase contracts.

The output was not a bug list. It was a model of how the system should behave and where those guarantees might break. For Megapot v2, one of the key invariants identified was that the LP pool cap check must accurately reflect the true economic value of the pool at all times.

2. Generate Adversarial Hypotheses (Attack)

Three to five LLMs independently produced attack scenarios across technical, economic, and operational dimensions, each grounded in the invariants from step one. Every hypothesis cited which invariant it violated and which trust boundary it crossed.

For the LP Manager, multiple models independently hypothesized that the pool cap check could be weakened if pending withdrawals were not properly converted from shares to USDC. The convergence across models elevated this from a theoretical concern to a high-confidence lead.

3. Validate with Adversarial Diversity (Prove)

Each hypothesis was independently challenged by both Claude and Gemini. A finding must survive dual-model scrutiny with code-level evidence to be confirmed. This is where false positives die.

The LP pool cap bypass survived validation. Both models independently traced the code paths and confirmed that the _calculateNextDrawingLpPool function subtracted raw share values from USDC-denominated totals, while processDrawingSettlement in the same codebase correctly performed the conversion. The inconsistency was confirmed with line-level references.

Security Outcomes

SWARM identified several valuable security findings across the Megapot v2 architecture during the pre-launch assessment.

One notable issue involved an inconsistency in how LP pool accounting values were handled across different execution paths. While the intended economic invariant was clear, one code path applied a different unit interpretation than others.

This type of issue is particularly difficult for traditional static analysis tools to detect because it requires tracing economic invariants across multiple contracts and functions. We commend the Megapot team's strong commitment to security throughout the process.

Additional observations included minor edge cases around subscription flows, signature lifecycle management for bridge operations, and settlement-window state transitions. All were reviewed collaboratively with the Megapot team and addressed or acknowledged.

Why Agentic Security Reviews Matter

It's no secret that AI is rapidly accelerating how code is written. Across the industry, developers increasingly rely on AI to generate and refactor complex logic. While this dramatically improves productivity, it also introduces a new category of risk.

A recent example is the Moonwell incident, where a pricing error in oracle logic, partially introduced through AI-generated code, caused the protocol to misprice cbETH and resulted in roughly $1.78 million in bad debt and liquidations before the issue was contained.

The lesson is clear. As AI helps developers write code faster, security systems must evolve to analyze and validate that code just as quickly.

Agentic security approaches like SWARM address this new reality. Instead of relying only on pattern-based scanners, SWARM builds threat models, generates adversarial hypotheses, and validates invariants across complex contract systems using multiple collaborating models.

FailSafe commends the Megapot team for their strong commitment to security throughout this process. The team engaged deeply with the findings, reviewed each scenario collaboratively, and implemented improvements ahead of launch to strengthen the protocol's safety guarantees.

---

Interested in an agentic security review for your protocol? Get in touch with FailSafe to learn how SWARM can help secure your smart contracts before launch.