The attribution check ("only the anchor that registered fromBot may cite for it") is skipped while reputationEngine == address(0). In the window after the resolver is live but before setReputationEngine() is called, any verified Trust Anchor can record a citation with fromBot = someone else's bot.
setReputationEngine() before the resolver can receive any attestation, and the EAS schema/resolver should not be wired into EAS until then. Treat as a hard sequencing invariant + verify post-deploy.batchRecordCitations (callable by batchAnchor or owner) does not enforce toBot Shyft attestation, shared trust channel, attribution, cooldown, or fee — it only checks fromBot is anchor-verified. A compromised batchAnchor key can mint citation counts to arbitrary targets, free.
batchAnchor must be a trusted multisig/oracle key (treat as privileged). For production, add the channel + target-registration checks to the batch path so it matches attest().Two convergent angles: the oracle can (a) pre-score an unregistered address over epochs so it enters with a high score the moment it self-registers; and (b) walk a score past the initial cap to 10000 via repeated sub-maxDelta steps (the delta cap bounds per-epoch, not cumulative). Already documented testnet-accepted (S-03, single-oracle trust).
Any address can selfRegisterBot() (no Trust Anchor) and immediately reports a 500 bp composite "seed" score it never earned (verified bots get 2000). Unlimited Sybils each carry a starter reputation — if getCompositeScore feeds gating.
getCompositeScore (vs getReputation, which returns 0 for unscored) is used for any gating. If yes, gate the seed floor behind verification; if no, downgrade to info.It treats registry.ownerOf(unknownId) == address(0) as "not registered." Canonical ERC-721 ownerOf reverts for nonexistent tokens — against such a registry the AgentNotRegistered path breaks (opaque revert) and the agentId-0 safety assumption weakens. Only the in-repo mock returns zero.
ownerOf semantics; adapt the bridge (try/catch) if it reverts.Ownable, no timelock, across all contractsOwners control fees, oracle binding, channel index, fee withdrawal, pause. The MachineConsentHelper owner is the highest-value key (controls the Shyft consent-signer mapping). RMTToken has uncapped mint with deployer holding admin+minter.
Ownable2Step + timelock before production; move MINTER_ROLE to the fee-distribution contract.• MAX_EPOCH_GAP=0 is immutable and permanently bricks score reads — validate at deploy. • citation fee requires attester pre-approval or the attestation reverts (fail-closed, fine). • registerExisting can leave non-contiguous domainIds (owner-only, read paths hole-safe). • ERC8004 links can't be unlinked (no key rotation) + a level-1 floor blocks downgrades.
MAX_EPOCH_GAP; document the rest; decide on an unlink path for key rotation.setReputationEngine() before the resolver is usable (M1) — bake the ordering + a post-deploy assertion into the deploy script.ownerOf returns zero (not reverts) for unknown agents (M5); adapt the bridge if needed.batchAnchor to a trusted multisig/oracle and validate MAX_EPOCH_GAP > 0 (M2, foot-gun).getCompositeScore gates anything (M4) — decide the seed-floor policy.auxSigners[address(this)] is intentional (MCH IS the anchor) — confirmed by its tests.burn is self-only (_burn(msg.sender)); no burnFrom/allowance drain.