AutonWallet
Per-agent smart wallet contracts that enforce programmable spending rules entirely on-chain, with no trusted intermediary. Each wallet is a minimal-proxy clone implementing ERC-4337 Account Abstraction, allowing agents to submit UserOperations through a standard bundler stack without holding native tokens for gas.
The Problem
No existing wallet model fits autonomous agents
The rise of LLM agents capable of executing multi-step, goal-directed tasks has created a demand for autonomous blockchain interactions that does not fit any existing wallet model.
Hot Wallets (EOA)
Require handing the agent a private key. An agent with an EOA has unconstrained spending power. A single prompt injection or model error can drain the wallet completely.
Multisig Wallets
Require N-of-M signatures. For an autonomous agent this means a human co-signer for every transaction — reducing throughput to the speed of human attention.
Allowance Patterns
ERC-20 approve limits token amounts but does not constrain ETH transfers, call targets, timing, or daily totals. Enforcement logic typically lives in a trusted application server.
Design Goals
Built on six principles
On-chain enforcement only
Rules are checked in Solidity. A compromised backend cannot override them.
Minimal trust footprint
The agent key can only spend up to the wallet's configured limits on whitelisted protocols. Compromising the agent key has bounded impact.
Owner sovereignty
The human owner can freeze the wallet instantly, update rules, or withdraw all funds at any time, with no time lock.
ERC-4337 compatibility
The wallet functions as a first-class ERC-4337 account so agents can use standard bundler infrastructure — gas sponsorship, batching, etc.
Low deployment cost
Wallets use EIP-1167 minimal proxy clones so that every (owner, agent) pair can have its own isolated wallet cheaply.
Developer ergonomics
A TypeScript SDK and pre-built React components make integration straightforward without requiring deep Solidity knowledge.
struct WalletRules {
uint256 maxDailySpendWei;
uint256 maxSingleTxWei;
address[] allowedProtocols;
address[] allowedTokens;
uint16 maxSlippageBps;
uint16 maxLeverageBps;
bool active; // master switch
}Contract Architecture
Factory + per-agent wallet clones
AutonWalletFactory is deployed once per chain. It creates minimal-proxy clones (EIP-1167) for each (owner, agent) pair, validates rules against template bounds, and maintains a registry mapping owners and agents to wallet addresses.
Account Abstraction
First-class ERC-4337 support
AutonWallet implements IAccount.validateUserOp so agents can use standard bundler infrastructure for gas sponsorship and batching. The agent does not need ETH in its signing EOA — only in the wallet contract.
Validation Phase
Recovers ECDSA signer from the UserOperation signature. Checks signer matches the registered agent address. Pays missingAccountFunds to the EntryPoint from the wallet's ETH balance.
Execution Phase
Spending rule enforcement happens in execute() which is called via callData after validateUserOp succeeds. Daily spend tracking uses a calendar-day window (block.timestamp / 86400) that resets to zero each new day.
Gas Handling
The wallet's ETH balance covers gas prepayment to the EntryPoint. Gas costs are paid from the wallet balance but do not count against the daily spend limit — only the value field in calls contributes to the daily spend tracker.
Template System
Predefined risk profiles
Templates have factory-enforced upper bounds. The factory validates submitted rules against the template's bounds before deploying the clone.
CAUTIOUS
STANDARD
DEFI_TRADER
CUSTOM
CUSTOM has no factory enforcement — owners accept full responsibility
Security Analysis
Threat model & mitigations
Known Limitations
Reentrancy
execute() uses OpenZeppelin ReentrancyGuard. Deep reentrancy via ERC-777 mitigated by SafeERC20.
Timestamp manipulation
Daily window uses block.timestamp / 86400. Miners can manipulate ±15s — negligible impact at midnight boundary.
Slippage & leverage
maxSlippageBps and maxLeverageBps are advisory only. The contract does not decode DEX-specific call data.
Nonce management
validateUserOp does not implement nonce tracking. Delegated to the EntryPoint as per ERC-4337 spec.
Gas Costs
Estimated on-chain costs
Estimates on local Hardhat node. Mainnet values depend on calldata costs, state storage, and Base L2 compression.
Future Work
What comes next
ERC-4337 Paymaster
Allow owners to sponsor agent gas without requiring ETH in the wallet.
Social Recovery
Add guardian-based recovery for the owner role.
Time-locked Rule Updates
Schedule rule changes with a delay, preventing sudden expansion of the agent's spending power.
Multi-agent Wallets
Extend the factory to support wallets shared by a committee of agents with independent spending tracks.
ZK Proof Integration
Support private agent keys with ZK-SNARK signature proofs for enhanced agent privacy.
AutonWallet gives AI agents a first-class, on-chain financial identity with programmable risk controls enforced at the contract level. By combining ERC-4337 account abstraction with factory-templated spending policies, it enables a new class of agent architectures where autonomy and safety coexist without requiring continuous human oversight.
AutonWallet is experimental software. Use on testnets before deploying real funds.