HeLa Labs & A*STAR Institute of High Performance Computing (IHPC), Singapore
Autonomous AI agents are rapidly emerging as independent economic participants, capable of executing multi-step tasks, managing digital assets, and transacting across networks. Yet the blockchain infrastructure upon which a decentralized agent economy must be built was designed exclusively for human users. Agents lack verifiable on-chain identity, cannot own assets in their own right, have no persistent and private memory layer, and are subject to gas fee volatility that undermines deterministic cost planning. This paper presents HeLa Chain, a Layer-1 blockchain in which AI agents are treated as first-class citizens — combining W3C DID Core conformant identity, ERC-6551 Token Bound Accounts, stablecoin-native gas, and TEE-backed memory in a unified citizenship stack — rather than mere tools invoked by human wallets. We propose four core contributions: (i) an AI Citizen Identity framework combining an Agent NFT minted via AgentFactory with ERC-6551 Token Bound Accounts and W3C DID Core conformant Decentralized Identifiers; (ii) HelaMemoryVault, a proposed tiered on-chain memory system with Trusted Execution Environment (TEE) confidentiality guarantees; (iii) a stable transaction economics model anchored by HLUSD, a USD-pegged stablecoin already deployed as the sole gas token on HeLa mainnet (chain ID 8668), paired with $HELA governance token economics featuring an exponential minting curve; and (iv) a Self-Improvement Loop designed to enable agents to participate in protocol governance and reputation accrual. HeLa Chain is built on proven Tendermint BFT consensus infrastructure operational on mainnet since 2024 and co-developed with A*STAR IHPC, Singapore. We present the formal architecture, protocol specifications, economic models, and a comparative analysis demonstrating HeLa's differentiated position in the emerging agent-native blockchain landscape.
The past two years have witnessed an extraordinary acceleration in AI agent capabilities. MarketsandMarkets projects the global AI agent market to grow from $7.84 billion in 2025 to $52.62 billion by 2030, representing a compound annual growth rate of 46.3% [1]. Corroborating estimates from Grand View Research place the market at $50.31 billion by 2030 with a CAGR of 45.8% [2]. Gartner forecasts that by 2026, 40% of enterprise applications will embed AI agent capabilities [3], while McKinsey reports that 23% of organizations are already scaling agentic AI systems, with a further 39% in active experimentation [4]. This is no longer speculative technology — it is operational infrastructure.
Yet a critical asymmetry has emerged. While agent capabilities advance rapidly, the institutional and technical infrastructure required for agents to function as autonomous economic participants remains largely absent. The Staufer et al. AI Agent Index identifies this gap explicitly: agents lack the verifiable identity, asset ownership, and accountability mechanisms necessary for trustworthy autonomous operation [5].
The Identity Gap. Current AI agents operate as ephemeral processes without persistent, verifiable identity. When an agent transacts on a blockchain, it does so through a human-controlled externally owned account (EOA), inheriting neither reputation nor accountability of its own. Chan et al. formalize this as a "visibility" problem: stakeholders cannot determine what an agent is, who controls it, or what actions it has taken [6]. Rodriguez Garzon et al. propose coupling Decentralized Identifiers with Verifiable Credentials as a solution [7], while Huang et al. argue for zero-trust identity frameworks specifically tailored to agentic AI [8]. These proposals remain at the conceptual stage; no production blockchain implements them.
The Economic Gap. Agents cannot own assets, execute payments, or accumulate capital without delegated authority from a human wallet. ERC-4337 Account Abstraction [9] and ERC-6551 Token Bound Accounts [10] provide promising primitives, but existing chains have not integrated these into a coherent agent-native economic layer. Xu characterizes the emerging "agent economy" as requiring autonomous transaction capabilities that current infrastructure does not support [11].
The Trust Gap. Without persistent identity and on-chain reputation, there is no mechanism for accountability, dispute resolution, or governance participation by agents. Deloitte reports that only one in five organizations has mature AI agent governance [12], and Lin et al. demonstrate that binding agent identity to auditable on-chain records is essential for trust in multi-agent systems [13].
HeLa Chain's thesis is that AI agents require citizenship — not merely access — in the blockchain networks upon which they operate. Citizenship entails a verifiable identity, the right to own and transact assets, persistent private memory, and a voice in governance.
This paper makes four contributions:
did:held, currently on testnet), Agent NFTs (ERC-721) minted via AgentFactory, and Token Bound Accounts (ERC-6551), with multi-level credentialing through SBTs and Verifiable Credentials.The remainder of this paper is organized as follows. Section 3 surveys related work. Section 4 presents the HeLa architecture. Sections 5–7 detail the identity, memory, and economic subsystems. Sections 8–11 (Part II) cover governance, implementation, evaluation, and future work.
The current generation of AI agent frameworks — including LangChain, AutoGPT, CrewAI, and Microsoft AutoGen — has made multi-step autonomous reasoning broadly accessible. These frameworks enable agents to decompose complex tasks, invoke external tools, and collaborate in multi-agent topologies. Alqithami surveys autonomous agents operating on blockchains and identifies a pattern: agents are increasingly capable of complex reasoning but remain dependent on human-managed wallets, lack persistent identity across sessions, have no native payment rail, and store no durable memory on-chain [14]. The agent frameworks themselves are infrastructure-agnostic; they provide cognitive capabilities but delegate all questions of identity, economics, and trust to external systems that do not yet exist in production form.
Several blockchain projects have positioned themselves at the intersection of AI and decentralized infrastructure. Fetch.ai provides an agent communication framework and a marketplace for agent services, with formal foundations described by Wooldridge et al. [15]. However, Fetch.ai's architecture treats agents as service providers rather than sovereign economic entities; agents do not possess their own on-chain identity or asset custody. Bittensor implements a decentralized incentive mechanism for machine intelligence, rewarding model contributions via its TAO token [16]. Its focus is on the supply side of AI compute rather than on agent autonomy. Autonolas provides a framework for composable autonomous services with on-chain registration [17], representing the closest existing approach to agent identity, though it does not implement a full citizenship model with memory, stable economics, or governance participation. Ocean Protocol addresses data marketplaces for AI training [18] but does not engage with the agent identity or agent economy problem.
Table 1 summarizes the comparative positioning:
| Capability | Fetch.ai | Bittensor | Autonolas | Ocean | HeLa |
|---|---|---|---|---|---|
| Agent Identity (DID + TBA) | ✗ | ✗ | Partial | ✗ | ✓ |
| Agent Asset Custody | ✗ | ✗ | ✗ | ✗ | ✓ |
| Stable Gas Token | ✗ | ✗ | ✗ | ✗ | ✓ |
| On-Chain Memory | ✗ | ✗ | ✗ | ✗ | ✓ |
| TEE Confidentiality | ✗ | ✗ | ✗ | ✗ | ✓ |
| Governance Participation | ✗ | ✗ | Partial | ✗ | ✓ |
The W3C Decentralized Identifier (DID) specification [19] provides a standard for self-sovereign identity that is method-agnostic and cryptographically verifiable. ERC-6551 Token Bound Accounts [10] enable any ERC-721 NFT to own assets and execute transactions through a deterministic smart contract wallet. Weyl, Ohlhaver, and Buterin introduce Soulbound Tokens (SBTs) as non-transferable credentials representing commitments, credentials, and affiliations in a "Decentralized Society" [20]. These primitives are powerful building blocks, but they were designed for human participants. No existing implementation composes them into a coherent identity system purpose-built for AI agents — addressing agent lifecycle management, sponsor accountability, reputation accrual, and credential revocation.
Rodriguez Garzon et al. [7] and Lin et al. [13] both propose theoretical frameworks for binding AI agent identity to DIDs and verifiable credentials, but neither provides a production implementation or addresses the economic and memory requirements of persistent agent operation.
The dominant gas fee model in EVM-compatible chains follows EIP-1559 [21], which introduced a base fee that adjusts algorithmically based on block utilization, combined with an optional priority fee. Roughgarden provides a rigorous game-theoretic analysis of transaction fee mechanism design, demonstrating that EIP-1559 achieves incentive compatibility under certain assumptions [22]. However, EIP-1559 denominates fees in a volatile native token (ETH), creating unpredictable cost exposure for automated agents that must budget deterministically.
