Model
- Root: the wallet contract stores one hash root.
- Leaves: typed records for signers, sessions, recovery, and modules.
- Extensions: modules interpret specific leaf types (session enforcement, recovery).
- Proofs: execution supplies Merkle proofs for the leaves it needs (signer weight, session rule).
Updating configuration
Configuration updates, such as adding a device, changing session limits, or rotating keys, are authorized by the user through the SDK. The WaaS enclave’s Key Machine service computes the new Merkle tree and root, then attests to it. The enclave constructs and signs the config update; the user does not compute the tree directly. Transactions include or reference this attestation so the wallet accepts only the latest configuration.Smart Sessions
The Sessions Module is a leaf in the config tree. A remote backend or in-app flow can submit transactions from a user’s wallet within on-chain permission bounds; the user grants those bounds once, and the Sessions Module validates them on every call. See Smart Sessions.Recovery
- Timed recovery keys: a recovery leaf encodes a time-lock window. Initiating recovery starts a countdown where existing signers can cancel. After expiry, the recovery key can rotate primary signers. See Recovery for the full flow.
Efficiency
- Only the root is stored onchain. Proofs are provided as calldata when needed.
- Packing and bitmap techniques minimize calldata for multi-sig or multi-proof cases.