Skip to main content
Polygon’s embedded wallet stack is built on the Sequence smart wallet architecture. This page covers the key security properties relevant to fintechs and financial products building on top of it.

Key security: AWS Nitro Enclaves

Private key material never exists in plaintext outside of a hardware-isolated execution environment. Sequence uses AWS Nitro Enclaves, a hardware-enforced isolation model where:
  • The enclave runs in a separate memory space, invisible to the host OS.
  • No SSH access, no persistent storage, no network interface (except a controlled virtual socket).
  • Code running in the enclave is verified against a known measurement (EIF hash) before it can decrypt key material.
  • Sequence operators cannot access user keys, even with root access to the host machine.
The enclave architecture is audited and its measurements are publicly published, allowing independent verification.

Identity Instrument

Authentication and session attestation are handled by the Identity Instrument, a service running inside a Nitro Enclave. Its responsibilities:
  1. Verify the user’s identity via OAuth (Google, Apple) or OTP.
  2. Bind the verified identity to a device Auth Key.
  3. Issue a signed session attestation: a cryptographic proof that the session key belongs to the verified identity.
The app never sees the OAuth token. The Identity Instrument processes it inside the enclave and returns only the attestation. This means even a compromised app server cannot extract user credentials.

Merkleized wallet configuration

The wallet’s onchain state is a single Merkle root: a compact commitment to the full configuration including:
  • Authorized signers (passkeys, session keys, recovery keys)
  • Smart session rules (explicit permissions)
  • Recovery configuration
When a transaction is submitted, only the relevant Merkle branch is provided onchain. This minimizes calldata, keeps gas costs low, and means the wallet does not need to enumerate all signers; it only proves the relevant one is authorized. Cross-chain coherency: The same Merkle root governs all chains. A wallet registered on Polygon works identically on any other supported EVM chain without redeployment.

Guard Firewall

The Guard Firewall is an optional transaction review layer that runs before any transaction reaches the chain. It can be configured to:
  • Block transactions to non-allowlisted contract addresses.
  • Flag transfers exceeding configurable thresholds for review.
  • Reject transactions that violate explicit session rules before they reach the relayer.
For regulated financial products, the Guard Firewall provides a programmable policy layer between your application logic and onchain execution.

Non-custodial guarantee

Neither Sequence nor Polygon can unilaterally move user funds. The key security properties that enforce this:
  • User keys are sharded using Shamir’s Secret Sharing across multiple geographically distributed remote key holders. No single entity, including Sequence, holds a complete key.
  • The signing enclave requires a valid session attestation from the Identity Instrument to decrypt and use any key shard.
  • Session attestations are scoped to a specific app domain and expire. A compromised attestation cannot be reused by a different app or after expiry.

Contract audits

The wallet contracts have been audited by independent security firms. Audit reports are available in the Sequence technical references.

Summary

PropertyImplementation
Key storageAWS Nitro Enclaves, never plaintext
Identity verificationEnclave-bound Identity Instrument
Onchain stateMerkleized configuration, single root per wallet
Cross-chainSame root, same wallet on all EVM chains
Transaction policyGuard Firewall (configurable)
CustodyShamir’s Secret Sharing, no single-party control