The future of digital asset management is evolving rapidly, and at the heart of this transformation lies the smart wallet—a secure, flexible, and user-centric solution designed for the modern blockchain ecosystem. Developed by Coinbase, this open-source repository introduces a cutting-edge, ERC-4337 compliant smart contract wallet that redefines multi-owner control, cross-chain functionality, and authentication flexibility.
Built with scalability and interoperability in mind, this smart wallet supports advanced features such as multi-owner configurations, passkey integration, and cross-chain replayability—making it one of the most versatile account abstraction solutions available today.
👉 Discover how next-gen wallet technology can simplify your Web3 experience.
Multi-Owner Architecture for Decentralized Control
One of the standout features of this smart wallet is its robust multi-owner model, enabling a practically unlimited number of concurrent owners (up to 2^256). Unlike traditional multisig wallets that require consensus among signers, each owner in this system can act independently—initiating transactions or managing permissions without needing approval from others.
Owners are represented as bytes, allowing seamless integration of both Ethereum address-based owners and passkey-based owners using Secp256r1 public keys. This dual-support design bridges legacy Web3 identities with modern, passwordless authentication methods, ensuring broader accessibility and enhanced security.
This architecture is particularly valuable for organizations, DAOs, or shared custody setups where autonomy and flexibility are critical. With no hard limits on owner count and minimal coordination overhead, teams can manage assets efficiently across complex ownership structures.
Seamless Authentication: Passkeys and Ethereum Addresses
The smart wallet natively supports two types of signers: standard Ethereum private key holders and users leveraging FIDO2 passkeys via WebAuthn. This hybrid approach aligns with ERC-4337’s vision of account abstraction, where user operations (UserOps) decouple transaction logic from signature validation.
When submitting a UserOperation, the signature field contains an ABI-encoded SignatureWrapper struct:
struct SignatureWrapper {
uint8 ownerIndex;
bytes signatureData;
}The ownerIndex specifies which owner signed the operation. This is essential because Secp256r1 verifiers require the public key as input—unlike Ethereum’s ecrecover, which derives the signer’s address from the signature itself.
To optimize gas costs—especially on Layer 2 rollups like Base where calldata is expensive—the wallet passes the index instead of the full public key. The signatureData varies depending on the signer type:
- For Ethereum addresses: packed ABI encoding of
r,s, andvvalues. - For Secp256r1 passkeys: ABI-encoded
WebAuthnAuthstruct, compliant with webauthn-sol.
This modular design ensures compatibility with existing tooling while paving the way for widespread adoption of passkey-based login systems in decentralized applications.
👉 See how easy it is to integrate secure, passkey-enabled wallet experiences.
Cross-Chain Replayability: Sign Once, Update Everywhere
Managing wallet configurations across multiple blockchains has traditionally been a fragmented and repetitive process. This smart wallet solves that with cross-chain replayability—a feature that allows users to sign a single user operation and have it permissionlessly executed across all supported chains.
At the core of this functionality is a special function: executeWithoutChainIdValidation(bytes calldata data).
This function can only be invoked by the ERC-4337 EntryPoint contract (v0.6). During validateUserOp, the system checks if this function is being called:
if (userOp.callData.length >= 4 && bytes4(userOp.callData[0:4]) == 0xbf6ba1fc) {
userOpHash = getUserOpHashWithoutChainId(userOp);
if (key != REPLAYABLE_NONCE_KEY) {
revert InvalidNonceKey(key);
}
} else {
if (key == REPLAYABLE_NONCE_KEY) {
revert InvalidNonceKey(key);
}
}By excluding the chain ID during hash computation, the same signature becomes valid across different networks. To prevent misuse, only specific functions are whitelisted for cross-chain execution:
MultiOwnable.addOwnerPublicKeyMultiOwnable.addOwnerAddressMultiOwnable.addOwnerAddressAtIndexMultiOwnable.addOwnerPublicKeyAtIndexMultiOwnable.removeOwnerAtIndexUUPSUpgradeable.upgradeToAndCall
Additionally, a dedicated nonce key (REPLAYABLE_NONCE_KEY) ensures these operations remain sequential and organized across chains. This mechanism prevents race conditions while maintaining full decentralization—anyone can replay the operation without requiring special permissions.
Deployment and Interoperability Across Chains
Thanks to the Safe Singleton Factory, both the factory and implementation contracts are deployed at identical addresses across 248+ EVM-compatible chains. This deterministic deployment model simplifies integration, verification, and trustless interaction across ecosystems—from Ethereum mainnet to Layer 2s like Base, Arbitrum, and Optimism.
To deploy the wallet on a new chain, developers simply configure their environment variables:
ACCOUNT=your_wallet_name
RPC_URL=https://your-node-provider.com
ETHERSCAN_API_KEY=optional_for_verificationUsing tools like Foundry’s cast, developers can then deploy and verify contracts seamlessly. This streamlined workflow lowers barriers to entry for builders aiming to launch interoperable dApps or custodial solutions.
Development Workflow and Testing
For contributors and developers looking to extend or audit the codebase, the project leverages Foundry—a powerful Ethereum development toolkit. After cloning the repository, running tests is straightforward:
forge testThis ensures contract correctness, gas efficiency, and compliance with ERC-4337 standards. The test suite covers edge cases around signature validation, nonce management, cross-chain execution safety, and upgradeability patterns.
Inspirations and Technical Foundations
While developed independently, this smart wallet draws inspiration from several pioneering projects in the account abstraction space:
- Solady’s ERC4337 implementation: Provided a lean, gas-optimized foundation for core account logic.
- DaimoAccount: First to demonstrate practical use of passkeys in ERC-4337 accounts, influencing the current approach to WebAuthn integration.
- LightAccount by Alchemy: Offered insights into minimalist account design and efficient validation workflows.
These influences have been synthesized into a more scalable, secure, and feature-rich solution tailored for real-world adoption.
Frequently Asked Questions (FAQ)
Q: What is ERC-4337?
A: ERC-4337 is an Ethereum standard for account abstraction that enables smart contract wallets to act as primary accounts—supporting features like meta-transactions, session keys, and passkey logins without consensus-layer changes.
Q: Can I use biometrics with this wallet?
A: Yes! Since it supports FIDO2 passkeys via WebAuthn, you can authenticate using biometrics (e.g., Face ID, Touch ID) on compatible devices.
Q: Is cross-chain replay safe?
A: Yes. Only a predefined set of state-changing functions are allowed for replay, and they must use a special nonce key to ensure ordering and prevent unauthorized calls.
Q: How does this differ from a multisig wallet?
A: Unlike multisigs requiring multiple approvals per transaction, this wallet allows any owner to act independently—offering greater flexibility while maintaining strong security through cryptographic verification.
Q: Can I upgrade the wallet logic?
A: Yes. The contract uses UUPS (Universal Upgradeable Proxy Standard), enabling trusted upgrades while minimizing on-chain footprint.
Q: Where can I find the source code?
A: The full implementation is open-source and maintained under Coinbase’s GitHub repository for community review and contribution.