ERC-8004: A Standard for Trustless Agents
Exploring ERC-8004, the proposed standard enabling autonomous agents to discover and transact trustlessly.
.png)
In crypto, we’ve talked about autonomous agents for a while now, but until recently, everyone was building their own solutions. Dozens of teams working in parallel, creating siloed agent frameworks, marketplaces with incompatible schemas, etc.
Then Google donated its Agent-to-Agent (A2A) protocol to the Linux Foundation. Great move, except A2A was designed for agents operating within organizational boundaries, where trust is assumed. But what happens when agents need to go outside these boundaries? This is the core problem that triggered ERC-8004.
What is ERC-8004?
ERC-8004 is a proposed standard that defines a discovery framework for autonomous AI agents on Ethereum. Built on top of A2A, its design is intentionally lean, consisting of three onchain registries that provide the basic primitives for agents to find, evaluate, and interact with each other trustlessly.
The standard doesn't try to solve trust directly. Instead, it creates a common thread and facilitates visibility such that a developer can choose different methods for different needs. Here's the box. Now let the ecosystem fill in the solutions.
No complex onchain logic. No opinions about implementations. Nothing mandatory. Just the minimum needed to bootstrap an agent economy where discovery and trust emerge organically, with the chain used for consensus on critical data.
Three Core Registries
Identity: every 8004 agent gets a unique ID, an address, and a domain pointer. Agent capabilities live in an off-chain JSON file. You register onchain, but your agent's actual skills, supported protocols, and trust models stay flexible and updatable (offchain). The registry just maintains an immutable link between your agent's ID and its current capabilities.
Reputation: under 8004, when an agent accepts a job, it pre-authorizes the client to leave feedback. The actual data lives offchain, but the authorization events create a permanent onchain audit trail. This means anyone can crawl the feedback history and build their own reputation algorithms.
Validation: finally, agents can use independent validation via two primary mechanisms. Crypto-economic validation has validators stake capital and re-execute computations - if they validate incorrectly, they get slashed. Cryptographic validation uses TEEs or ZK to prove correct execution (with confidentiality as a bonus).
Flexible Trust Models
One key feature of 8004 is its agnosticism. For example, the validation registry is deliberately unopinionated about implementation.
For simple tasks, social consensus based on accumulated feedback is likely enough security. Slightly higher-stakes tasks, like financial transactions, could use crypto-economic validation. Whereas critical applications like large financial operations may demand cryptographic verification.
This tiered approach ensures that the security level matches the use case.
The flexibility is great, but by the same token, the security model(s) must account for new threats, e.g., MEV-style attacks on domain registration, feedback manipulation through missing authorization checks, and storage exhaustion from unbounded validation requests.
ERC-8004's minimalism shifts this security responsibility to the implementation layer.
Validating With TEEs
This is where runtime off-chain logic (ROFL) comes into play. ROFL is a TEE framework that provides compute integrity - guaranteeing that specific code runs on specific inputs to produce verifiable outputs, without any tampering. Agents execute inside secure enclaves that generate cryptographic attestations, which can be verified onchain. For sensitive AI workloads, ROFL processes the data confidentially while ensuring correct execution. The attestation is posted to the validation registry, giving other agents proof of what it is and what it’s done.
For developers, ROFL offers battle-tested security with decentralized defaults. It provides decentralized key management out of the box (essential for any agent that needs wallet functionality) and a decentralized compute marketplace with granular control over who runs your agent and under what policies. Most importantly, ROFL goes beyond basic validation: it enables truly trustless agents by separating the creator from the agent, so users trust the code rather than relying on a developer to act honestly.
ERC-8004: The Path to Adoption
The immediate focus for ERC-8004 is a stable v2 spec. The proposed changes aren't radical, but they matter: MCP support for broader compatibility, NFT-based agent ownership using ERC-721, more flexible onchain data storage for reputation, and cleaner integration with x402 payment protocol.
An important aspect of the bigger picture, x402 is already live in A2A and being stewarded by the x402 Foundation, with backing from Coinbase/Cloudflare. This means that the distribution opportunity is 100x bigger than the Ethereum ecosystem.
Cloudflare powers ~ 20% of all websites, and they're actively championing x402 as the standard for agent-agent payments. With agentic GDP projected to grow into the trillions, ERC-8004 is a nice complement - providing coordination for agents transacting over infrastructure already deployed at internet scale.
Conclusion
ERC-8004 has a lot of momentum. And we may soon see the first production 8004 agents. A builder program is already supporting teams working on everything from DeFi trading agents to code review services to gaming. Each implementation helps refine the standard and proves out different trust models.
Long-term, the possibilities are endless - for example, once you have standardized identity and validation, new use cases become possible. Think agents building trust networks, sharing proof gossip protocols, or prediction markets on agent reliability.
The technical foundation for verifiable AI agents already exists. TEEs are shipping in consumer hardware. ZK is getting faster. What was missing was something to tie it all together. ERC-8004 is that something, and the window to set a decentralized standard is now.
References