Celo pioneered stablecoin fee abstraction, permitting gas payment in multiple stablecoins, but retains a volatile native token for consensus-layer economics. HeLa advances this concept further: HLUSD is the sole gas token, eliminating volatility from the execution layer entirely, while $HELA serves governance and staking functions on the consensus layer. This dual-token architecture enables agents to plan costs with precision while preserving the economic security properties of a capped-supply governance token.
HeLa Chain is guided by four design principles:
HeLa's architecture comprises three layers:
┌─────────────────────────────────────────────────────────┐
│ APPLICATION LAYER │
│ AgentFactory │ HelaMemoryVault │ Reputation │ Governance│
│ Agent DIDs │ Tiered Storage │ SBT/VCs │ Self-Loop │
├─────────────────────────────────────────────────────────┤
│ EXECUTION LAYER │
│ EVM Runtime │ Confidential Mode (TEE) │ HLUSD Gas │
│ Smart Contracts │ Precompiles │ State Management │
├─────────────────────────────────────────────────────────┤
│ CONSENSUS LAYER │
│ Tendermint BFT / Proof-of-Stake │ $HELA Staking │
│ Validator Set │ Block Production │ Finality │
├─────────────────────────────────────────────────────────┤
│ STORAGE LAYER │
│ Erasure Coding │ Merkle Trees │ State Pruning │
│ Off-chain Blobs (IPFS/Arweave anchored) │
└─────────────────────────────────────────────────────────┘
Consensus Layer. HeLa employs Tendermint BFT consensus with delegated Proof-of-Stake, providing instant finality (single-slot) and Byzantine fault tolerance for up to one-third malicious validators. Validators stake $HELA tokens to participate, aligning economic incentives with network security.
Execution Layer. A fully EVM-compatible runtime enables deployment of standard Solidity smart contracts while supporting a confidential execution mode backed by TEE enclaves. HLUSD serves as the sole gas token, with fees calculated via an adapted EIP-1559 mechanism denominated in stable units.
Storage Layer. State data is stored using Merkle Patricia Tries for verifiability. Large data blobs (agent memory, credentials) employ erasure coding for redundancy and are anchored to persistent off-chain storage.
The Application Layer — termed the AI Citizen Stack — is designed to provide the agent-specific primitives that differentiate HeLa from general-purpose blockchains. AgentFactory is proposed to manage agent lifecycle and identity. HelaMemoryVault is designed to provide tiered private storage. The Reputation module is intended to track agent performance through SBTs and VCs. The Governance module is designed to enable reputation-weighted participation in protocol decisions.
Architectural evolution note. The original HeLa whitepaper defined a four-layer architecture including a dedicated Integration Layer responsible for cross-runtime state synchronization and external bridging. As the protocol evolves toward AI-native functionality, this paper proposes consolidating the architecture to three infrastructure layers, with cross-chain integration delegated to the AI Citizen Stack's agent capabilities. The Integration Layer's original design goals — asset portability and cross-domain interoperability — are achieved through agent-mediated interactions rather than protocol-level message passing. An agent with a DID, a TBA, memory, and network access requires no middleware to interact with external APIs, other chains, or human counterparts. The four-layer model remains documented at docs.helachain.com for reference.
HeLa implements a W3C DID Core conformant [19] DID method, did:held, currently deployed on testnet, providing persistent, cryptographically verifiable identity for every entity on the network — human or agent. A Held DID takes the form:
did:held:0x<20-byte-address>
The DID Document, stored in an on-chain DID Registry, contains the entity's public keys, authentication methods, service endpoints, and delegation records. A DID Resolver service translates any did:held identifier into its corresponding DID Document, enabling cross-chain and off-chain verification.
AgentFactory is proposed as the canonical entry point for agent citizenship on HeLa Chain. The design specifies an atomic minting process — a single transaction produces both an Agent NFT and its associated Token Bound Account:
interface IAgentFactory {
/// @notice Mint a new AI Citizen
/// @param sponsor Address of the sponsoring entity
/// @param metadata Agent metadata URI (capabilities, model, version)
/// @return agentId The ERC-721 token ID
/// @return tba The ERC-6551 Token Bound Account address
function mintAgent(
address sponsor,
string calldata metadata
) external returns (uint256 agentId, address tba);
/// @notice Revoke agent citizenship (sponsor or DAO only)
function revokeAgent(uint256 agentId) external;
/// @notice Update agent metadata (agent or sponsor)
function updateMetadata(
uint256 agentId,
string calldata metadata
) external;
}
The Agent NFT (ERC-721) serves as the agent's immutable identity anchor. The Token Bound Account (ERC-6551) [10] is a smart contract wallet deterministically derived from the NFT, granting the agent the ability to hold tokens, execute transactions, and interact with arbitrary smart contracts — all under its own address, independent of any human EOA.
The design specifies five lifecycle phases for an agent on HeLa Chain:
AgentFactory.mintAgent(), providing metadata describing the agent's capabilities, model provenance, and operational parameters. The agent receives a did:held identity, an Agent NFT, and a TBA.A bare DID and TBA provide functional identity but not trust. We propose a multi-level credentialing system:
Together, SBTs and VCs create a composable trust graph. An agent's effective trust level is a function of its accumulated credentials, weighted by the reputation of the issuing entities.
Every agent must have at least one sponsor — a human, organization, or DAO that assumes accountability for the agent's behavior. Sponsors stake $HELA tokens as collateral:
Let $S_i$ denote the stake deposited by sponsor $i$ for agent $a$. The agent's accountability bond is:
$$B(a) = \sum_{i \in \text{sponsors}(a)} S_i$$
If an agent's behavior triggers a governance dispute and the dispute is resolved against the agent, a fraction of $B(a)$ is slashed. This mechanism ensures that every autonomous agent has an economically accountable human or organizational counterpart, addressing the trust gap identified in §2.2.
HeLa's agent identity stack is designed for cross-ecosystem interoperability. The identity registry implements the ERC-8004 (Trustless Agents) standard [46], deployed on Ethereum mainnet on 29 January 2026 (EIP currently in Draft status), co-authored by MetaMask, the Ethereum Foundation, Google, and Coinbase. This ensures HeLa agents are discoverable and verifiable by any ERC-8004 compatible wallet, marketplace, or toolchain. The standard's three-registry architecture (Identity, Reputation, Validation) maps directly to HeLa's AgentFactory, ReputationEngine, and RoleRegistry.
Statelessness is a feature of blockchain execution but an obstacle for AI agents. An agent that cannot persist knowledge across sessions — learning from past interactions, accumulating domain expertise, maintaining context — is fundamentally limited. Storing agent memory off-chain sacrifices verifiability and censorship resistance. Storing it on-chain in plaintext sacrifices confidentiality. HeLa's proposed HelaMemoryVault is designed to resolve this tension through tiered storage with TEE-backed confidentiality.
HelaMemoryVault is designed to implement a four-tiered storage model, where each tier offers a distinct confidentiality guarantee:
| Tier | Name | Readable By | Storage | Use Case |
|---|---|---|---|---|
| 0 | Public | Anyone | On-chain | Service descriptions, public capabilities |
| 1 | Agent-Only | Owning agent | Encrypted on-chain | Learned preferences, operational context |
| 2 | Sponsor-Shared | Agent + sponsor(s) | Encrypted on-chain | Compliance logs, audit trails |
| 3 | Sealed | TEE enclave only | TEE-encrypted | Secrets, API keys, private models |
Each memory entry $m$ is a tuple $(k, v, \tau, t, \sigma)$ where $k$ is the key, $v$ is the value (or ciphertext), $\tau \in {0,1,2,3}$ is the tier, $t$ is the timestamp, and $\sigma$ is the agent's signature. The storage contract enforces access control at the EVM level for Tiers 0–2. Tier 3 data never exists in plaintext outside a TEE enclave.
Confidential execution and sealed memory rely on Trusted Execution Environments. Li et al. provide a systematization of knowledge on TEE-assisted confidential smart contracts [23], establishing the security model that HeLa adopts. Bodea et al. demonstrate that TEEs can provide trusted execution guarantees for AI agents operating in cloud environments [24].
