Model
- Root: the wallet contract stores one hash root.
- Leaves: typed records for signers, sessions, recovery, passkeys, and modules.
- Extensions: modules interpret specific leaf types (session enforcement, passkeys).
- Proofs: execution supplies Merkle proofs for the leaves it needs (signer weight, session rule).
Updating configuration
Configuration updates, such as adding a device, changing session limits, or rotating keys, happen off-chain by computing a new tree and root. The Key Machine service attests to the latest root. Transactions include or reference this attestation so the wallet accepts only the latest configuration.Smart Sessions and Passkeys
- Smart Sessions: leaves define scopes for a session key (allowed contracts and functions, spend limits, expiries). Execution validates the session key and rule proofs before allowing actions.
- Passkeys: passkey authenticators are leaves. Devices produce WebAuthn signatures validated by the passkey extension using the relevant leaf proof.
Recovery
- Timed recovery keys: a recovery leaf encodes a time-lock window. Initiating recovery starts a countdown where existing signers can cancel. After expiry, the recovery key can rotate primary signers. See Recovery for the full flow.
Efficiency
- Only the root is stored onchain. Proofs are provided as calldata when needed.
- Packing and bitmap techniques minimize calldata for multi-sig or multi-proof cases.