@runonflux/account-abstraction

v1.2.1

Published

9 months ago

Account Abstraction Schnorr Multi-Signatures

0High
0Medium
0Low

thetrunk

bill2

Account Abstraction AA ERC-4337 Schnorr Signature Multisig

Account Abstraction Schnorr MultiSig

Account Abstraction - Schnorr Multi Signature ERC-4337 compliant smart contracts.

Overview

This package provides a robust implementation of ERC-4337 Account Abstraction using Schnorr Multi-Signatures. It includes two main smart contracts:

MultiSigSmartAccount: Implements the ERC-4337 Account Abstraction.
MultiSigSmartAccountFactory: A factory contract for creating account abstractions.

The contracts are designed to be UUPS Upgradeable Proxies, allowing upgrades by the Owner. The Owner role is assigned to the combined public address (combinedAddress) during account initialization, ensuring that critical functions like upgrades or withdrawals require Schnorr Multi-signature authorization.

Key Features

Secure Multi-Signature Transactions: Utilizes Schnorr signatures for enhanced security.
Upgradeable Contracts: Supports UUPS proxy pattern for contract upgrades.
ERC-4337 Compliance: Adheres to the latest Ethereum standards for account abstraction.

Requirements

Node.js: Version >=18
npm: Version >=9

Installation

NPM package

npm install @runonflux/account-abstraction

Clone the repository and install dependencies:

git clone https://github.com/RunOnFlux/account-abstraction.git
cd account-abstraction
npm install

Testing

Run the test suite using:

npm run test

Deployments

Refer to the Deployments for information about deployed contracts.

Deploy the MultiSigSmartAccount Factory on Ethereum Sepolia Testnet:

npm run deploy:sepolia

For other supported networks, use:

npx hardhat deploy --network <NETWORK_NAME> --tags ACCOUNT_FACTORY

Supported networks include:

mainnet
sepolia
polygon-mainnet

Build Package

Build the package with:

npm run prebuild
npm run build

The package includes:

abi: Generated ABI JSON files for smart contracts.
deployments: Addresses of deployed contracts for each supported network.
typechain: TypeScript typings generated from ABI files.

Associated Packages

MultiSig Schnorr Signature SDK: A TypeScript library for creating ERC-4337 Account Abstractions with Schnorr Signatures. Refer to the SDK README for usage guides and examples.

SSP Wallet

The SSP Wallet is a multi-signature, multi-asset wallet leveraging this SDK for EVM chains. For more information and usage examples, visit the SSP Wallet Repository.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Reporting Issues

Found a bug? Please report it on our issue tracker.

Inspiration, Credits & Acknowledgements

This library is based on Borislav Itskov research and draws inspiration from the schnorrkel.js implementation.
Account Abstraction ERC4337 eth-infinitism/account-abstraction

Security Audits

The smart contracts and SDK underwent a comprehensive security audit by Halborn finalised in February 2025.

Audit Reports

📄 Smart Contracts Audit

Halborn Audit Report – Smart Contracts (GitHub)
Halborn Public Report – Smart Contracts (Halborn)

📄 SDK Audit

Halborn Audit Report – SDK (GitHub)
Halborn Public Report – SDK (Halborn)

Findings & Notes

Smart Contracts: All findings were in unused code, which has been removed in the main branch. Contracts were redeployed, and the main branch is recommended for production while master branch is an archive where audits were assessed and perfectly safe to continue using. (Fix PR)
SDK: All important findigs were addressed in the main branch. Be noted that examples are using hard coded values, furthermore this library requires proper nonce management on the client side, and following a strict error-throwing approach. (Fix PR)