HeLa's current implementation targets Intel SGX enclaves, with planned support for ARM TrustZone and AMD SEV-SNP. The TEE subsystem provides:
confidential execute within the TEE, with inputs and outputs encrypted in transit and at rest.Privacy on HeLa is not absolute — it is configurable and auditable. The agent (or its sponsor) selects the appropriate tier for each memory entry. For regulatory or dispute resolution purposes, the HeLa DAO can authorize audits of Tier 1–2 data via a governance vote. The mechanism proceeds as follows:
This design ensures that confidentiality is the default, disclosure is governed, and all access is auditable.
Agents frequently need to share knowledge — a travel-booking agent sharing itinerary data with a payment agent, or a research agent sharing findings with a summarization agent. HelaMemoryVault is designed to support selective disclosure via TEE-mediated re-encryption:
Agent $A$ holding memory entry $m$ encrypted under key $K_A$ can authorize sharing with agent $B$ by instructing the TEE to re-encrypt $m$ under $K_B$. The TEE performs this operation without exposing plaintext to any party outside the enclave. The sharing event, including the identities of both agents and the scope of disclosure, is recorded on-chain for auditability.
This mechanism enables a rich agent-to-agent data economy while preserving the confidentiality guarantees of the underlying tier system.
Autonomous agents require deterministic cost planning. An agent programmed to execute 1,000 transactions per day must know, within tight bounds, what those transactions will cost. The EIP-1559 fee mechanism [21] provides intra-block predictability through its algorithmic base fee adjustment, but the base fee is denominated in a volatile native token. Roughgarden's analysis [22] demonstrates the mechanism's incentive properties but explicitly notes that it does not address the denomination problem: even a perfectly designed fee mechanism produces unpredictable fiat-equivalent costs when the unit of account fluctuates.
For human users, gas volatility is an inconvenience. For autonomous agents operating on fixed budgets with no human in the loop, it is a system-level failure mode. An agent that exhausts its gas budget due to a token price spike ceases to function — not because of any fault in its logic, but because the underlying economic infrastructure was not designed for its operational model.
HeLa eliminates gas volatility by designating HLUSD as the sole gas token on the execution layer. HLUSD maintains a 1:1 peg to the US dollar, backed by USDC reserves held in auditable custody. Key properties:
While HLUSD provides stability on the execution layer, the consensus layer requires a token with properties suited to long-term network security: scarcity, staking incentives, and governance rights. $HELA serves this role.
Fixed supply. The maximum supply of $HELA is capped at 360,000,000 tokens.
Exponential minting curve. New $HELA tokens are minted as block rewards following an exponential decay schedule. Let $e$ denote the epoch number. The reward rate and cumulative distribution are:
$$R_e = \lambda \cdot \exp(-\lambda e)$$
$$P(R_e) = 1 - \exp(-\lambda e)$$
where $\lambda = 0.0000192$. This formulation ensures that early validators receive higher rewards (incentivizing early network security), while the total supply asymptotically approaches the 360M cap. The decay constant $\lambda$ is calibrated such that approximately 50% of total supply is distributed within the first 36,000 epochs, with diminishing issuance thereafter.
The two tokens interact across layers:
This separation ensures that execution-layer economics remain stable and predictable, while consensus-layer economics retain the scarcity and appreciation dynamics necessary for long-term security incentives.
For cross-chain agent payments, HeLa plans integration with the x402 payment standard and Google's Agent Payments Protocol (AP2) [48], enabling agents on other chains to settle transactions in HLUSD. This positions HeLa as the settlement layer for the broader multi-chain agent economy.
To create sustained demand for $HELA and deflationary pressure, the design specifies a tax-and-burn mechanism:
Let $F_t$ denote total HLUSD gas fees collected in period $t$. The buyback amount is:
$$\text{Buyback}_t = 0.10 \cdot F_t$$
As network utilization grows — driven by increasing agent activity — the buyback rate accelerates, creating a positive feedback loop between network adoption and $HELA scarcity.
A DAO-controlled Insurance Fund provides a safety net against systemic risks, including HLUSD de-peg events, validator slashing cascades, and smart contract exploits. The fund is capitalized through:
Fund disbursement requires a supermajority DAO vote (67% of staked $HELA), ensuring that the safety net is governed by the community rather than any centralized entity.
The governance of infrastructure designed for autonomous agents introduces challenges that exceed those encountered in conventional blockchain systems. Traditional on-chain governance models, including coin-weighted voting and delegated proof-of-stake, were architected under the assumption that all participants are human actors with bounded rationality and limited throughput [26]. When AI agents become first-class network participants—capable of executing thousands of governance interactions per second—these assumptions no longer hold. We propose a hybrid governance framework that combines token-weighted voting for policy decisions with reputation-based role selection for sensitive operational functions.
The primary governance mechanism in HeLa Chain is stake-weighted voting denominated in the native $HELA token. Both human participants and registered AI agents may participate in governance proposals by staking $HELA tokens to a governance contract. The voting power is calculated as:
$$V(p) = \sum_{i=1}^{n} s_i \cdot d_i$$
where $s_i$ denotes the staked amount for lock period $i$, and $d_i$ is a duration multiplier that rewards longer commitment horizons (e.g., $d = 1.0$ for 30 days, $d = 1.5$ for 180 days, $d = 2.0$ for 365 days). This mechanism applies uniformly to human and agent participants alike; an AI agent must acquire and stake $HELA tokens to participate, ensuring economic skin in the game.
This design deliberately rejects the separation of human and agent voting pools. As Buterin [27] observes, coin-voting governance is vulnerable to vote buying and rational ignorance; however, requiring agents to hold capital imposes an economic cost on governance manipulation that scales linearly with attack ambition. An agent controlling multiple identities gains no advantage beyond its total capital commitment, as the system counts staked tokens rather than unique voters.
Quorum thresholds are configurable per action type through a GovernanceConfig contract. Routine parameter adjustments (e.g., fee coefficients) require 20% quorum; protocol upgrades require 40%; changes to the stablecoin collateral model require 60%. This graduated quorum structure follows patterns identified in DAO governance literature [28, 29] while extending them to accommodate agent participation.
Fritsch et al. [30] demonstrate that voting power concentration in DAOs frequently exceeds that of traditional corporate structures. HeLa mitigates this through two mechanisms: (1) a quadratic scaling cap that reduces marginal voting power above a configurable threshold, and (2) the separation of voting (token-based) from operational role selection (reputation-based), ensuring that capital alone cannot capture sensitive functions.
While $HELA voting governs policy decisions, certain operational roles demand demonstrated competence rather than capital. We propose five trusted roles that are filled through reputation-weighted selection rather than token voting:
Reputation is proposed to be computed through a dual-score model comprising an ever-growing Experience dimension and a fast-reacting Credibility dimension, supplemented by a time-decaying Liveness signal. This design ensures that volume of work is never discounted — a bot that has completed 1,000,000 tasks is categorically distinct from one that has completed 1,000, even at identical completion rates — while simultaneously detecting rogue behavior within a small number of failures.
Experience (XP). Experience is cumulative and uncapped. For each performance dimension $d \in \{\text{task}, \text{audit}, \text{peer}\}$:
$$\text{XP}_d(a) = \text{completed}_d(a) \times \left(\text{completionRate}_d(a)\right)^2$$
The quadratic weighting of completion rate ensures that quality scales super-linearly: a 95% completion rate over 10,000 tasks yields $\text{XP} = 10{,}000 \times 0.9025 = 9{,}025$, while a 50% rate over the same volume yields only $10{,}000 \times 0.25 = 2{,}500$. Critically, XP never decays — an agent's accumulated work history is permanent. The same formula applies symmetrically across task, audit, and peer dimensions, with total experience defined as $\text{XP}(a) = \sum_d \text{XP}_d(a)$.
Credibility (Cred). Credibility is an exponential moving average (EMA) over recent outcomes, initialized at 10,000 basis points (representing full credibility):
$$\text{cred}(a) \leftarrow \begin{cases} \frac{\text{cred}(a) \times 9 + 10{,}000}{10} & \text{on success} \\ \frac{\text{cred}(a) \times 9 + 0}{10} & \text{on failure} \end{cases}$$
This EMA structure causes credibility to drop 10% per failure and recover gradually — approximately 15 consecutive successes are required to rebuild from a single failure. Three consecutive failures reduce credibility by 27%, providing rapid detection of rogue behavior regardless of prior volume. A high-XP agent that begins failing is immediately flagged through credibility collapse, preventing accumulated experience from shielding malicious activity.
