The Commonplace
Home Papers Evidence Explore Trends Syntheses Digests About 🎲 Workforce Futures
← Papers
Direction, evidence grade, and study type are AI-generated labels (gpt-5-mini), not human-verified. Syntheses are LLM-written. "Tensions" are machine-detected candidates, not confirmed contradictions. A research-acceleration tool, not peer review. How this is built →

The ERC-8004 trust layer for autonomous AI agents records many identities but few verifiable services, and its reputation registry is easily gamed; after filtering coordinated Sybil activity, most rated agents have no trustworthy feedback.

Can Trustless Agents Be Trusted? An Empirical Study of the ERC-8004 Decentralized AI Agent Ecosystem
Xihan Xiong, Zelin Li, Wei Wei, Qin Wang, William Knottenbelt, Zhipeng Wang · June 24, 2026
arxiv descriptive medium evidence 7/10 relevance Full text usable extracted full text Source PDF
Across Ethereum, BSC, and Base through May 13, 2026, ERC-8004 identity entries are mostly placeholders and its reputation registry produces non-commensurable, easily manipulated feedback—after removing Sybil-flagged reviewers most agents are left with no valid ratings.

As autonomous AI agents increasingly transact across organizational boundaries, a fundamental trust challenge emerges: how can an agent assess whether an unknown counterpart is trustworthy? The ERC-8004 protocol addresses this challenge with the first permissionless trust layer for AI agent economies, built around three on-chain registries for Identity, Reputation, and Validation. Despite its rapid adoption, the protocol has not been studied empirically, leaving it unclear whether the information it records provides a trustworthy basis for decision-making. To address this gap, we present the first empirical study of ERC-8004 across three chains: Ethereum, BNB Smart Chain (BSC), and Base, covering the period from protocol deployment through May 13, 2026. We crawl on-chain Identity and Reputation events, off-chain files, and x402 payment transactions. On the identity side, we find that most registrations are placeholders rather than active agents, with only a small fraction (3%, 4%, and 15% across Ethereum, BSC, and Base) exposing a valid ERC-8004 registration file with at least one live service endpoint. On the reputation side, we show that the Registry, as currently deployed, cannot function as a trust signal: values are not commensurable, feedback records are rarely grounded in verifiable interactions, and reputation can be manipulated at minimal cost. Consistent with these design weaknesses, we find that a substantial fraction of reviewers (73.6%, 59.2%, and 90.6% across Ethereum, BSC, and Base) exhibit coordinated Sybil behavior. After removing Sybil-flagged feedback, 15.5%, 72.3%, and 89.4% of rated agents, respectively, are left with no valid feedback. We then turn these findings into concrete recommendations for future revisions of ERC-8004. Our study yields actionable protocol-design implications and establishes an empirical baseline for research on AI agent markets.

Summary

Main Finding

The ERC-8004 permissionless trust layer for decentralized AI agents saw rapid adoption across Ethereum, BSC, and Base (≈173k registered agents by 2026-05-13) but—based on a comprehensive on-chain and off-chain crawl—its Identity and Reputation registries, as deployed, do not provide a reliable trust basis for autonomous agents. Most on-chain registrations are placeholders or concentrated deployments, only a small share expose usable service endpoints, and the Reputation Registry is easily manipulated and often populated by coordinated Sybil reviewers. As a result, raw registration and reputation counts substantially overstate usable, trustworthy agent capacity.

Key Points

  • Adoption and scale

    • Total registered agents across chains: ≈173k (BSC 90k, Base 51k, Ethereum 32k) during Jan 29–May 13, 2026.
    • Large gap between raw registrations and usable identities: while many agents have a registration file, only a small fraction actually declare a live service endpoint (3% ETH, 4% BSC, 15% Base).
    • Valid ERC-8004 registration-file presence (different, looser metric): reported at 29.4% (ETH), 83.4% (BSC), 26.9% (Base).
  • Identity structure and concentration

    • Batch registration is common on Ethereum (2.6% of registration txs account for 48.3% of agents) and present on Base (1.7% of txs → 7.8% of agents); negligible on BSC.
    • Owner concentration: Gini coefficients ETH 0.733, Base 0.708 (high concentration); BSC 0.133 (much more distributed).
    • Many agents never activate a usable URI: substantial fraction of registered identities are inactive/placeholders.
  • Reputation registry weaknesses

