Aeg1s

AEG1S

One permission. Four agents. Zero custody.

What Is AEG1S?

AEG1S is a non-custodial autonomous DeFi agent system built on Base Sepolia. A user states a yield goal in plain English, grants a single scoped permission via MetaMask Smart Accounts, and a chain of four specialized AI agents — powered by Venice AI — finds the best yield opportunity, verifies it is safe, and deploys capital onchain. The user's private key is never accessed, requested, or stored at any point.

The agent pipeline is enforced not by trust in AEG1S as a platform, but by ERC-7710 delegation caveats at the EVM level. Each agent holds only what it needs, can only call what it was authorized for, and cannot exceed its budget regardless of what the AI tells it to do. The permission shape is the security model.

The Problem

Yield bots require you to hand over your keys — and that costs billions

Every autonomous yield tool that exists today comes with one condition: give us your private key, or grant unlimited wallet approval. There is no middle ground. The protocol either controls your wallet completely, or it does nothing.

This is not a theoretical risk. $1.83 billion was drained through access-control exploits in H1 2025 alone — 59% of all DeFi losses that period. The Bybit hack drained $1.5 billion in 18 minutes through an access-control failure. The Cetus protocol lost $223 million in 15 minutes via private key compromise. According to Coinlaw 2026, 52% of DeFi protocols suffer at least one breach within their first year.

When the yield bot platform you trusted gets compromised, you don't lose your yield position. You lose your entire wallet.

MEV bots extract value from every manual transaction

When you manually deploy capital through the public mempool, every pending transaction is visible to bots before it settles. Sandwich attacks extracted $289.76 million from Ethereum users in 2025 alone — over half of all MEV transaction volume. A 2025 Flashbots study confirmed 1.2% of all DEX trades are sandwiched at an average loss of 0.41% per trade. On a $10,000 yield deployment across 3–4 transactions, that's $120–$160 extracted before your yield even starts accruing.

By the time you finish researching, the APY is already gone

DeFi stablecoin APYs swing from 3% to 10%+ based on borrowing demand, and onchain data refreshes every 15 minutes. A user doing responsible manual research — DefiLlama, Dune, a DEX aggregator, a security scanner — takes 45 minutes minimum. By the time they execute, the opportunity has shifted. The APY they saw is not the APY they locked in. New protocol incentive yields can drop 50%+ within a week as liquidity follows the rate.

Speed and safety are in direct conflict. Manual execution forces you to choose between them every single time.

The Solution

AEG1S solves all three problems with one primitive: scoped onchain permissions instead of custody.

Instead of handing over your keys, you grant a single ERC-7715 permission: "spend up to X USDC for yield research and deployment." AEG1S's Planner Agent decomposes that intent into three sub-delegations — one per executor agent — each with a hard budget cap enforced by onchain caveat enforcers. The Research Agent can query data but cannot execute trades. The Risk Agent can evaluate protocols but cannot move funds. The Execution Agent only fires after Research and Risk both complete, and can only deposit into the single approved protocol.

The entire pipeline — research, risk verification, and execution — completes in under 90 seconds. You lock in the APY you discovered. All transactions route through 1Shot's permissionless ERC-7710 relayer, never touching the public mempool. No MEV extraction. No key handoff. No stale data.

How It Works

The User Flow

A user opens AEG1S, connects MetaMask Flask, and types a natural language goal:

"Find the best USDC yield above 8% APY and deploy 500 USDC. Research budget: 5 USDC."

MetaMask surfaces one permission prompt: "Grant AEG1S Planner Agent permission to spend up to 505 USDC?" The user approves once. Everything after is autonomous.

The Four-Agent Pipeline

Phase 1 — Planner Agent (~5 seconds)

Venice AI receives the raw intent and produces a structured execution plan with concrete budget allocations per agent. The Planner then creates three ERC-7710 sub-delegations onchain — one per executor agent — each with a hard USDC cap enforced at the EVM level by the MetaMask DelegationManager. Three delegation transaction hashes are produced. The Planner's job ends here. It does not monitor, intervene, or hold funds.

Phase 2 — Research Agent (~15–20 seconds)

The Research Agent holds its 2 USDC delegation slice. It reads live yield data from three sources in parallel:

x402 micropayment — pays 0.001 USDC via ERC-7710 delegation to AEG1S's premium yield endpoint, which returns MEV risk scores and risk-adjusted APYs across protocols. The payment settles onchain through 1Shot's permissionless relayer — a real transaction hash, not a mock.
Onchain reads — reads getReserveData() from Aave v3 Pool, slot0 and pool balance from Uniswap V3, and getAPY()/getTVL() from MockVault contracts directly via Venice's built-in Crypto RPC.
DefiLlama API — top-10 USDC pools on Base for mainnet context.