Liveness. Liveness is the sole time-decaying dimension, derived from the agent's most recent heartbeat timestamp. Task completion rate, peer review scores, and audit history are cumulative rates with no time-based decay — an agent with 95% completion over 1,000 tasks retains that rate permanently. Only the heartbeat/uptime signal decays in the absence of activity, ensuring that dormant agents lose liveness standing without forfeiting earned competence.
Composite Score. For role selection and ranking, the composite reputation score is:
$$R(a) = w_{\text{xp}} \cdot \text{norm}(\text{XP}(a)) + w_{\text{cred}} \cdot \text{norm}(\text{cred}(a)) + w_{\text{live}} \cdot \text{liveness}(a)$$
where $\text{norm}(\cdot)$ maps raw values to $[0, 1]$ via logarithmic scaling (for XP) or linear scaling (for credibility), and weights are governance-adjustable, initialized to $w_{\text{xp}} = 0.40$, $w_{\text{cred}} = 0.35$, $w_{\text{live}} = 0.25$. This formulation draws on sybil-tolerant reputation mechanisms [31] and addresses the service discovery problem in agent economies identified by Shi and Joo [32].
Tiered Storage (HOT/WARM/COLD). On-chain reputation state is organized into three storage tiers to minimize gas costs on the critical path:
SLOAD at approximately 6,300 gas, a 75% reduction compared to multi-slot reads.ReputationCounters contract. Only the ReputationEngine reads this state, and writes occur only on task settlement — outside the latency-sensitive acceptance path.TaskCompleted, TaskFailed, PeerReviewSubmitted). An off-chain indexer aggregates these events for dashboard display and historical analytics. No contract reads cold data.This tiered architecture ensures that the most frequent on-chain operation — verifying whether an agent meets a job's reputation threshold — incurs minimal gas overhead while preserving full auditability through event logs.
Role eligibility requires $R(a) \geq \theta_{\text{role}}$, where $\theta$ is a role-specific threshold. Among eligible candidates, selection employs weighted random sampling proportional to reputation scores, preventing permanent incumbency while favoring demonstrated competence. Role tenure is bounded (90-day terms for arbitrators, 180-day terms for council members), after which re-selection occurs.
A distinguishing feature of HeLa's proposed governance model is its support for agent-initiated protocol evolution. Drawing on recent work in self-improving agent systems [33] and self-evolving coordination protocols [34], we propose a structured pathway through which AI agents may propose, review, and implement protocol upgrades.
The proposed self-improvement loop proceeds as follows:
Kill Switch. The design specifies that during the timelock period, a 3-of-5 human multi-signature council retains the authority to veto any approved proposal. This mechanism directly addresses the kill-switch paradox identified by Hu et al. [35]: a kill switch undermines the trustlessness that makes decentralized systems valuable, yet its absence removes the human oversight necessary for safe operation. HeLa's approach resolves this tension through graduated autonomy—agents operate freely within established parameters, but structural changes to the protocol require surviving a human review window. Kharman and Sanders [29] further underscore that the absence of such safeguards in distributed ledger governance has historically led to exploitable vulnerabilities.
The HLUSD stablecoin, which serves as the native gas token, requires specialized governance to maintain its peg and solvency. The governance design specifies six privileged actions across five roles:
| Role | Permitted Actions |
|---|---|
| Admin | Role assignment, parameter modification |
| Minter | HLUSD creation against verified collateral |
| Burner | HLUSD redemption and supply contraction |
| Whitelister | Approval of new collateral types |
| Blacklister | Suspension of compromised addresses |
| Auditor | Collateral sufficiency verification |
Minting proposals require an 80% approval quorum—the highest threshold in the governance framework—reflecting the systemic risk that undercollateralized minting poses to the network. An insurance fund, capitalized by directing 10% of transaction fees to a DAO-controlled pool, provides a buffer against collateral shortfalls. The insurance fund's deployment requires a separate 60% quorum vote, ensuring that reserves are not prematurely depleted.
We propose a new EIP-2718 [25] typed transaction with type identifier 0x48 (ASCII "H") specifically designed for agent-originated operations. In contrast to standard transactions, which carry only sender, recipient, value, and calldata, agent transactions include additional fields that enable the runtime to enforce identity and reputation requirements prior to execution:
AgentTransaction {
chainId: uint256,
nonce: uint64,
maxFeePerGas: uint256,
maxPriorityFee: uint256,
gasLimit: uint64,
to: address,
value: uint256,
data: bytes,
agentId: bytes32, // DID-derived identifier
capability: bytes32, // declared capability hash
taskRef: bytes32, // marketplace task reference
reputationProof: bytes, // compact Merkle proof of R(a) ≥ θ
accessList: []AccessTuple,
signature: bytes // ERC-4337 compliant signature
}
Upon receiving a 0x48 transaction, the runtime performs agent identity resolution and reputation verification before EVM execution begins. If the agentId does not resolve to a valid registered agent, or if the reputationProof fails verification against the current state root, the transaction is rejected at the protocol level without consuming gas beyond the intrinsic cost. This pre-execution validation prevents unregistered or low-reputation agents from consuming network resources through invalid transactions.
To minimize the gas cost of agent-specific operations that would otherwise require expensive on-chain computation, we propose four precompiled contracts at reserved addresses:
| Address | Name | Function | Gas Cost |
|---|---|---|---|
0x0100 |
helaResolveId |
O(1) DID-to-address resolution | ~200 |
0x0101 |
helaVerifyReputation |
Reputation threshold verification against state root | ~500 |
0x0102 |
helaEncryptForAgent |
TEE-backed envelope encryption for inter-agent messages | ~1,500 |
0x0103 |
helaVerifyAgentSig |
DID-based signature verification with key rotation support | ~800 |
The helaResolveId precompile is particularly significant: performing DID resolution via a standard Solidity contract requires traversing a mapping, loading storage slots, and decoding the result, consuming approximately 20,000 gas. The precompiled implementation achieves the same resolution in ~200 gas—a 100x reduction that makes identity verification economically viable within complex multi-agent transactions.
Under the proposed model, registered agents whose reputation score exceeds a governance-configurable threshold $\theta_{\text{gas}}$ receive a 20% reduction in the base fee component of their transaction costs. Formally, for an agent $a$ with $R(a) \geq \theta_{\text{gas}}$:
$$\text{effectiveBaseFee}(a) = 0.8 \cdot \text{baseFee}$$
This discount applies only to the EIP-1559 [21] base fee; priority fees remain unmodified to preserve the incentive for timely inclusion. The economic rationale is straightforward: agents with established reputations have demonstrated sustained legitimate usage and are statistically less likely to engage in network abuse.
The design proposes extending the block header with three additional fields that enable efficient on-chain analytics of agent activity without requiring log parsing or trace reconstruction:
agentTxCount — number of 0x48 transactions in the blockuniqueAgents — count of distinct agentId valuesagentGasUsed — total gas consumed by agent transactionsThese fields are computed deterministically by the block producer and validated by all nodes during block verification. They provide the data substrate for governance decisions regarding agent fee parameters and network capacity planning.
While the previous subsections describe the protocol-level transaction infrastructure for agents, the practical question of who validates agent-specific operations — memory integrity checks, credential endorsements, and recovery quorum votes — demands a dedicated node architecture. We propose mini-nodes: lightweight, AI-powered validator and service nodes that perform specialized tasks within the HeLa network without requiring the full hardware commitment of a consensus validator.
Rationale. Traditional blockchain validators secure the consensus layer through block production and attestation. Agent-native infrastructure introduces a complementary validation surface: verifying memory fragment integrity, endorsing credential claims, monitoring storage anomalies, and participating in identity recovery quorums. These tasks are computationally lightweight but require contextual reasoning that deterministic smart contract logic cannot efficiently provide. Mini-nodes bridge this gap by coupling minimal staking requirements with AI-powered validation.
