Smart Accounts: Redefining Wallet Logic
Smart accounts replace traditional wallet private keys with contract-based validation. The wallet's logic — like spending rules, multi-signature, or gas payment methods — becomes part of the account itself.
This shifts the attack surface: instead of one private key, the wallet verifies operations via a kernel contract implementing the ERC-4337 UserOperation structure. This pattern suits AI agents that need:
- Automated signing via off-chain AI logic
- Session key delegation to minimize private key exposure
- On-chain filtering of operations for agent safety
One nuance: interaction requires an "entry point" contract and bundlers that submit UserOperations. Different networks and bundlers (including open-source ones) impact latency and reliability.
Session Keys: Scoped Access for Agent Wallets
Session keys are temporary delegated keys that authorize actions within defined limits — such as spending caps, allowed methods, or time frames. With ERC-4337, session keys enhance wallet security by allowing an AI agent partial wallet control instead of full private key access.
Example: you can create a session key allowing your AI agent wallet to spend up to 0.1 ETH per day or only interact with specific DeFI protocols without risking total asset loss.
Here’s a rough pseudo-structure demonstrating a session key scoped for spending ETH:
// Pseudo-code
struct SessionKey {
address delegatedKey;
uint256 spendingLimit;
uint256 expiryTimestamp;
bool isValid;
}
mapping(address => SessionKey) public sessionKeys;
function validateSessionKey(address key, uint256 amount) internal view returns (bool) {
SessionKey memory sk = sessionKeys[key];
return sk.isValid && sk.spendingLimit >= amount && block.timestamp <= sk.expiryTimestamp;
}
During UserOperation validation, the smart account contract would check these constraints before executing.
This approach significantly mitigates risks inherent to AI agents that might behave unexpectedly or get compromised.
Implementing ERC-4337 Smart Accounts with Permissionless.js
Permissionless.js is an open-source project providing an accessible JS SDK for interacting with ERC-4337 account abstraction frameworks. Its quickstart setup lets you wire a smart account with session keys in minutes.
Prerequisites:
- Node.js v18+
- Wallet with testnet ETH
Install:
npm install @permissionless-xyz/sdk
Example usage to instantiate an ERC-4337 wallet with a session key:
import { AccountAPI, createProvider, createSessionKey } from '@permissionless-xyz/sdk';
const provider = createProvider('https://rpc-goerli.infura.io/v3/YOUR_INFURA_KEY');
async function setupSmartAccount() {
const account = new AccountAPI({ provider });
// Create delegated session key with spending limit
const sessionKey = createSessionKey({
spendingLimit: '0.1', // ETH
expiry: Date.now() + 86400 * 1000, // 1 day
});
await account.addSessionKey(sessionKey);
console.log('Smart account ready with session key:', sessionKey.address);
}
setupSmartAccount().catch(console.error);
The API abstracts away UserOperation complexity and bundler interaction. Note: version 0.8.x has known issues with RPC timeouts; use 0.7.x for more stable local deployment.
Zerodev Kernel Session Key Tutorial: Practical Setup
Zerodev (now Permissionless) kernel contracts underpin session key handling on ERC-4337 smart accounts. To test locally:
- Clone permissionless-sdk and install dependencies.
- Start a local bundler:
npm run bundler:start
- Deploy kernel contracts (check scripts in
contracts/).
- Use the provided example to generate a session key with signed user operation.
Example UserOperation struct for session key:
{
"sender": "0xSmartAccount",
"nonce": 1,
"initCode": "0x", // no wallet init
"callData": "0x", // delegatecall using session key
"callGasLimit": 100000,
"verificationGasLimit": 100000,
"preVerificationGas": 21000,
"maxFeePerGas": "3000000000",
"maxPriorityFeePerGas": "1500000000",
"paymasterAndData": "0x"
}
I ran into a gotcha: local bundler logs opaque errors if session keys aren’t correctly registered or if nonce management isn't synced. Always confirm the kernel contract events for session key additions.
Spending Limits & Security Considerations
While session keys shield the primary wallet key, their design dictates security guarantees.
Key guidelines:
- Implement time-based expiry and revocation mechanisms
- Limit callable methods — e.g., disallow
selfdestruct or approve for unlimited ERC-20 approval
- Avoid omnibus session keys with unlimited scope unless offline stored
- Monitor on-chain session key events for abnormal activity
But don’t expect session keys to be a silver bullet. If an AI agent's logic gets compromised, the attacker can still drain the allowed amount within the spending limits. Here, layered defences like paymaster gasless transactions or multi-factor wallet guards improve safety.
Comparing ERC-4337 to EIP-7702 and ERC-7579
Several account abstraction proposals coexist, sometimes causing confusion.
| Feature |
ERC-4337 |
EIP-7702 |
ERC-7579 |
| Chain support |
Ethereum-compatible (EVM & L2s) |
Experimental |
Modular smart account modules |
| Session key support |
Native via kernel contracts |
Proposed session management |
Modular session keys as modules |
| Gas payment model |
Bundler + paymasters |
Unclear |
Modular paymasters supported |
| Maturity |
Active development, live testnets |
Draft |
Early spec, community-driven |
The takeaway: ERC-4337 currently offers the most practical codebase with usable bundles and frameworks like Permissionless and Zerodev.
Gasless Transactions with Pimlico Bundler and Paymaster
One pain point for AI agents is covering gas fees. Pimlico's open-source bundler with paymaster integration enables gasless transactions by sponsoring gas payments via paymaster contracts.
Example setup:
- AI agent submits UserOperation without native gas
- Bundler forwards transaction; paymaster pays gas in exchange for credits or off-chain billing
This frees AI agents from holding native tokens but demands paymaster contract security audits, as bugs could expose agent wallets.
Common Pitfalls and Troubleshooting Tips
Problem: "UserOperation nonce mismatch" errors
- Cause: session key nonce out-of-sync or kernel contract nonce increment failure
- Fix: fetch nonce from kernel contract directly before submission
Problem: Bundler timeout or "unsupported operation"
- Cause: incompatible bundler version or missing contract dependencies
- Fix: check bundler logs, upgrade to Permissionless.js 0.7.x for known stability issues
Problem: Unlimited approval flagged by Slither or Aderyn
- Fix: restrict token approvals in session keys or smart account modules
For more troubleshooting, check agent-wallet-security and framework-comparison.
Conclusion and Next Steps
ERC-4337's account abstraction model with session keys is a powerful innovation for AI agent wallets, enabling scoped, programmable access and safer automation. That said, development is still evolving — expect rough edges in bundler reliability, kernel contract versions, and paymaster integrations.
What I've found most helpful: start with Permissionless.js for rapid prototyping, implement strict spending limits on session keys, and gradually integrate gasless transaction flows with a paymaster like Pimlico.
If your project needs a full end-to-end tutorial on deploying on-chain AI agents leveraging ERC-4337 smart accounts, the onchain-ai-agent-setup guide will get you going.
Keep experimenting, watch for protocol releases, and stay security first.
Interested in how these smart accounts slot into broader AI agent toolchains? See mcp-server-integration and trading-bot-development for next steps.