    • The Reputation Registry fails four necessary conditions for a trustworthy score:
    • Values are not commensurable (free-form tags, inconsistent decimals/metrics).
    • Feedback records are rarely grounded in verifiable, auditable interactions.
    • Aggregated score can be moved by a single input (fragile aggregation).
    • Reputation can be fabricated or destroyed at negligible cost.
    • Median cost to fabricate/destroy reputation: $0.055 (ETH), $0.0042 (BSC), $0.0027 (Base).
    • Sybil and coordinated behavior:
      • Share of reviewers flagged as Sybil: 73.6% (ETH), 59.2% (BSC), 90.6% (Base).
      • These affect the displayed reputations of 26.1% (ETH), 75.8% (BSC), 96.8% (Base) of rated agents.
      • After removing Sybil-flagged feedback, share of rated agents left with no valid feedback: 15.5% (ETH), 72.3% (BSC), 89.4% (Base).
  • Validation Registry

    • High-assurance Validation Registry (stake-secured re-execution, zk proofs, TEE attestations) had no confirmed mainnet deployment during the observation window and was therefore not analyzed empirically.

Data & Methods

  • Scope and timeframe
    • Chains: Ethereum (mainnet), BNB Smart Chain, Base.
    • Window: protocol deployments through 2026-05-13.
  • Collected artifacts
    • All Identity and Reputation Registry on-chain events (Registered, URIUpdated, Transfer, MetadataSet, NewFeedback, FeedbackRevoked, ResponseAppended).
    • Off-chain registration files (agentURIs) and off-chain feedback files (feedbackURIs).
    • x402 payment transactions when referenced by feedback files (used as possible provenance linking payments to service delivery).
    • Per-transaction gas costs; native token prices converted to USD using Binance hourly candles (±2-hour tolerance).
  • Analysis techniques
    • Replayed event histories to recover current state (agent URIs, feedback sets).
    • Parsed off-chain JSON artifacts to check ERC-8004 compliance, presence of declared service endpoints, and evidence fields (e.g., proofOfPayment, A2A/MCP context).
    • Measured batch registration behavior and ownership concentration (Lorenz curves, Gini coefficients).
    • Assessed reputation system security: cost models for creating or removing feedback, ability to move aggregated scores, and detection/quantification of coordinated/Sybil reviewer behavior (pattern-based flags derived from feedback metadata and interactions).
  • Limitations noted by authors
    • Validation Registry not deployed on studied chains in the window, so high-assurance trust tier not empirically available.
    • Attribution of x402 payments to agents can be complex; details and corner cases are discussed in the paper’s appendix.

Implications for AI Economics

  • Signals and market functioning
    • On-chain registration volume is a poor proxy for market maturity or available supplier capacity; researchers and market participants must distinguish mere registration from active, service-providing agents.
    • Weak, cheap-to-manipulate reputation signals risk distorting market entry, pricing, and matching: dishonest or Sybil-supported agents can appear high-quality at minimal cost, undermining efficient allocation and fair competition.
  • Incentives and mechanism design
    • The low cost of fabricating reputation (fractions of a dollar or cents) creates a high risk of externalities (spam reviews, fake supply) that can swamp organic signals unless protocols impose stronger friction or cryptoeconomic costs on feedback creation.
    • A layered trust model is essential: lightweight discovery alone cannot sustain commerce at non-trivial value; credible transactions demand verifiable provenance (e.g., payment-linked attestations) or higher-assurance validation (stake/zk/TEE).
  • Reputation system design prescriptions (for protocol designers and economists)
    • Tie feedback to verifiable on-chain events where possible (e.g., x402 payment proofs) to ground reputation in observable exchanges of value.
    • Standardize commensurable metrics and schemas (fixed, enumerated tags; consistent decimals) so scores are comparable across agents and services.
    • Introduce Sybil-resistant costs or cryptoeconomic staking for reviewers (bonded reviewers, slashing for provable misbehavior), or use reputation-weighting/decay to reduce impact of mass-sybil networks.
    • Promote independent validators (Validation Registry deployment) to enable high-assurance reputation when value-at-risk justifies the cost.
  • Measurement and policy consequences
    • Empirical researchers and policymakers should not rely on raw on-chain registration or raw feedback counts to infer ecosystem health or consumer protection; nuanced metrics (activated endpoints, provenance-backed feedback, concentration metrics) are required.
    • Market monitoring tools are needed to surface coordinated manipulation and to estimate real liquidity and counterparty risk in agent economies.
  • Research directions
    • Quantify the relationship between reputation signal quality and agent pricing, match efficiency, or market concentration in agent economies.
    • Design and evaluate robust reputation-aggregation algorithms that are resilient to cold-start, sybil attacks, and sparse verifiable interactions.
    • Study the adoption dynamics and economic incentives for deploying Validation Registry services (costs vs. assurance trade-offs).
    • Explore regulatory and governance designs for permissionless agent registries (disclosure requirements, certification markets, or decentralized attestation networks).