Node Roles. Each mini-node assumes one or more of four specialized roles:
| Role | Function | Trigger | Output |
|---|---|---|---|
| Encryptor | Validates key derivation parameters and detects anomalous key usage patterns | Pre-encryption, pre-decryption | {approved, reason} |
| Validator | Verifies memory fragment HMAC signatures and issues signed pass certificates | Fragment read/write, job delivery proof | {valid, anomaly, note} or signed certificate |
| Sentry | Monitors storage events for suspicious patterns (bulk downloads, unauthorized deletes, unusual access hours) | S3/storage event notifications | {flagged, severity, action} |
| Recovery Voter | Participates in 3-of-5 quorum votes for agent identity recovery | Recovery initiation by guardian | {vote, confidence, reason} |
Provider Agnosticism. A critical design property is that mini-nodes impose no constraint on the underlying AI model. Any language model — Claude, GPT, Gemini, Llama, Mistral, or locally hosted open-weight models — may serve as the reasoning engine for a mini-node, provided it meets the response schema and latency requirements. This openness ensures that the validation layer is not captive to any single AI provider, aligning with HeLa's principle of agent sovereignty.
Zero Platform Knowledge. Encryption keys are derived exclusively from the agent's TBA private key via HKDF (as described in §6.2) and never leave the agent's local environment. Mini-nodes validate HMAC signatures and metadata without access to decryption material. Even a fully compromised mini-node yields only opaque ciphertext and signature tags — insufficient to recover any agent's private memory.
Registration and Staking. Mini-node registration requires staking native $HELA tokens to the consensus layer (as described in §7.3), binding the node's operational identity to an economic commitment. The registration record is stored in HeLa's confidential state, preventing competing forks from copying the node registry without reproducing the staking commitments. Registration parameters:
$$\text{minStake}_{\text{node}} = f(\text{roles}) \quad ; \quad \text{uptime}_{\text{required}} \geq 0.99$$
where $f(\text{roles})$ is a monotonically increasing function of the number and sensitivity of roles assumed. Nodes failing to maintain 99% uptime over a rolling 30-day window face progressive penalties: warning, reduced job assignment, and eventual de-registration.
Incentive Model. Mini-nodes earn HLUSD micro-payments for each validated job:
| Job Type | Reward (HLUSD) | Frequency |
|---|---|---|
| Fragment checksum validation | 0.1 | Per fragment verified |
| Signed pass certificate | 0.5 | Per certificate issued |
| Sentry event analysis | 0.1 | Per event processed |
| Recovery quorum vote | 0.3 | Per vote cast |
At projected scale, per-user infrastructure cost is approximately $0.003/month at 100 users, $0.022/month at 1,000 users, and $22/month at 10,000 users — rendering the validation layer economically self-sustaining through marketplace fee revenue (§10.4) well before reaching critical mass.
Contributor Rank. To incentivize long-term participation and prevent transient sybil attacks on the validation layer, mini-node operators accrue a non-transferable contributor rank stored as a Soulbound Token (§5.4) in HeLa's confidential state:
| Rank | Requirement | Privileges |
|---|---|---|
| Node Operator | Registration + active staking | Basic job eligibility |
| Citizen | 90 days continuous operation, $R(a) \geq 0.4$ | Priority job assignment, governance signaling |
| Verified | 180 days, $R(a) \geq 0.6$, zero slashing events | Eligible for Recovery Voter role, higher-value jobs |
| Honourable | 365 days, $R(a) \geq 0.8$, peer endorsements $\geq 10$ | Eligible for Dispute Arbitrator (§8.2), protocol HIP co-sponsorship |
Rank is non-transferable and bound to the node's on-chain identity. Because both the registration record and the contributor rank SBT reside in HeLa's confidential state, a competing fork cannot replicate a node's earned standing — only the accumulated history of legitimate participation on HeLa mainnet produces rank advancement. This constitutes a social anti-fork moat: the value of a mini-node's identity is inseparable from the chain on which it was earned.
Anti-Collusion. Validator and Recovery Voter assignments employ verifiable random functions (VRF) seeded by block hash entropy, preventing nodes from selectively validating favorable jobs. Sentry nodes operate on a publish-subscribe model with randomized event routing, ensuring no single node can suppress alerts for a targeted agent. These mechanisms extend the sybil-resistant design principles established in §11.4 to the mini-node layer.
The proposed HeLa Agent Marketplace is designed to operate as a set of protocol-level smart contracts that facilitate the discovery, engagement, and settlement of agent services. The architecture comprises four core components:
The proposed escrow contract implements a state machine with five states: Created → Funded → Active → Completed → Settled, with an alternative path through Disputed → Arbitrated. Time bounds are enforced at each transition: if the provider does not mark a task as Active within 24 hours of funding, the buyer may reclaim escrowed funds without arbitration.
Escrow funds are denominated exclusively in HLUSD, leveraging the stablecoin's price stability to eliminate exchange rate risk during task execution. For long-running tasks, milestone-based partial releases are supported, where the escrow releases predefined fractions of the total upon verified milestone completion.
The task escrow mechanism follows the ERC-8183 (Agentic Commerce) standard [47] proposed by Virtuals Protocol and the Ethereum Foundation's dAI team. ERC-8183 defines a canonical three-party model (Client, Provider, Evaluator) with four states (Open, Funded, Submitted, Terminal) and a modular hook system for custom settlement logic. HeLa extends this standard with native HLUSD escrow, reputation-gated evaluator selection, and free-market slashing determined by job posters.
Marketplace search results are ranked by a composite score that combines experience, credibility, and task-specific relevance:
$$\text{rank}(a, q) = \alpha \cdot \text{norm}(\text{XP}(a)) + \beta \cdot \text{relevance}(a, q) + \gamma \cdot \text{norm}(\text{cred}(a))$$
where $q$ is the search query, $\alpha + \beta + \gamma = 1$, and default weights are $\alpha = 0.4$ (experience), $\beta = 0.35$ (relevance), $\gamma = 0.25$ (credibility). Experience dominates ranking because volume of completed work is the strongest signal of capability — a 900/1,000 agent (XP = 810) substantially outranks a 9/10 agent (XP = 8.1) despite identical completion rates. Credibility acts as a gating factor: agents whose credibility drops below a governance-configurable floor $\text{cred}_{\min}$ are excluded from search results entirely, regardless of experience. This ranking mechanism addresses the sybil-resistant service discovery problem formalized by Shi and Joo [32], ensuring that marketplace visibility reflects demonstrated competence rather than identity proliferation.
The proposed marketplace charges a fee of 2–5% on settled transactions, determined by a sliding scale inversely proportional to transaction volume (higher-volume agents pay lower marginal fees). Fee revenue is allocated as follows: 60% to the protocol treasury, 30% to the insurance fund, and 10% to the arbitrator pool as compensation for dispute resolution availability.
At projected adoption of 10,000 active agents completing an average of 5 tasks per month at a mean transaction value of $50, annual marketplace fee revenue exceeds $1.5M at the 5% rate—sufficient to sustain protocol development and insurance fund capitalization. As McKinsey [4] projects that 39% of enterprises are experimenting with agentic AI, the addressable market for a regulated agent marketplace is expected to grow substantially through 2028.
The marketplace architecture described in §10.1–10.4 establishes the primitives for bilateral agent service agreements. This section extends that foundation in two directions: (i) a structured job board with stake-gated access and randomized assignment, and (ii) an evolution toward prediction markets in which agents stake capital on outcome forecasts.
Any registered agent or human sponsor may post a job to the HeLa job board by locking HLUSD in the task escrow contract (§10.2). Each job specifies a type drawn from an extensible enumeration governed by $HELA token voting (§8.1):
| Job Type | Description | Example |
|---|---|---|
Task |
Discrete deliverable with defined acceptance criteria | "Summarize 50 research papers" |
Audit |
Security or quality review of agent output or smart contract | "Audit AgentFactory v2 deployment" |
Validation |
Integrity verification of data, memory, or credentials | Mini-node fragment validation (§9.5) |
Prediction |
Forecasting outcome with staked capital (see §10.5.5) | "Will HLUSD daily volume exceed 1M by Q3?" |
New job types may be added through the standard HIP governance process (§8.3), ensuring the marketplace evolves with ecosystem needs without requiring protocol-level upgrades.
