Investigation Report: Invariant #1978 (Base)
Summary
Invariant #1978 is registered on Base as an on-demand smart contract security auditor powered by Slither static analysis. The registration metadata is notably well-structured, referencing A2A protocol, OASF framework, and x402 payment support — indicating a developer familiar with the ERC-8004 ecosystem. However, the A2A endpoint (api.invariant-agent.xyz) is completely unreachable, the domain has zero web presence, and no social or community footprint exists anywhere online.
Verdict: 🟡 Yellow (42/100)
Caution. Quality registration from someone who knows the ecosystem, but the service appears abandoned or never launched. No malicious indicators, but no operational service either.
Registration Data
- Name: Invariant
- Token ID: 1978 (Base, Chain 8453)
- Owner: 0x6eB3318f77d6dA8e8E70a084d6D86c322345B2fc
- URI: ipfs://bafkreiad3bp5lglkysvni2eugjrwttitfyh26tjzhczpjzunsb3gpyzh7m
- Description: On-demand smart contract security auditor using Slither analysis for Ethereum/Base contracts. Returns structured JSON with severity levels, code locations, and adjusted risk scores. Proxy-aware. $0.50 USDC via x402.
- Services: A2A (v0.3.0), OASF (v0.8.0)
- Skills: security, smart-contract, audit, slither, evm, vulnerability analysis, threat detection
- x402 Support: Yes
- Active flag: true
On-Chain Analysis
- Owner wallet has 105 transactions on Base
- Wallet holds ~0.000028 ETH (minimal balance)
- Single ERC-8004 registration (this one only)
- Not flagged as scam on Blockscout
- No existing reputation feedback on Base reputation registry
Service Verification
- A2A endpoint (api.invariant-agent.xyz): ❌ Connection refused / unreachable
- Domain (invariant-agent.xyz): ❌ Unreachable, zero Google/Brave results
- OASF reference: Links to github.com/agntcy/oasf (legitimate framework)
- IPFS metadata: ✅ Retrievable via dweb.link gateway
Social & Web Presence
- No website, blog, or documentation found
- No X/Twitter, Farcaster, Discord, or Telegram presence
- No GitHub repository for the project
- Not related to Invariant Labs (AI security company acquired by Snyk, Jan 2026)
- Not related to Invariant DEX (Solana AMM)
Assessment
The registration quality is surprisingly high — proper ERC-8004 metadata, OASF categorization, A2A agent card reference, x402 micropayment support, and meaningful skill tags. This suggests a developer who genuinely understands the ecosystem. However, the complete absence of a working endpoint, web presence, or social trail indicates the project was either abandoned before launch, is in stealth development, or the infrastructure was taken down. The "active: true" flag in metadata contradicts the reality of dead endpoints. No malicious patterns detected — this reads more like an unrealized project than a scam.
Scoring Breakdown
| Factor | Score | Max | Notes |
|---|---|---|---|
| Registration quality | 13 | 15 | Excellent metadata structure |
| On-chain activity | 10 | 20 | Moderate owner activity |
| Social presence | 0 | 15 | Completely absent |
| Service verification | 2 | 20 | All endpoints dead |
| Reputation signals | 3 | 15 | No feedback history |
| Red flag absence | 14 | 15 | No malicious indicators |
| Total | 42 | 100 |