Introduction

At TestMachine, we specialize in uncovering threats in smart contracts before they can be exploited. Automated security analysis is critical in the rapidly evolving world of blockchain and smart contracts, and TestMachine’s Predator platform uses a technique called reinforcement learning to autonomously scan and detect vulnerabilities in smart contracts at scale — without human intervention.

Recently, Predator uncovered a severe vulnerability in the Virtuals AI Agent protocol that could allow an attacker to artificially inflate token balances to near-maximum values, posing a significant risk to users and market integrity. This vulnerability was present despite the fact that Virtuals participated in at least two human-conducted audits from major auditing firms in the last year. We have reported the flaw to the Virtuals security team.

Predator, on the other hand, can scan tens of thousands of tokens per hour, while human auditors cannot even identify such subtle vulnerabilities in a single contract over the course of a several week audit.

Here we discuss the nature of the flaw, how Predator discovered it, and how Predator’s automated, scalable, AI-driven security assessments will become increasingly necessary as digital assets proliferate and grow more complex.

What is Virtuals.io?

Virtuals.io is a decentralized AI agent platform that transforms autonomous, multimodal agents into tokenized, co-owned digital entities. Each agent operates across multiple platforms — games, social media, chat apps — with consistent memory and personality, powered by a modular AI framework called GAME. Using blockchain infrastructure, Virtuals enables fractional ownership of agents via fungible tokens, decentralized governance, and on-chain revenue sharing. Agents can earn and spend crypto, evolve through community contributions, and monetize through real-world applications, such as live-streaming or in-game interactions. By combining AI autonomy, immersive interaction, and tokenized economics, Virtuals.io pioneers a new class of intelligent, composable, and investable digital actors.

Virtuals tokens are used within the ecosystem to facilitate operations, with taxation mechanisms built into their contracts to support liquidity, development, and operational costs. However, flaws in these taxation mechanisms can lead to unintended security vulnerabilities, as demonstrated by the issue Predator identified.

The Vulnerability: Unchecked Tax Processing

The flaw Predator discovered arises from an unchecked underflow in the contract’s tax processing logic. If exploited, it could irreparably damage the integrity of Virtuals-based tokens, potentially leading to catastrophic devaluation and loss of trust in the ecosystem.

The flaw resides in the _taxProcessing function of the Virtuals token implementation contract (address: 0x082Cb6e892Dd0699B5f0d22f7D2e638BBAdA5D94). Specifically, the system's tax mechanism allows the projectBuyTaxBasisPoints or projectSellTaxBasisPoints to be set above BP_DENOM, leading to an arithmetic underflow when calculating post-tax token transfers. Since this calculation occurs within an unchecked block, it does not revert on error, potentially resulting in the recipient receiving nearlyuint256::MAX tokens instead of the intended amount.

Here’s a annotated version of the problematic code:

Press enter or click to view image in full size

Why Is This Dangerous:

Predator, via its reinforcement learning-driven penetration testing, identified that if projectBuyTaxBasisPoints is set higher than BP_DENOM, the tax deducted from a transaction could exceed the original amount, causing amountLessTax_ to underflow. As a result, the recipient of the transaction would receive an large token balance, breaking the tax mechanism and invalidating the token economy entirely.

In short:

  • The contract allows the tax rate (projectBuyTaxBasisPoints) to be set to a value greater than 100% (BP_DENOM = 10,000).
  • If this happens, the tax amount exceeds the transaction amount — leading to an underflow (i.e., subtraction resulting in a negative number, which wraps around to a massive positive value).
  • Due to Solidity’s unchecked {} block, this underflow doesn’t trigger a revert. Instead, the receiving wallet is credited with nearly the maximum possible uint256 balance (≈2⁵⁶ tokens).

In simple terms, an attacker (or even the contract owner) could instantly inflate an account’s token balance to near-infinity, all while keeping the total supply of the token unchanged — effectively destroying the token’s economy.

Automated Discovery via Predator

Unlike traditional security audits that require manual review, Predator autonomously identified this flaw through its reinforcement learning-driven vulnerability detection. Within minutes of analyzing the Virtuals token contracts, Predator flagged the unchecked arithmetic operation as a potential high-risk underflow condition and generated a reproducible exploit scenario.

Predator’s ability to rapidly detect these kinds of subtle but critical issues demonstrates the power of AI-driven, automated security testing. As smart contract ecosystems grow more complex, automation is essential for uncovering vulnerabilities before they can be exploited in the wild.

Exploitation Risk: Who Can Trigger This?

For this exploit to be triggered, the tax rate needs to be manually set beyond the safe limit, and the user would need to have admin privileges. Although the taxes are only levied on pool addresses, an admin can add any address to that set. Normally, this might not seem like a concern — except:

  1. All Virtuals tokens share the same owner address (0xE220…567), which has unrestricted control over tax rates.
  2. This owner address lacks multi-signature security, meaning a single compromised key could result in a devastating attack.
  3. If an attacker gains control of this admin wallet, they could manipulate tax rates, force an underflow, and instantly hyperinflate selected accounts.

Recommended Fixes

To mitigate this vulnerability, we have recommended that Virtuals should:

1. Remove Underflow Risk

Modify _taxProcessing to ensure that underflows trigger a revert:

Press enter or click to view image in full size

2. Enforce Safe Tax Limits

Restrict projectBuyTaxBasisPoints and projectSellTaxBasisPoints to a maximum of BP_DENOM (10,000):

Press enter or click to view image in full size

3. Improve Admin Security

  • Implement multi-signature protection for tax adjustments.
  • Decentralize ownership or transition to on-chain governance for tax rate changes.
  • Conduct regular Predator campaigns to detect the possibility of privilege escalations.
  • Revoke admin privileges as necessary to limit the attack surface.

Conclusion: The Future of Smart Contract Security

This vulnerability underscores a broader issue in Web3: even well-intentioned, frequently audited smart contracts may still harbor catastrophic bugs if not rigorously tested using autonomous solutions.

With Predator, TestMachine is leading the charge in proactive security, uncovering exploits before they can be weaponized. As the DeFi and AI-agent space continues to expand, projects must embrace automated, self-evolving security tools to stay ahead of attackers. It’s security through offense rather than passive inspection.

Want to ensure your contracts are secure? Run a Predator scan today.