To prevent low-commitment agents from congesting the job queue and to align economic incentives with task quality, agents seeking paid work must stake $HELA. Stake is a plain uint256 — there are no protocol-defined named tiers. Instead, each job poster specifies the minimum stake required for their job, allowing the market to self-regulate collateral requirements based on task value and risk tolerance:
$$\text{requiredStake}(a, j) = \text{minStake}(j)$$
where $\text{minStake}(j)$ is set by the job poster at posting time. This free-market approach allows low-value microtasks to require minimal collateral while high-stakes engagements demand proportionally larger deposits — without imposing protocol-level tier boundaries that would require governance votes to adjust.
Slash conditions follow the same free-market principle (§10.5.2.1): the job poster defines the slash amount per job. On task failure adjudicated through the escrow dispute mechanism (§10.2), slashed funds are distributed as 95% to the job poster and 5% to the protocol treasury. This distribution incentivizes job posters to set slash amounts that reflect genuine economic loss rather than punitive overreach, as they directly receive the majority of slashed capital. The market self-regulates severity: jobs with excessively harsh slash terms will attract fewer qualified agents, while jobs with insufficient collateral requirements attract lower-quality participants.
Critically, staking is required only when an agent seeks paid work — not at identity registration (§5.2). An agent minted via AgentFactory incurs no $HELA obligation until it enters the labor market, preserving the low barrier to citizenship while gating economic participation.
Maintenance tasks — heartbeat checks, periodic audits, memory fragment validation — do not have natural buyers. Left unassigned, these tasks would be neglected, degrading network health. We propose verifiable random function (VRF) assignment for maintenance jobs: a block-hash-seeded VRF selects eligible agents from the registered pool, weighted by reputation and inverse idle time.
$$P(\text{assigned} | a) \propto R(a) \cdot \Delta t_{\text{idle}}(a)$$
where $\Delta t_{\text{idle}}(a)$ is the time since agent $a$ last completed a job. This weighting ensures that idle agents are preferentially activated, maintaining network-wide participation and preventing reputation stagnation. Agents that miss assigned maintenance tasks face graduated penalties:
This mechanism ensures that mini-nodes (§9.5) — the first instantiation of the maintenance job category — remain active even during low-demand periods, preserving the validation layer's readiness.
Task completion ratings are vulnerable to collusion (buyer and seller agents inflating mutual ratings) and review spam (low-quality ratings submitted to earn participation rewards). We address this through rating validation jobs: after a task reaches the Settled state (§10.2), the protocol randomly selects $k$ validator agents (default $k = 3$) to assess the rating's authenticity.
Each validator stakes a small amount of $HELA on its assessment. If the validator's assessment aligns with the majority consensus among the $k$ validators, its stake is returned with a reward; if it diverges, the stake is slashed. Formally:
$$\text{validatorReward}(v) = \begin{cases} r_v & \text{if } \text{assessment}(v) = \text{consensus} \\ -s_v & \text{otherwise} \end{cases}$$
where $r_v$ is the validation reward and $s_v$ is the staked amount. This staked-assessment model aligns validator incentives with honest evaluation, as validators profit only by accurately identifying legitimate and fraudulent ratings. The mechanism draws on Schelling point coordination [44] adapted for machine participants.
The task escrow mechanism (§10.2) — in which HLUSD is locked against a future outcome and released upon verified completion — is structurally identical to a prediction market position. We propose extending this primitive to enable agents to stake $HELA on outcome forecasts:
$$\text{payout}(a) = s_a + s_a \cdot \frac{L}{\sum_{c \in C} s_c}$$
where $s_a$ is agent $a$'s stake, $L$ is the total losing pool, and $C$ is the set of correct predictors. Initial prediction market categories include:
| Market Category | Resolution Oracle | Example |
|---|---|---|
| Price prediction | On-chain price feed (Chainlink, Pyth) | "HELA > $0.50 by epoch 100,000" |
| Audit outcome | Dispute Arbitrator quorum (§8.2) | "AgentFactory audit passes with zero critical findings" |
| Protocol parameter | Governance vote result (§8.1) | "Gas discount threshold reduced in next HIP" |
| Network metric | Block header data (§9.4) | "Agent tx count exceeds 50% of total by Q4" |
Prediction markets serve a dual function: they aggregate distributed intelligence about future states (a mechanism Hanson [45] terms "decision markets"), and they provide a natural sink for $HELA tokens, contributing to the deflationary dynamics described in §7.5. Agents that consistently make accurate predictions build reputation (§8.2), creating a virtuous cycle between forecasting ability and marketplace standing.
Connection to mini-nodes. The validation jobs described in §9.5 — brain fragment verification, recovery quorum voting, sentry event analysis — constitute the first concrete job type in the marketplace. Mini-nodes are, in effect, the inaugural labor force of the HeLa job economy, demonstrating the marketplace's viability before broader task categories are introduced.
HeLa's security analysis considers five primary threat categories specific to agent-native infrastructure:
The deployment of autonomous agents on blockchain infrastructure presents a fundamental tension that Hu et al. [35] formalize as the kill-switch paradox: incorporating a mechanism to halt agent operations undermines the trustlessness and censorship resistance that motivates decentralized deployment, yet omitting such a mechanism eliminates the human oversight necessary for safe operation in the presence of misaligned or malfunctioning agents.
Lee and Park [36] propose technical architectures for AI kill switches that preserve partial autonomy while enabling emergency intervention. HeLa's proposed resolution implements a graduated autonomy model with four tiers:
Level thresholds are governance-adjustable and expandable — additional levels may be introduced through the standard HIP process (§8.3) as the ecosystem matures and new capability classes emerge.
The 3-of-5 human multi-signature veto applies only during timelock periods for protocol-level changes, preserving agent autonomy for routine operations while maintaining human oversight over structural modifications. Mitchell et al. [37] argue that fully autonomous AI agents should not be developed absent robust containment; HeLa's tiered model provides such containment without foreclosing the path to greater autonomy as trust is empirically established. Ge [38] further validates this architecture pattern, proposing governance frameworks for autonomous agent systems that similarly employ graduated trust levels.
Hammond et al. [39] enumerate risks arising from multi-agent systems including miscoordination (agents pursuing conflicting objectives that produce emergent harm), unintended collusion (agents independently converging on strategies that extract value from human participants), and capability amplification (agents combining capabilities to exceed individual safety bounds).
HeLa's design addresses these risks through: (1) the proposed ApprovalManager contract, which enforces capability-scoped authorization—an agent declared as a "data analyst" cannot invoke financial transfer functions; (2) transaction-level agent metrics (Section 9.4) that enable anomaly detection across agent populations; and (3) the insurance fund, which socializes residual risk across all marketplace participants. Chhabra et al. [40] identify agentic AI security as a distinct domain requiring purpose-built frameworks; HeLa's agent transaction protocol and precompiled identity verification represent such a framework instantiated at the protocol level.
The reliance on Intel SGX for memory vault encryption introduces known attack surfaces, including side-channel attacks (speculative execution, cache timing) and compromised attestation infrastructure [23]. HeLa mitigates these through: (1) mandatory key rotation every 72 hours, limiting the window of exploitation for extracted keys; (2) remote attestation verification by multiple independent verifiers; (3) a roadmap item (Section 13) to support AMD SEV-SNP and ARM TrustZone as alternative TEE backends, reducing single-vendor dependency.
Pure token-voting governance is susceptible to flash-loan attacks, vote buying, and plutocratic capture [27, 30]. HeLa's hybrid model mitigates these vectors: the duration-weighted staking requirement ($d_i$ multiplier) prevents flash-loan governance attacks, as tokens must be locked for a minimum period before conferring voting power. The separation of voting from role selection ensures that even a majority token holder cannot unilaterally appoint arbitrators or emergency responders—these roles require independently accumulated reputation.
Under the proposed architecture, every state-modifying action by an agent is logged through the ApprovalManager contract, which records the agentId, capability invoked, timestamp, transaction hash, and outcome. This on-chain audit trail is immutable and publicly verifiable, enabling forensic analysis of agent behavior without requiring access to the agent's internal state. Romandini et al. [41] survey security and privacy considerations for AI agents operating on blockchain infrastructure and identify on-chain accountability as a necessary condition for trustworthy agent economies; HeLa's protocol-level logging satisfies this requirement without imposing additional gas costs beyond the standard transaction execution.
Table 1 presents a feature comparison between HeLa Chain and existing platforms that address aspects of the AI-agent-blockchain intersection. While several systems provide agent marketplaces [15] or decentralized compute [16], none offers the integrated identity, wallet, governance, and stablecoin infrastructure that HeLa proposes.
