The rise of AI agents in DeFi has brought about a new layer of risk: authorization. As wallets and Layer 2s (L2s) allow agents to propose and execute on-chain actions, users are granting broad scopes and forgetting to revoke access, leading to unintended consequences.
Agents like those from MetaMask's Agent Wallet or Base's Model Context Protocol (MCP) provide a pipeline of authorizations and checks before executing transactions. However, this process is not foolproof, and users must ensure that their agents have the necessary permissions and follow proper procedures.
The problem lies in mis-scoped authorization rather than malicious bytecode. Users need to be aware of the risks associated with broad-scope tokens and plugins with on-chain addresses, which can route actions to adversarial contracts.
To mitigate these risks, wallet teams are shipping safety rails such as mandatory simulation, threat scans, and MEV protection. Additionally, protocols like Base's MCP enable agents to propose actions and execute via OAuth 2.1 flows, reducing phishing and centralizing consent audit trails.