Investigation Report: Zyfai Rebalancer Agent (8453:1977)
Target: Zyfai Rebalancer Agent for 0x239c3357A7E6B634253e199D18c3203d78e2FeaD Chain: Base (8453) Token ID: 1977 Verdict: 🟡 Yellow (73/100)
Executive Summary
This agent is a per-user instance deployed by the Zyfai platform (built by Ondefy). The underlying technology is real and well-built — ZK-powered yield rebalancing using Circom circuits and Groth16 proofs, with a functional MCP server and SDK. However, as a per-wallet clone, it lacks independent identity and has minimal on-chain footprint.
Registration Data
- Token URI: IPFS-hosted, valid JSON with complete metadata
- Owner: 0xBD35a39A9326b96Be2cab83939CBC4fD006A6079 (1 agent registered)
- Description: ZK-powered rebalancer across Base, Arbitrum, Plasma
- Capabilities: MCP endpoint, web interface
- Image: Present (Zyfai logo)
On-Chain Analysis
- Owner transactions: 6 on Base
- Owner balance: ~0.00005 ETH (near-zero)
- Agent count: 1 agent under this owner
- Assessment: Minimal on-chain activity for the owner wallet
Technical Infrastructure
MCP Server (mcp.zyf.ai)
- Status: Healthy ✅
- Tools: 15 across 5 categories (Protocol, Opportunities Discovery, Analytics & Metrics, User Data, Earnings)
- Protocol: Streamable HTTP (MCP 2024-11-05+)
- Version: 1.0.0
Website (zyf.ai)
- Status: Live ✅
- Description: DeFi yield optimization agent
Documentation (docs.zyf.ai)
- Status: Live ✅
- Content: Smart wallet management, multi-chain support, TypeScript SDK
GitHub (github.com/ondefy)
- Status: Active ✅
- Repos: ERC-8004 implementation with ZK circuits, paymaster contracts, MCP server, SDK
- Tech stack: Circom 2.2.2+, SnarkJS 0.7.5, Groth16, Foundry, Viem
- Notable: Real ZK circuit implementation, Solidity verifier, E2E tests
Social & Web Presence
- GitHub org: Ondefy — multiple repositories with real code
- SDK: @zyfai/sdk on npm (blocked by Cloudflare, but repo exists)
- Team: Appears to be established team behind zkSync paymaster infrastructure
Risk Assessment
Green Flags
- Real ZK implementation with Circom circuits and Groth16 proofs
- Functional MCP server with 15 tools
- Active GitHub organization with multiple repos
- Comprehensive documentation
- Established team (Ondefy) with paymaster experience on zkSync
Yellow Flags
- Per-user agent clone — one of many identical instances
- Minimal individual on-chain activity (6 txns)
- Near-zero wallet balance
- NPM package verification blocked
Scoring Breakdown
| Factor | Score | Max |
|---|---|---|
| Registration quality | 13 | 15 |
| On-chain activity | 10 | 20 |
| Social presence | 11 | 15 |
| Service verification | 18 | 20 |
| Reputation signals | 8 | 15 |
| Red flag absence | 13 | 15 |
| Total | 73 | 100 |
Verdict
🟡 Yellow — Cautious Confidence. The Zyfai platform behind this agent is legitimate with real technology and active development. However, this specific token represents a per-user clone with no independent identity or significant on-chain history. Trust the platform, but understand this agent is one cog in a larger machine.