Session Keys and Permissions

Enables secure, automated agent actions—only within limits you define.

SurfLiquid’s automation relies on an advanced session key and permission system to enable seamless, non-custodial DeFi operations, without sacrificing user sovereignty or security.

Technical Workflow

  • Session Key Generation: When you activate your agent, SurfLiquid generates a unique cryptographic session keypair (public/private).

  • Scoped Delegation:

    • The public session key is granted strictly limited rights on your smart account, encoded via on-chain permissions or an internal permission contract.

    • Allowed actions include only strategy execution functions (e.g., executeStrategyAction()), targeting whitelisted protocols and contracts.

    • Session keys cannot move funds to arbitrary addresses, elevate privileges, or bypass registry restrictions.

Operational Guardrails

  • Principle of Least Authority:

    • Session keys grant just enough permission for the agent to perform required operations—nothing more.

    • All non-essential operations are explicitly blocked at the contract level.

  • Time-Bound & Revocable:

    • Each session key is valid only for a specific time window (session duration or expiry block).

    • Upon “Deactivate,” all session keys and delegated rights are immediately revoked on-chain.

    • At any time, you (the admin wallet) can override or kill a session key, restoring full control instantly.

Security Model

  • Even in the worst-case scenario (key compromise or agent malfunction), session keys are “sandboxed”:

    • They can never transfer your assets outside the approved strategy universe.

    • They cannot upgrade themselves, authorise new strategies, or drain funds.

  • The system ensures all automation remains user-governed; you set the boundaries (which strategies, which protocols), and SurfLiquid enforces them with deterministic contract logic.

In essence, session keys enable trustless, around-the-clock automation by SurfLiquid’s AI, while technical boundaries, whitelisting, and real-time revocation guarantee that your DeFi assets stay safe and always under your ultimate control.

PreviousAI Decision EngineNextDecentralised Execution Network

Last updated