Summary takeaway: ERC-8004 establishes important primitives for a permissionless trust layer, but current deployments expose substantial gaps between recorded data and usable trust signals. For AI agents to reliably transact across organizational boundaries, reputation and identity registries must be redesigned to enforce verifiable provenance, commensurable metrics, and economic costs that meaningfully deter manipulation.

Assessment

Paper Typedescriptive Evidence Strengthmedium — The paper provides comprehensive, multi-chain observational evidence (on-chain events, off-chain registration files, and payment transactions) covering the full deployment period to May 13, 2026, which supports descriptive claims about adoption and manipulation risks; however, it relies on measurement heuristics (e.g., Sybil detection and 'live endpoint' checks) that cannot definitively prove intent or causal effects, and it does not observe downstream economic outcomes. Methods Rigormedium — The authors perform systematic crawling across three blockchains and triangulate multiple data sources (events, files, payments), and report clear quantitative metrics and percentages; nevertheless, key analytic steps (Sybil identification, validity checks for registration files and feedback grounding) appear heuristic and may produce false positives/negatives, and the study is observational without experimental validation. SampleOn-chain data from three public chains (Ethereum, BNB Smart Chain, and Base) spanning from ERC-8004 deployment through May 13, 2026, including Identity and Reputation registry events, off-chain registration files referenced by identities, and x402 payment transactions; analysis reports registration coverage and the share of identities exposing valid registration files and live service endpoints, distributions of reputation entries, and heuristically-flagged Sybil reviewers (with percentage breakdowns per chain). Themesgovernance adoption GeneralizabilityLimited to three public chains (Ethereum, BSC, Base) and may not generalize to other blockchains or private/permissioned ledgers, Snapshot limited to deployment period through May 13, 2026; adoption and attack patterns may change over time, Sybil and manipulation detection relies on heuristics that may misclassify accounts, limiting external validity, Off-chain file availability checks depend on hosting practices and may undercount legitimate but ephemeral service endpoints, Findings describe protocol-recorded signals, not downstream economic outcomes (e.g., productivity, transaction volumes, or firm behavior)

Claims (9)

ClaimDirectionOutcomeConfidence & EvidenceDetails
The ERC-8004 protocol provides the first permissionless trust layer for AI agent economies, built around three on-chain registries for Identity, Reputation, and Validation. Governance And Regulation null_result existence and design of a permissionless on-chain trust layer (Identity, Reputation, Validation registries)
Reading fidelity high
Study strength speculative
not reported
0.03
This paper is the first empirical study of ERC-8004, covering Ethereum, BNB Smart Chain (BSC), and Base from protocol deployment through May 13, 2026. Other null_result empirical coverage (chains and time period)
Reading fidelity high
Study strength high
not reported
0.3
Most registrations are placeholders rather than active agents: only a small fraction (3%, 4%, and 15% across Ethereum, BSC, and Base) expose a valid ERC-8004 registration file with at least one live service endpoint. Adoption Rate negative fraction of registered identities exposing a valid registration file with at least one live service endpoint
Reading fidelity high
Study strength high
3%, 4%, and 15% across Ethereum, BSC, and Base
0.3
The Registry, as currently deployed, cannot function as a trust signal because registration/reputation values are not commensurable. Decision Quality negative commensurability/consistency of reputation values recorded in the registry
Reading fidelity high
Study strength medium
not reported
0.18
Feedback records in the Registry are rarely grounded in verifiable interactions. Decision Quality negative proportion of feedback records that can be linked to verifiable interactions
Reading fidelity high
Study strength medium
not reported
0.18
Reputation can be manipulated at minimal cost under the current Registry design. Market Structure negative vulnerability of reputation scores to low-cost manipulation
Reading fidelity medium
Study strength medium
not reported
0.11
A substantial fraction of reviewers exhibit coordinated Sybil behavior: 73.6%, 59.2%, and 90.6% across Ethereum, BSC, and Base respectively. Market Structure negative fraction of reviewers flagged as exhibiting coordinated Sybil behavior
Reading fidelity high
Study strength medium
73.6%, 59.2%, and 90.6% across Ethereum, BSC, and Base
0.18
After removing Sybil-flagged feedback, 15.5%, 72.3%, and 89.4% of rated agents on Ethereum, BSC, and Base respectively are left with no valid feedback. Decision Quality negative fraction of rated agents left with zero valid feedback after Sybil-flag removal
Reading fidelity high
Study strength medium
15.5%, 72.3%, and 89.4% across Ethereum, BSC, and Base
0.18
We crawled on-chain Identity and Reputation events, off-chain registration files, and x402 payment transactions to assemble the empirical dataset used in the study. Other null_result data collection scope and sources
Reading fidelity high
Study strength high
not reported
0.3

Notes