Skip to main content
OMS Wallet is built on a WaaS (Wallet as a Service) embedded wallet model. The service runs inside an AWS Nitro Enclave: the user’s signing key never leaves that enclave, and transactions execute against smart contract accounts on-chain.

Core systems

  • WaaS service (Nitro Enclave): authenticates the user (OIDC, OAuth + PKCE, email OTP), holds the wallet’s signing key, and signs transactions via an authenticated RPC API. See Infrastructure.
  • Wallet contracts v3 (on-chain smart accounts): the wallet is a smart contract account whose configuration is committed as a Merkle root on-chain; v3 contracts validate signatures and enforce session rules. See Wallet Configuration.
  • Smart Sessions (API-driven): a remote backend or in-app flow can submit transactions from a user’s wallet within on-chain permission bounds, granted by the user once and enforced by the Sessions Module on every call. See Smart Sessions.
  • Guard Firewall (policy enforcement): reviews each transaction against ecosystem policies, threat simulations, and blacklists before allowing on-chain execution. See Guard Firewall.

Deployment options

Hosted Wallet

OMS operates the wallet on your domain with your branding. Control configuration in Builder and launch on a custom domain.

Custom Wallet

Build a wallet with the Wallet Development Kit on top of OMS wallet infrastructure. Critical components can be self-hosted. Includes native mobile (iOS and Android) via React Native.

Security model

  • User authentication, signing keys, and encryption all happen inside the Nitro Enclave. No unencrypted key material ever leaves enclave memory. See Infrastructure.
  • Encryption keys are split across a Trusted Third Party council (Polygon, Quantstamp, CoinCover). No single party can decrypt user data unilaterally. See Infrastructure.
  • Wallets are smart contract accounts on-chain; their existence does not depend on WaaS being online. See Wallet Configuration and Timed Recovery.