Vibing Farmer

The problem

Yield farming on DeFi is tedious. You find a vault, figure out the right token, swap into it, approve the spender, deposit, and then do the whole thing again for the next protocol. If you want to spread capital across three or four vaults for diversification, that's twelve or more manual transactions. Each one needs a wallet confirmation. Each one costs gas. Miss a step and your funds sit idle.

Giving an AI agent your private key to automate this is worse than doing it manually. One bug, one prompt injection, one compromised API and your treasury is gone. The core tension: automation needs access, but access without boundaries is a liability.

What Vibing Farmer does

Vibing Farmer runs an AI-coordinated agent swarm that deposits into multiple ERC-4626 vaults in parallel. You tell it how much USDC, your risk tolerance, and how many vaults. The system handles the rest strategy generation, risk evaluation, on-chain scoping, and parallel execution with a single approval from you.

The key constraint: agents never hold your funds and can never exceed the boundaries you set. Each worker gets a disposable cryptographic key with an on-chain scope (specific vault, specific token, capped amount per period, hard expiry). If anything goes wrong, you revoke the key with one signature. The agent stops immediately. No admin can override this.

After deposits land, an autonomous monitor loop watches your positions around the clock detecting APY drift, surfacing risk alerts, and proposing rebalances. It doesn't move funds on its own. It observes, evaluates, and tells you what it would do. You decide.

How it works, step by step

1. Strategy generation. Venice AI (running deepseek-v4-flash) receives your parameters along with live yield data from DeFiLlama real APYs, TVL, 7-day trends. It outputs a multi-vault allocation and a skill JSON file per worker agent. If Venice is down, the system falls back to DeepSeek via a server-side proxy. If both fail, a deterministic local fallback kicks in. The strategy still runs.

2. Monte Carlo simulation. Before you see the strategy, the system runs 200 seeded Monte Carlo scenarios over a 30-day horizon against the proposed allocation. It accounts for the current turbulence regime, live gas prices, and historical drawdown data. You see the distribution of outcomes median, P5, P95 not just a single APY number.

3. AI Council deliberation. Three AI specialists yield, risk, and market independently evaluate the proposal. Each receives the same allocation, the same market state, and the current playbook rules. If they agree, the verdict passes. If they disagree, a synthesis call resolves the conflict and logs which specialist was overruled and why. The full deliberation (verdict, cited rules, resolution method) shows up in the UI before you commit.

4. Skill review. Every field in the generated skill JSON is editable. You can tighten slippage limits, lower deposit caps, shorten expiry windows. Nothing executes until you approve.

5. Smart account upgrade. Smart account delegation. MetaMask SAK delegates your Flask EOA via EIP-7702 internally during the permission grant you don't call eth_signAuthorization yourself. Calls then run from your own account address.

6. Scoped permission — two layers. First, an ERC-7715 permission via MetaMask Advanced Permissions sets a token-periodic rate limit at the wallet level. Second, you sign an AgentRegistry.authorizeSessionKey transaction per worker recording on-chain: which vault, which token, how much per period, period duration, and a hard expiry (max 30 days). The depositor contract reads this scope on every call. Any violation reverts. These are two independent safety layers; compromising one still leaves the other intact.

7. Parallel execution. The OrchestratorAgent dispatches N WorkerAgent instances via Promise.allSettled. For each, the 1Shot Managed API server wallet redeems a slice of the ERC-7715 permission (USDC.transfer to the depositor), then relays the worker's EIP-712-signed depositHeld call the user pays zero gas. Authorization is the signature, not the sender; if the relayer is down, the signed calldata can be broadcast directly.

8. Strategy attestation. The raw Venice AI output is hashed (keccak256) and written on-chain. Anyone can reproduce the hash from the original JSON to verify the strategy wasn't tampered with between generation and execution.

9. Autonomous monitoring. After deposits, a Web Worker runs a never-stop loop: observe positions, gate proposals (gas freshness, economic checks, rate limits), simulate outcomes, run a council review, reflect on the cycle, and update the playbook. An ACE Curator watches for notable outcomes (failures, disagreements) and proposes new playbook rules via Venice AI. Rules get merged, pruned, and evolved over time. The loop doesn't execute trades it proposes. You act through the UI.

10. Kill switch. AgentRegistry.revokeAgent is a user-signed transaction. It works even if the relayer is offline, even if the frontend is down. One signature, and the agent's scope is permanently dead on-chain.

On-chain architecture

Three Solidity contracts on Base Sepolia:

- AgentRegistry — the single source of truth for agent permissions. One key, one scope, forever. Re-scoping requires a new key. Tracks cap-per-period with a rolling fixed window rollAndSpend). Revocation is instant and irreversible per key.

- AgentVaultDepositor — deposit-only execution. Recovers the worker key from an EIP-712 signature, reads the scope from AgentRegistry, and deposits the contract's own (relayer-funded) balance into the ERC-4626 vault via depositHeld, crediting shares to the user. The contract holds no funds permanently USDC only passes through transiently between the relayer's redeem and the deposit. A transient-custody invariant (no permanent custody) is tested under stateful fuzz.

- MockVault — a plain ERC-4626 vault wrapping USDC with a configurable APY for demo purposes.