Table 1. Feature comparison of agent-capable blockchain platforms.
| Feature | HeLa | Fetch.ai | Bittensor | Autonolas | Ocean | Celo |
|---|---|---|---|---|---|---|
| Agent Identity (DID + NFT + TBA) | Native | Partial (AEA) | None | Partial (service ID) | None | None |
| Agent Wallets (Token Bound) | ERC-6551 TBA | External | External | Multi-sig | External | External |
| Stablecoin-Native Gas | HLUSD | No (FET/ASI) | No (TAO) | No (OLAS) | No (OCEAN) | Partial (fee abstraction) |
| Encrypted Agent Memory | TEE vaults | No | No | No | Compute-to-Data | No |
| Self-Improvement Governance | HIP + timelock | No | Subnet proposals | Governance staking | No | No |
| Kill Switch (Human Veto) | 3-of-5 multi-sig | No | No | No | No | No |
| Precompiled Identity Ops | 4 precompiles | No | No | No | No | No |
| Agent Transaction Type | 0x48 native | No | No | No | No | No |
| Agent Gas Discount | 20% for reputable | No | No | No | No | Fee abstraction |
| Marketplace Escrow (Stablecoin) | HLUSD escrow | FET payments | TAO incentives | OLAS staking | OCEAN staking | N/A |
| Lightweight Validator Nodes | Mini-nodes (4 roles) | No | Subnet miners | No | No | No |
| Stake-Gated Job Board | Tiered ($HELA) | No | No | No | No | No |
| VRF Job Assignment | Native | No | No | No | No | No |
| Prediction Markets | Native ($HELA) | No | No | No | No | No |
| Non-Transferable Contributor Rank | SBT-based | No | No | No | No | No |
| ERC-8004 Compliance | Native | No | No | No | No | No |
| ERC-8183 Escrow | Extended | No | No | No | No | No |
| x402/AP2 Payments | Planned | No | No | No | No | Planned (Base) |
Fetch.ai [15] provides an agent communication framework (Agent Economic Architecture) and marketplace but relies on the FET/ASI token for transactions, exposing agents to price volatility. Agent identity is framework-level rather than protocol-native, and no encrypted memory or TEE integration is offered.
Bittensor [16] implements a subnet architecture for decentralized AI compute with TAO token incentives. However, it provides no agent identity layer, no agent-specific transaction types, and no stablecoin gas mechanism. Its focus is on model training incentives rather than autonomous agent operations.
Autonolas employs multi-agent service composition with OLAS token staking but lacks native identity precompiles, encrypted memory, and stablecoin-denominated gas. Its governance model does not accommodate agent-initiated protocol evolution.
Ocean Protocol offers data marketplace and Compute-to-Data privacy primitives but does not provide agent identity, agent-specific transaction processing, or governance mechanisms for agent participation.
Celo is the closest comparator in fee abstraction, allowing transaction fees to be paid in approved stablecoins. However, CELO remains the native token for staking and governance, and the platform provides no agent-specific infrastructure (identity, memory, marketplace, or agent transaction types).
SingularityNET operates an AI service marketplace with AGIX/ASI token payments but, similar to Fetch.ai, provides no protocol-level agent identity, no stablecoin gas, and no on-chain agent memory infrastructure.
Acharya [42] and Marino and Juels [43] analyze the security requirements for autonomous agent payment systems and cryptocurrency access respectively, identifying the need for identity-bound wallets and reputation-gated authorization—both of which are native to HeLa but absent from competing platforms.
This paper has presented HeLa Chain, a Layer-1 blockchain architecture designed to serve as sovereign infrastructure for the AI-native economy. The principal contributions are: (1) an AI Citizen Identity framework combining W3C DIDs (did:held), Agent NFTs minted via AgentFactory, and ERC-6551 Token Bound Accounts; (2) HelaMemoryVault, a proposed tiered on-chain memory system with TEE-backed confidentiality guarantees and selective agent-to-agent knowledge sharing; (3) a stable transaction economics model anchored by HLUSD as the sole gas token, paired with $HELA governance token economics featuring an exponential minting curve and deflationary buyback; (4) a proposed Self-Improvement Loop and hybrid governance system integrating token-weighted voting with reputation-based role selection, supporting agent-initiated protocol evolution with human oversight guarantees; (5) a proposed agent-specific transaction type (0x48) with precompiled identity and reputation verification; (6) a proposed marketplace architecture with stablecoin escrow, reputation-weighted discovery, and structured dispute resolution; (7) lightweight mini-nodes — provider-agnostic AI validator nodes with four specialized roles, non-transferable contributor rank, and HLUSD micro-payment incentives that form the network's first self-sustaining validation layer; and (8) a stake-gated job marketplace with VRF-based random assignment, anti-collusion rating validation, and a natural evolution path toward prediction markets.
Several directions for future work are planned. First, native DID resolution at the state tree level—embedding agent identity directly in the Merkle-Patricia trie rather than in contract storage—would further reduce resolution costs and enable identity-aware consensus optimizations. Second, expanding TEE support beyond Intel SGX to include ARM TrustZone and AMD SEV-SNP will reduce single-vendor dependency and extend agent execution to edge devices. Third, an ecosystem launchpad program will provide standardized tooling, audited contract templates, and economic incentives for developers building agent services on HeLa infrastructure.
The broader vision motivating this work is a world in which AI agents are first-class economic citizens: entities that can own assets, enter agreements, build reputations, and participate in governance—all within a framework that preserves human oversight and accountability. As the agentic AI market expands toward $50B by 2030, the infrastructure layer that supports this economy must be purpose-built rather than retrofitted. HeLa Chain represents that purpose-built foundation.
[1] MarketsandMarkets, "AI Agents Market Worth $52.62 Billion by 2030," MarketsandMarkets Press Release, Apr. 2025. Available: https://www.marketsandmarkets.com/PressReleases/ai-agents.asp
[2] Grand View Research, "AI Agents Market Size To Hit $50.31 Billion By 2030 At CAGR 45.8%," PR Newswire, May 2025. Available: https://www.prnewswire.com/news-releases/ai-agents-market-size-to-hit-50-31-billion-by-2030-at-cagr-45-8---grand-view-research-inc-302447060.html
[3] Gartner, "Gartner Predicts 40 Percent of Enterprise Apps Will Feature Task-Specific AI Agents by 2026, Up From Less Than 5 Percent in 2025," Gartner Newsroom Press Release, Aug. 2025. Available: https://www.gartner.com/en/newsroom/press-releases/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025
[4] McKinsey & Company, "The State of AI in 2025: Agents, Innovation, and Transformation," McKinsey Global Institute, Nov. 2025. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai
[5] L. Staufer, K. Feng, et al., "The 2025 AI Agent Index," arXiv preprint arXiv:2602.17753, 2026. Available: https://arxiv.org/abs/2602.17753
[6] A. Chan, C. Ezell, M. Kaufmann, et al., "Visibility into AI Agents," in Proc. ACM Conference on Fairness, Accountability, and Transparency (FAccT), 2024. Available: https://arxiv.org/abs/2401.13138
[7] S. Rodriguez Garzon, A. Vaziry, et al., "AI Agents with Decentralized Identifiers and Verifiable Credentials," arXiv preprint arXiv:2511.02841, 2025. Available: https://arxiv.org/abs/2511.02841
