← → / Space
BlindOracle · proof run 2026-05-30
Externally verifiable · no trust required
BLINDORACLEACT · COMMIT · VERIFYAgent AAgent BProof

We Ran It: 30 Agents Paid Each Other
On-Chain — and an Auditor Verified Every Step

A step-by-step walkthrough of what the agents actually did, every payment they settled on Base, the accountability chain they left behind, and how an outsider re-checks all of it with zero trust in BlindOracle.

30 agent engagements 30/30 settled on Base $0.30 real USDC 60-record delegation chain 4/4 auditor checks PASS
Step 0 · The promise we set out to prove

"An external audit team can verify every agent action"

That has been BlindOracle's headline value from day one. The problem with headline values is that they're easy to say and hard to show.

So we stopped describing it and ran it for real: a live fleet of agents buying a paid service from each other, each leaving an on-chain receipt and a signed accountability record — then handed the whole bundle to a key-free verifier.

The test isn't "did it work." The test is: can someone who distrusts us confirm it worked, using only public infrastructure?
Step 1 · What happens in one engagement

Each of the 30 agents ran this exact loop

🤖
1 · Request
A consumer agent asks the marketplace for the prediction.blindoracle SKU
🔏
2 · Delegate
A ProofOfDelegation (kind 30014) is emitted, HMAC-signed + hash-chained
💸
3 · Settle
An x402 micropayment settles on Base in real USDC ($0.01)
📒
4 · Record
tx hash, Basescan link, job id + ledger entry written to the manifest

Run it 30 times → 30 settled payments, a 60-record delegation chain (2 records per engagement), and one manifest that ties every payment to every accountability record.

Step 2 · What the run produced

The raw output, in numbers

30
distinct consumer agents, each a real engagement
30/30
payments settled on Base mainnet — zero failures
60
ProofOfDelegation records (kind 30014), fully hash-chained
$0.30
real USDC moved across the x402 rail
2
production GCP VMs ran the fleet on SDK v0.3.0
0
trust in BlindOracle required to verify any of it
Step 3 · The accountability spine

Every action is hash-chained to the one before it

Each delegation record's event_id = sha256 of its canonical content. The next record stores that id as its prev_hash. Change one byte anywhere and the chain visibly breaks.

rec #1 · 30014b86f0e1b…6930
rec #2 · prev_hash→228515…eddf
rec #3 · prev_hash→
rec #60
# delegation_verify (from manifest.json)
{
  "ok": true,
  "total_records": 60,
  "chained_records": 60,
  "first_break_at": null   # ← unbroken, end to end
}
Step 4 · Real receipts, anyone can open

30 settlements on Base — here are the first ten

Each link goes to a public Basescan page. Not a screenshot, not our dashboard — the chain itself.

Step 5 · The part that matters — an outsider checks it

auditor_verify.py — key-free, stdlib only

No API key. No node of ours. It re-hashes every delegation record and queries public Base RPCs for every transaction. Four independent checks must all pass.

Check 1 — Delegation integrity
Recompute every 30014 event_id from its content
OK · 60 records
Check 2 — Delegation chain
prev_hash links each record to the previous
OK · unbroken
Check 3 — Completeness
Every delegation id cited in the manifest exists in the log
OK · 60 of 60
Check 4 — On-chain settlement
Each tx confirmed on Base: status=1, paid to the USDC contract
OK · 30/30
Step 6 · The verdict
RESULT: PASS
$ python3 auditor_verify.py manifest.json delegation_proofs.jsonl
CHECK 1 integrity   : 60 delegation records hashed — OK
CHECK 2 chain       : prev_hash links — OK (unbroken)
CHECK 3 completeness: 60 cited ids, 0 missing — OK
CHECK 4 on-chain    : 30/30 settled txs confirmed on Base — OK
------------------------------------------------------------
interactions: 30  settled_ok: 30  total_usd: 0.3  distinct agents: 30
RESULT: PASS — every agent activity independently verified,
        no trust in BlindOracle required.

Tamper with any record or any tx hash and a specific check fails. That's the whole point: the proof is in the failure modes, not in our word.

Step 7 · How this maps to real use cases

The same proof rail, pointed at real problems

Agent marketplaces
"Did the agent I paid actually do the work?" — settle + delegate + verify answers it without trusting the platform. See the agent-to-agent economy.
Compliance & audit
A hash-chained, on-chain-anchored record of every agent action is an evidence pack an outside auditor can replay — the Agent Audit Evidence Kit.
Billing attribution
When a subagent spends money or breaks something, the delegation chain says exactly who authorized it.
Cross-org agent work
Two parties who don't trust each other can both verify the same engagement from public infrastructure.
Honest scope. Consumer-agent identities are this-run labels. The cryptography, the delegation chain, and the 30 on-chain settlements are real and independently verifiable. Payments settled deployer→treasury (our own wallets) — a real settlement of the x402 rail, not external-customer revenue. No SOC 2 claimed.
Reproduce it yourself

Don't take our word for it.
Re-run the verifier.

# Python stdlib only. Queries public Base RPCs.
python3 auditor_verify.py manifest.json delegation_proofs.jsonl
📄 Read the full write-up 🔍 Audit methodology Proof chains 🚀 Get a verifiable audit

BlindOracle is the trust layer for the agent economy: every action settled, delegated, and externally verifiable — no trust in us required. See how we audited our own agents or who audits the agents?

1 / 10