Venice AI ranks the top three opportunities using all sources combined. The Research Agent cannot execute any deposit. It cannot exceed 2 USDC. Its delegation scope physically prevents both.

Phase 3 — Risk Agent (~15 seconds)

The Risk Agent receives the ranked opportunities and runs each through an onchain security pipeline. For Aave, it decodes the ReserveConfiguration storage bitmap directly from getReserveData() — bit 56 (isActive), bit 57 (isFrozen), bit 60 (isPaused) — no external oracle. For Uniswap, it confirms the pool address via factory.getPool(). For MockVaults, it reads rugFlag and auditStatus directly from the contract.

Venice AI then scores each protocol 0–100 using the raw security data:

rugFlagOnChain = true → −60 (hard reject)
auditStatus = "unaudited" → −40
TVL declining >20% in 7 days → −30
Contract age <7 days → −20
Not whitelisted → −10

Approval threshold: score ≥ 60 AND rugFlag = false. If zero protocols pass, the task aborts and the full budget is returned to the user. This abort path is a feature — the system protects capital even when no safe opportunity exists.

Phase 4 — Execution Agent (~30–60 seconds)

Only fires if the Risk Agent approved at least one protocol. Venice AI first validates the constructed calldata against the approved protocol address and deposit amount. Then the 9-step 1Shot relay flow executes:

relayer_getCapabilities("84532") — gets live targetAddress and feeCollector
Creates ERC-7710 delegation from Execution Agent to 1Shot targetAddress
Signs delegation
Builds transaction bundle: [USDC.transfer(feeCollector, fee), USDC.approve(vault, amount), vault.supply/mint(...)]
relayer_estimate7710Transaction(bundle) — gets precise USDC fee + locked context (~45s window)
relayer_send7710Transaction(bundle, context) — submits to 1Shot
Polls relayer_getStatus until terminal: Confirmed (200) | Rejected (400) | Reverted (500)
Returns real onchain transaction hash

Gas is paid in USDC from the agent's delegated budget. Zero ETH required. The transaction never enters the public mempool — no MEV extraction possible.

Settlement

On confirmation, unused research budget is returned to the user's smart account. The task record — every delegation hash, every agent decision, Venice AI reasoning, x402 payment receipt, and final transaction hash — is stored and displayed in AEG1S's audit panel. Every single item is independently verifiable on Base Sepolia explorer.

Technical Architecture

Standards and Protocols

Standard	Role in AEG1S
ERC-7715	User grants one scoped spend permission to Planner Agent via MetaMask
ERC-7710	Planner sub-delegates to Research, Risk, Execution agents with hard budget caps
EIP-7702	Upgrades user EOA to MetaMask Smart Account on first permission grant
x402	HTTP-native micropayment — Research Agent pays 0.001 USDC per call to unlock premium yield data
ERC-8004	Onchain agent identity and reputation registry — all four agents registered
Venice AI	Privacy-first LLM — intent decomposition, risk scoring, calldata validation across all agents
1Shot Relayer	ERC-7710 permissionless relay — USDC gas, private transaction routing, no ETH required

Agent Addresses (Base Sepolia)

Agent	Address
Planner Agent	`0x0bb601232F046b1B899d0Cb8620b0C152b687439`
Research Agent	`0xACb091cbfBda9372dC0569E65E888AE7B55b00DD`
Risk Assessor Agent	`0x779cDE55025DF9aBB537D4878d6E7534eEa7B1Ce`
Execution Agent	`0xe5D0dA2F508F9FFe9A1E571490c81e5fD32919B1`

DeFi Protocols (Base Sepolia)

Protocol	Address
Aave v3 Pool	`0x8bAB6d1b75f19e9eD9fCe8b9BD338844fF79aE27`
Uniswap V3 Factory	`0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24`
Circle USDC	`0x036CbD53842c5426634e7929541eC2318f3dCF7e`
1Shot Testnet Relayer	`https://relayer.1shotapi.dev/relayers`
MetaMask DelegationManager	`0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3`

What Makes AEG1S Different

Every existing yield tool makes one of two compromises: it takes custody of your keys, or it limits you to predefined rules. AEG1S makes neither.

The permission model is the product. Each agent's delegation scope is enforced at the EVM level by the MetaMask DelegationManager — not by trusting AEG1S's backend, not by a smart contract AEG1S controls, but by the same delegation infrastructure MetaMask ships to every user. You can verify on any block explorer exactly what each agent was permitted to do, exactly what it actually did, and exactly what it cost. That transparency is structurally impossible with a custodial bot.

And because Venice AI reasons fresh about each opportunity at runtime, AEG1S works on any protocol the Research Agent can discover — including ones that launched yesterday. Rule-based automation can only handle what its rules were written for. AEG1S handles anything a user can describe.