Security & Risk

Risk Matrix

Eight identified risks across protocol volatility, contract security, UX constraints, standards competition, and adoption. Honest assessment — including the risks the proposal doesn't fully address.

Risk Overview

REAPP's risk profile has two dominant categories: protocol-level risks from dependencies on evolving standards (AP2 v0.1, x402stellar mainnet maturity, the AP2 vs ACP standards war) and security risks from smart contract implementation and agentic attack vectors. The honest assessment: architecture is strong, execution is tight, adoption plan is thin.

Risk Likelihood vs Impact Matrix
Two critical-impact risks despite low likelihood: Google abandoning AP2 and a Soroban contract vulnerability. Both receive the most conservative mitigation approaches. The Android-only UX ceiling and AP2 spec volatility are the most likely to materialize.

The Standards War — Scenario Planning

The proposal bets on AP2 winning over ACP. The adapter-first architecture is the hedge. Here is what each outcome means for REAPP concretely.

AP2 vs ACP Outcome Scenarios
The x402 settlement layer and Soroban enforcement survive regardless of which standard wins. The authorization layer (validator + mandate types) is the only component that needs replacing if ACP dominates — estimated ~120 hours of rework.

Honest Risk Register

The table below includes a "How Real" column that the proposal itself doesn't fully articulate. Reviewers should have this assessment.

R1AP2 spec breaking changes
High likelihoodMedium impact
How real: Very real — AP2 is v0.1 and the x402 extension is explicitly marked 'coming soon' in Google's own sample repo
Mitigations:
  • Adapter-first validator architecture — AP2 abstracted behind versioned interface
  • Pin AP2 schema versions explicitly in SDK package.json
  • Conformance test suite catches upstream changes automatically via CI
  • Monitor google-agentic-commerce/AP2 repository for breaking changes
R2Google abandons AP2
Low likelihoodCritical impact
How real: Google has a documented history of killing products. AP2 has 60+ partners but is still Google's standard — not a community-owned spec.
Mitigations:
  • Adapter layer means authorization standard can be swapped without rebuilding x402 or Soroban layers
  • Monitor AP2 adoption velocity — if partner integrations stall, treat as early warning
  • ACP adapter is a contingency deliverable — not planned but scoped
  • x402 settlement and Soroban enforcement survive regardless of which standard wins
R3ACP wins the standard war
Medium likelihoodHigh impact
How real: OpenAI + Stripe ACP launched Feb 2026. Goes completely different direction — traditional rails, no blockchain. Market hasn't picked a winner.
Mitigations:
  • The proposal is betting on AP2 — this is acknowledged, not hidden
  • Adapter-first architecture means only validator + mandate types need replacing (~120hrs estimated)
  • x402 settlement layer and Soroban enforcement are standard-agnostic
  • Worst case: REAPP becomes a multi-standard adapter rather than AP2-specific
R4Soroban contract security vulnerability
Low likelihoodCritical impact
How real: Contracts handle real user funds on mainnet. No formal audit budgeted. Internal review only plus community audit request.
Mitigations:
  • Conservative spending limit defaults out-of-box — users opt into higher limits
  • Internal threat model review before testnet deployment
  • Community audit request submitted to Stellar ecosystem separately
  • Bug bounty program at mainnet launch
  • OpenZeppelin audited building blocks reduce custom code surface
  • Temporary storage for period counters auto-expires — no manual reset attack surface
R5Android-first UX ceiling
High likelihoodMedium impact
How real: Hardware-backed key signing in AP2 v0.1 is Android Digital Payment Credential first. Freighter Mobile doesn't support x402. Real UX ceiling.
Mitigations:
  • Desktop Freighter required for MVP — fully documented in quickstart
  • Software key simulation mode for testnet and developer demos
  • Mobile deferred explicitly to post-mainnet roadmap
  • Developer-facing use cases (data APIs, compute) are desktop-first anyway
R6Prompt injection in agentic context
Medium-High likelihoodHigh impact
How real: 2026 arXiv red-team paper on AP2 shows prompt injection can influence agent behavior. Mandate cryptography does not prevent this.
Mitigations:
  • Trusted surface constraints — SDK enforces prompt boundary hardening in reference agents
  • Structured logging of spend patterns enables anomaly detection
  • Fail-closed policy — uncertain mandate interpretation rejects payment by default
  • SDK documentation explicitly covers prompt injection risks for integrators
R7Adoption lag
Medium likelihoodMedium impact
How real: Weakest mitigation in the proposal. Three reference integrations in T4 isn't a lot. Developer tooling only succeeds if developers use it.
Mitigations:
  • Sub-10-minute quickstart — time-to-first-payment is the primary DX metric
  • reapp-cli demo command: zero-config testnet flow in a single command
  • Community office hours during T3 and T4
  • Bounties fund external integrations rather than requiring direct engineering time
  • Alex Astrum's ADK/Google Antigravity network is the highest-leverage adoption channel
R8T4 timeline squeeze
Medium likelihoodMedium impact
How real: 40% of budget drops in month 5. Mainnet + security review + 3 integrations + docs + demo in 30 days is aggressive if T1-T3 slip.
Mitigations:
  • T4 deliverables designed to run in parallel — deployment and security review simultaneously
  • Community integrations funded by bounties, not direct engineering time
  • Builder guide is documentation — can be done alongside deployment
  • No scope expansion in any tranche — scope is locked at submission

Overall Assessment

Strongest parts
  • Architecture clarity — layer model is clean and composable
  • Genuine ecosystem gap — no project does AP2 + Soroban + x402 on Stellar
  • Alex Astrum's AP2 insider knowledge — built ADK from inside Google
  • Drew's Soroban + agentic systems background
  • Stellar fit — chain is genuinely the right call for micropayment economics
  • Adapter-first design — absorbs AP2 volatility structurally
Weakest parts
  • No formal audit budget — contracts on mainnet without a Soroban security firm
  • T4 back-loading — 40% of budget in the final month is high execution risk
  • AP2 bet — if ACP wins, the authorization layer needs rebuilding
  • Adoption plan is thin — 3 integrations and office hours won't move the needle alone
  • Android-first UX ceiling limits near-term consumer use cases
  • 800 hours is tight — no slack for unexpected complexity
← PreviousSCF Compliance