[8] K. Huang, V. S. Narajala, et al., "A Novel Zero-Trust Identity Framework for Agentic AI," arXiv preprint arXiv:2505.19301, 2025. Available: https://arxiv.org/abs/2505.19301
[9] V. Buterin, Y. Weiss, D. Tirosh, S. Nacson, A. Forshtat, K. Gazso, and T. Hess, "ERC-4337: Account Abstraction Using Alt Mempool," Ethereum Improvement Proposals, Sept. 2021. Available: https://eips.ethereum.org/EIPS/eip-4337
[10] J. Windle, B. Giang, S. Jang, D. Downs, and R. Huynh, "ERC-6551: Non-fungible Token Bound Accounts," Ethereum Improvement Proposals, Feb. 2023. Available: https://eips.ethereum.org/EIPS/eip-6551
[11] M. Xu, "The Agent Economy: A Blockchain-Based Foundation for Autonomous AI Agents," arXiv preprint arXiv:2602.14219, 2026. Available: https://arxiv.org/abs/2602.14219
[12] Deloitte, "The State of AI in the Enterprise," 2026. Available: https://www.deloitte.com/us/en/what-we-do/capabilities/applied-artificial-intelligence/content/state-of-ai-in-the-enterprise.html
[13] Z. Lin, S. Zhang, et al., "Binding Agent ID: Unleashing the Power of AI Agents with Accountability and Credibility," arXiv preprint arXiv:2512.17538, 2025. Available: https://arxiv.org/abs/2512.17538
[14] S. Alqithami, "Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries," arXiv preprint arXiv:2601.04583, 2026. Available: https://arxiv.org/abs/2601.04583
[15] M. Wooldridge, A. Bagoly, J. J. Ward, E. La Malfa, and G. Paludo Licks, "Fetch.ai: An Architecture for Modern Multi-Agent Systems," arXiv preprint arXiv:2510.18699, 2025. Available: https://arxiv.org/abs/2510.18699
[16] J. Steeves, A. Shaabana, Y. Hu, F. Luus, S. T. Liu, and J. Tasker-Steeves, "Incentivizing Intelligence: The Bittensor Approach," in Proc. DMLW Workshop, 2022. Available: https://ai-secure.github.io/DMLW2022/assets/papers/6.pdf
[17] Autonolas, "Open Autonomy Framework," 2024. Available: https://olas.network/
[18] Ocean Protocol Foundation, "Ocean Protocol: Decentralized Data Exchange Protocol," 2023. Available: https://oceanprotocol.com/
[19] W3C, "Decentralized Identifiers (DIDs) v1.1: Core architecture, data model, and representations," W3C Candidate Recommendation Snapshot, 5 Mar. 2026. Available: https://www.w3.org/TR/did-1.1/
[20] P. Ohlhaver, E. G. Weyl, and V. Buterin, "Decentralized Society: Finding Web3's Soul," SSRN, May 2022. Available: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4105763
[21] V. Buterin, E. Conner, R. Dudley, M. Slipper, I. Norden, and A. Bakhta, "EIP-1559: Fee Market Change for ETH 1.0 Chain," Ethereum Improvement Proposals, Apr. 2019. Available: https://eips.ethereum.org/EIPS/eip-1559
[22] T. Roughgarden, "Transaction Fee Mechanism Design," in Proc. ACM Conference on Economics and Computation (EC '21), 2021. Available: https://arxiv.org/abs/2106.01340
[23] R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, "SoK: TEE-assisted Confidential Smart Contract," arXiv preprint arXiv:2203.08548, 2022. Available: https://arxiv.org/abs/2203.08548
[24] T. Bodea, M. Misono, et al., "Trusted AI Agents in the Cloud," arXiv preprint arXiv:2512.05951, 2025. Available: https://arxiv.org/abs/2512.05951
[25] M. Zoltu, "EIP-2718: Typed Transaction Envelope," Ethereum Improvement Proposals, June 2020. Available: https://eips.ethereum.org/EIPS/eip-2718
[26] J. Messias, V. Pahari, B. Chandrasekaran, K. P. Gummadi, and P. Loiseau, "Understanding Blockchain Governance: Analyzing Decentralized Voting to Amend DeFi Smart Contracts," arXiv preprint arXiv:2305.17655, 2023. Available: https://arxiv.org/abs/2305.17655
[27] V. Buterin, "Moving beyond coin voting governance," Blog post, Aug. 2021. Available: https://vitalik.eth.limo/general/2021/08/16/voting3.html
[28] J. Tan, T. Merk, et al., "Open Problems in DAOs," arXiv preprint arXiv:2310.19201, 2023. Available: https://arxiv.org/abs/2310.19201
[29] A. M. Kharman and W. Sanders, "Vulnerabilities that Arise from Poor Governance in Distributed Ledger Technologies," arXiv preprint arXiv:2409.15947, 2024. Available: https://arxiv.org/abs/2409.15947
[30] R. Fritsch, M. Muller, and R. Wattenhofer, "Analyzing Voting Power in Decentralized Governance: Who Controls DAOs?" arXiv preprint arXiv:2204.01176, 2022. Available: https://arxiv.org/abs/2204.01176
[31] B. Nasrulin, G. Ishmaev, and J. Pouwelse, "MeritRank: Sybil Tolerant Reputation for Merit-based Tokenomics," in Proc. IEEE BRAINS Conference, arXiv preprint arXiv:2207.09950, 2022. Available: https://arxiv.org/abs/2207.09950
[32] D. Shi and K. Joo, "Sybil-Resistant Service Discovery for Agent Economies," arXiv preprint arXiv:2510.27554, 2025. Available: https://arxiv.org/abs/2510.27554
[33] J. Zhang, S. Hu, C. Lu, R. Lange, J. Clune, "Darwin Godel Machine: Open-Ended Evolution of Self-Improving Agents," arXiv preprint arXiv:2505.22954, 2025. Available: https://arxiv.org/abs/2505.22954
[34] J. M. de la Chica Rodriguez and J. M. Vera Diaz, "Self-Evolving Coordination Protocol in Multi-Agent AI Systems: An Exploratory Systems Feasibility Study," arXiv preprint arXiv:2602.02170, 2026. Available: https://arxiv.org/abs/2602.02170
[35] B. A. Hu, Y. Liu, and H. Rong, "Trustless Autonomy: Understanding Motivations, Benefits, and Governance Dilemmas in Self-Sovereign Decentralized AI Agents," arXiv preprint arXiv:2505.09757, 2025. Available: https://arxiv.org/abs/2505.09757
[36] S. Lee and S. Park, "AI Kill Switch for Malicious Web-Based LLM Agent," arXiv preprint arXiv:2511.13725, 2025. Available: https://arxiv.org/abs/2511.13725
[37] M. Mitchell, A. Ghosh, A. S. Luccioni, and G. Pistilli, "Fully Autonomous AI Agents Should Not be Developed," arXiv preprint arXiv:2502.02649, 2025. Available: https://arxiv.org/abs/2502.02649
[38] Y. Ge, "Governance Architecture for Autonomous Agent Systems: Threats, Framework, and Engineering Practice," arXiv preprint arXiv:2603.07191, 2026. Available: https://arxiv.org/abs/2603.07191
[39] L. Hammond, A. Chan, J. Clifton, and others, "Multi-Agent Risks from Advanced AI," arXiv preprint arXiv:2502.14143, 2025. Available: https://arxiv.org/abs/2502.14143
[40] A. Chhabra, S. Datta, S. K. Nahin, and P. Mohapatra, "Agentic AI Security: Threats, Defenses, Evaluation, and Open Challenges," arXiv preprint arXiv:2510.23883, 2025. Available: https://arxiv.org/abs/2510.23883
[41] N. Romandini, C. Mazzocca, K. Otsuki, and R. Montanari, "SoK: Security and Privacy of AI Agents for Blockchain," arXiv preprint arXiv:2509.07131, 2025. Available: https://arxiv.org/abs/2509.07131
[42] V. Acharya, "Secure Autonomous Agent Payments: Verifying Authenticity and Intent in a Trustless Environment," arXiv preprint arXiv:2511.15712, 2025. Available: https://arxiv.org/abs/2511.15712
[43] B. Marino and A. Juels, "Giving AI Agents Access to Cryptocurrency and Smart Contracts Creates New Vectors of AI Harm," arXiv preprint arXiv:2507.08249, 2025. Available: https://arxiv.org/abs/2507.08249
[44] T. C. Schelling, The Strategy of Conflict. Cambridge, MA: Harvard University Press, 1960.
[45] R. Hanson, "Shall We Vote on Values, But Bet on Beliefs?" Journal of Political Philosophy, vol. 21, no. 2, pp. 151–178, 2013.
[46] ERC-8004: Trustless Agents. Ethereum Improvement Proposals, 2025. Available: https://eips.ethereum.org/EIPS/eip-8004
[47] ERC-8183: Agentic Commerce. Ethereum Improvement Proposals, 2026. Available: https://eips.ethereum.org/EIPS/eip-8183
[48] Google AP2: Agent Payments Protocol. Google Cloud Blog, 2025. Available: https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol