BoundBound Docs
Guides

Auditor Workflow

How independent auditors verify containment architectures and co-sign certificates.

The AuditorStaking contract is live on Hedera Testnet at 0xe786eB0F88b8A30e0ABf4C634fc414084b2134eC. See Deployed Contracts.

Role of the Auditor

Auditors are independent firms or DAOs that verify containment architectures and co-sign certificates. They are the credibility layer — an operator's self-issued certificate means little without independent attestation. Auditors stake capital on every attestation — if the attestation is proven false, the stake is slashed.

Audit Scopes

ScopeWhat You Verify
Smart Contract VerificationConstraint contracts enforce the stated limits. Ideally formally verified.
Permission Model AuditPermission scope is complete — no unguarded endpoints, no composition gaps.
Reserve AdequacyReserve exists, is exogenous, is locked, and the ratio is appropriate.
Full StackAll of the above, end-to-end.

Workflow

1. Receive Audit Request

An operator invites you to audit their agent's containment architecture.

2. Review

Examine the smart contracts, permission model, and reserve setup within your stated scope.

3. Produce Report

Write a detailed audit report. Upload it to IPFS.

4. Co-Sign the Certificate

Sign the certificate hash with your on-chain key. Your attestation specifies:

  • Your address and name
  • The scope of your audit
  • The date
  • A link to the full report on IPFS

5. Ongoing Responsibility

Your signature is a point-in-time attestation. If the operator's containment architecture changes materially, a new audit and new certificate are needed.

Set Up a Reserve

How to fund and manage the exogenous reserve backing a containment certificate.

AI Agent Integration

How AI agents interact with Bound via the MCP server and CLI — install, configure, and use all 18 protocol tools.

On this page

Role of the AuditorAudit ScopesWorkflow1. Receive Audit Request2. Review3. Produce Report4. Co-Sign the Certificate5. Ongoing Responsibility