safeLiza

Smart Agent Wallet: Easy and secure wallet access for AI agents safeLiza Wallet is a hackathon project that lets people safely delegate Ethereum transactions to AI assistants. It consists of two parts: Frontend (https://github.com/0xtiki/safeLiza-frontend): A clean, visual interface built with Next.js where users create wallets and set permissions Backend (https://github.com/0xtiki/safeLiza-backend): A NestJS service that handles the blockchain interactions What It Solves Managing crypto can be complex and risky. Smart Agent Wallet makes it accessible by: Creating secure Gnosis Safe wallets with simple passkey authentication (like fingerprint or face ID) Providing visual tools to set clear boundaries for what AI assistants can do Allowing specific permissions like "only spend up to $50 of USDC per day" or "only interact with these specific contracts" Working across multiple blockchains from a single interface How It Works Users can: Create a wallet using just their fingerprint or face ID Set up specific rules for what their AI assistant can do Generate a secure endpoint for their assistant to use Monitor transactions and adjust permissions anytime The permission system remains fully non-custodial, as all access policies are enforced at the smart contract level. This means users never give up control of their assets - the rules they set are encoded directly on the blockchain. Why It Matters This project bridges the gap between AI capabilities and Ethereum complexity. It allows anyone to benefit from AI assistance with their digital assets without sacrificing security or control. Rather than requiring technical knowledge, Smart Agent Wallet transforms complex permissions into simple toggles and sliders that anyone can understand, while maintaining the security guarantees of contract-based access policies.

Architecture Overview Smart Agent Wallet consists of two main components: • Frontend (Next.js 15): Provides the user interface for wallet creation, permission management, and transaction monitoring • Backend (NestJS): Handles blockchain interactions, session management, and secure API endpoints for AI assistants Core Technologies Smart Contract Infrastructure • Gnosis Safe: I built on Safe's battle-tested smart contract wallet infrastructure • ERC-7579 Modules: Modular validators for different authentication methods by Rhinestone • Account Abstraction (ERC-4337): Used for gasless transactions and bundling operations Authentication & Security • WebAuthn/Passkeys: Integrated Rhinestones webauth validator and the 'ox' library for passwordless authentication • Smart Sessions: Implemented Rhinestones smart session validator module that enforces permission policies on-chain • Policy Engine: Developed a flexible system for composing and enforcing access rules Frontend Stack • Next.js 15: For the application framework with server components • TailwindCSS & DaisyUI: For responsive, accessible UI components • React Hooks: For state management across the application

Backend Stack • NestJS: For a structured, modular API architecture • Rhinestone Module-SDK: For erc7579 interaction • MongoDB: For storing user configurations and session data • Permissionless.js: For bundling and submitting ERC-4337 user operations • Safe Protocol Kit: For interacting with Safe contracts • Viem: For type-safe blockchain interactions Partner Technologies Integration • Rhinestone Module SDK: I leveraged Rhinestone's SDK to build and deploy validator modules, which significantly accelerated development of the permission system • Safe Global: Built on Safe's infrastructure for secure multi-signature wallet functionality • Pimlico: Used for gas sponsorship and bundling user operations, enabling gasless transactions for users Technical Challenges & Solutions The Hackiest Part: Dynamic Policy Composition The most challenging aspect was creating a flexible policy system that could be: • Visually configured through the UI • Translated into on-chain validation logic • Enforced at transaction execution time My solution was to create a "policy composition engine" that: • Allows policies to be combined (e.g., "spending limits" + "time restrictions") • Encodes these rules directly in the validator module. Seamless Authentication Flow I created a unified authentication flow that works across devices: • Users register with a passkey (fingerprint/face ID) • This generates a cryptographic key pair • The public key is stored on-chain as a validator • Transactions are signed using the private key (via WebAuthn) This required careful coordination between the browser's WebAuthn API, backend services, and the on-chain validator module and gives access to all Safe functionality even to users unfamiliar with web3 wallets Multi-Chain Deployment To support multiple blockchains, I implemented: • A chain-agnostic configuration system • Dynamic RPC endpoint management • Cross-chain deployment coordination This allows users to deploy and manage wallets across different networks from a single interface. Development Process I followed an iterative approach: • First built the core Safe creation and passkey authentication • Then developed the permission policy system • Finally added the AI assistant integration endpoints The most challenging aspect was ensuring that the permission system remained both flexible and intuitive for end-users.