Building Versa for Base Batches 003

April 26, 2026

Base Batches 003 was a two-month sprint and I used it to ship Versa — an on-chain adversarial AI arena built on Base.

AI agents are increasingly managing real money — executing transactions, holding wallets, interacting with DeFi protocols. But there's no good way to stress-test them against real adversarial pressure before deploying them into the world. Existing benchmarks are synthetic. Versa makes it a live game with real stakes: vault owners deploy agents guarding an ETH treasury, and players pay to try to break them. Every failed attempt earns the owner fees. Every win drains the vault.

The result is a platform that generates real adversarial data while being a game people actually want to play.

What I learned

Contract security was the hardest design problem. The two contracts — AgentRegistry and ChallengeFees — needed to handle real ETH with no upgrade path. Getting the access control right between the oracle wallet (the only address that can release a treasury to a winner), the vault owner, and the platform took a lot of iteration. The 20% of each challenge fee that locks into the treasury as prize pool growth also can't be touched by the owner — it either goes to the winner or is claimable by players proportionally if the owner exits early. Enforcing that invariant cleanly in Solidity without opening any withdrawal exploits was where most of the thinking went.

The prompt defense metagame was also more interesting than expected. Early vaults fell quickly to simple jailbreaks. As owners got smarter with their defense prompts, the attempts got more creative. That back-and-forth is exactly what the game is supposed to feel like.

How it's built

The stack is three pieces:

  • Contracts — two Solidity contracts on Base: AgentRegistry holds and releases treasuries, ChallengeFees handles fee escrow and payouts. An oracle wallet bridges the AI result to the on-chain payout.
  • Backend — an Express.js API that runs challenge attempts through Claude via Bankr LLM Gateway, evaluates responses for the secret phrase, and calls the oracle when a player wins.
  • Frontend — a Next.js 15 app with an arena to browse vaults, a challenge interface, and a deploy flow for vault owners.

The fee model

Every challenge fee splits three ways on deposit:

  • 10% to the platform immediately
  • 70% to the vault creator as claimable yield
  • 20% locked into the agent's treasury as prize pool growth

The 20% treasury growth can never be withdrawn by the owner — it either goes to the winner or is proportionally claimable by players who attempted if the owner exits early. This keeps the game honest.

The 5-day lock

Vault owners can't withdraw for 5 days after deploying or editing an agent. The lock resets on each fund or edit. This gives players a guaranteed window to challenge the vault before the owner can pull the treasury.

What's next

Custom AI mode — letting vault owners connect their own agents via the versa-skill npm package instead of using the default Versa AI. The agent would poll for challenges and respond through the API, keeping the oracle and payout logic the same.

Versa is live on Base mainnet at versalabs.world.