Testing

The test suite goes beyond happy paths:

- Unit tests for both contracts covering permission violations, edge cases, and ERC-4626 compliance

- Stateful fuzz testing (Foundry invariant) enforcing cap and reserves invariants across random sequences

- Security destructive drills — stolen-key exploitation, revoke-after-deposit, no-scope attacks — run live on Base Sepolia with results recorded in the threat model doc

- Fork integration against real Morpho vaults on mainnet

- Simulation replay — mainnet depeg events replayed through the contract to JSON

- Pause-safety invariant — proving that pause can never trap user funds

- Zero-custody invariant — proving workers hold nothing after execution

- 28 frontend test files covering the strategy engine, council, simulation, MDP, gates, monitor loop, and more

CI runs on every push: Forge unit tests, Slither static analysis (soft-fail gate), and nightly fork tests against mainnet RPCs.

Sponsor integration

MetaMask — EIP-7702 smart account upgrade via MetaMask SAK. ERC-7715 wallet_requestExecutionPermissions) for token-periodic rate limiting. EIP-5792 wallet_sendCalls) for batching approve + registry authorization into one user confirmation. Flask 13.9+ required; the app includes a version detection gate.

1Shot — Managed API (Dev Platform): the 1Shot server wallet redeems the ERC-7715 permission and broadcasts the worker-signed deposit on Base Sepolia. The user pays zero gas. If the relayer fails, the app falls back to direct user-wallet broadcast (the EIP-712 signature is the authorization, not msg.sender).

Venice AI — Strategy generation, per-agent skill creation, council verdicts, conflict synthesis, and ACE Curator rule proposals, wallet-funded via x402+SIWE. DeepSeek (deepseek-v4-flash) is the server-side default; Venice is used when funded.

What makes this different

Most hackathon DeFi projects demo a single transaction flow. Vibing Farmer runs N agents in parallel, each with its own cryptographic scope, evaluated by an AI council, stress-tested with Monte Carlo, and monitored autonomously after deposit. The security model doesn't rely on trust it's enforced by the contract. Revocation works without the frontend, without the relayer, without the AI. One user signature on-chain.

The system is built so that every component can fail independently without losing funds. Venice down? Fallback. Relayer down? Direct broadcast. Frontend down? Revoke from Etherscan. Agent compromised? Scope limits the blast radius to one vault, one period cap. This isn't theoretical the destructive drills prove it on a live testnet.

Foundation — contracts and wallet integration. Wrote AgentVaultDepositor.sol and MockVault.sol (ERC-4626). Wired MetaMask Flask with EIP-7702 smart account upgrade and ERC-7715 scoped permissions via wallet_requestExecutionPermissions. Got the 1Shot EIP-7710 relayer broadcasting worker-signed deposits on testnet. Batched approve + registry auth into a single user confirmation using EIP-5792 wallet_sendCalls.

AI strategy layer. Integrated Venice AI (deepseek-v4-flash) for multi-vault allocation and per-agent skill generation. Built a provider-agnostic layer with DeepSeek fallback via server proxy and a deterministic local fallback. Added live DeFiLlama data (APY, TVL, 7-day history) and live gas snapshots into the strategy pipeline. Built a concurrent DAG runner so market data, vault data, and gas data fetch in parallel.

Autonomous agent swarm. Built the OrchestratorAgent dispatching N WorkerAgent instances via Promise.allSettled. Each worker runs Swap, Approve, Deposit with its own disposable key. Added a background Web Worker for position monitoring, APY drift detection, and risk alerts. Wired session rehydration so the ERC-7715 grant persists across reloads without re-prompting.

TradingAgents AI Council. Implemented three-specialist (yield, risk, market) independent evaluation of every proposed allocation. Added conflict resolution via a synthesis call when specialists disagree. Built per-role playbook rules that the council cites in its verdicts.

Monte Carlo simulation. Added a seeded PRNG, per-path simulation with turbulence regimes, and a 200-run sweep with probability-weighted expected value. The simulation panel in the strategy review shows P5/median/P95 outcome bands before the user commits.

Autonomous monitor loop. Built a never-stop loop spine with crash recovery: observe, gate, simulate, council, execute (propose-only), reflect. Added fast-fail gates (gas freshness, economic, rate limit) that reject proposals before they reach the council. Wired cycle journals and a decision log with persistent audit trail.

ACE Curator — playbook evolution. Built the rule store (seeds, growth, merge, prune), a lexical trigram merge pass for deduplication, and a deterministic prune pass. The Curator triggers on failed or AI-contested cycles, asks Venice AI for a new rule, and evolves the playbook over time.

AgentRegistry — on-chain scope redesign. Realized pure ERC-7715 wasn't granular enough for per-agent deposit caps. Wrote AgentRegistry.sol with authorizeSessionKey (vault, token, cap-per-period, period duration, expiry) and rollAndSpend for rolling fixed-window cap enforcement. Rewired the entire frontend deposit flow to EIP-712 signatures verified by the depositor against registry scopes. Added revokeAgent / revokeMany as user-signed kill switches.

Security hardening. Implemented per-worker KDF-sealed key lifecycle (libsodium). Added a pre-submit circuit breaker (gas freshness, economic gate, rate limiter). Wrote a threat model doc with max-loss calculations and an honest key lifecycle diagram. Ran destructive drills (stolen key, revoke-after-deposit, no-scope attacks) live on Base Sepolia and recorded the results.

Solo developer. No external funding, no grants, no venture capital. The entire project contracts, frontend, AI integration, test suite, docs was built and shipped by one person.