search

How Surf Works

Exploring the AI Agentic utilites of Surf

circle-info

Under the hood, Surf is powered by a sophisticated architecture that blends smart contract technology with off-chain AI decision-making. Here we’ll break down the key components and explain how they work together – in other words, what gives Surf its agentic superpowers in DeFi.

hashtag
Technical Architecture & Smart Accounts

Technical Architecture Flow

At the core of SurfLiquid’s architecture is the Smart Account, a programmable, user-owned smart contract wallet deployed for each user. Unlike traditional EOAs (Externally Owned Accounts), which require manual signatures for every action, SurfLiquid provisions a dedicated smart contract per user on each supported chain, acting as a secure execution environment for all agentic DeFi operations.

Ownership & Admin Control:

  • The smart account is deterministically deployed to your address, ensuring only you retain admin authority (owner = your EOA).

  • Agent permissions are granular and revocable: you can withdraw funds or revoke agent control at any time, guaranteeing true self-custody.

Execution Sandbox & Multicall Engine:

  • The smart account is the on-chain vault holding your assets and interfacing with all DeFi protocols.

  • Its core engine is a gated multicall function, allowing the batching of complex DeFi operations (swap, addLiquidity, stake, harvest, withdraw) into a single atomic transaction.

    • multicall([swap(), addLiquidity(), stake(), ...])

  • Access Control:

    • Only registered and audited SurfLiquid strategy contracts can invoke multicall.

    • All protocol targets (lending pools, DEX routers, staking contracts) are also whitelisted in the Registry.

Security Model & Guardrails:

  • The smart account cannot execute arbitrary calls or interact with unknown contracts, even if the AI agent or an external entity tries to push such an action.

  • The Registry enforces “allow-list only” execution:

    • If targetContract ∉ WhitelistedProtocols, then reject multicall().

  • This architecture ensures atomicity (all steps succeed or none do), protecting users from partial execution, sandwich attacks, or execution failure mid-flow.

  • Regular protocol audits and an immutable Registry (updatable only by protocol governance) ensure ongoing security and adaptability.

User Benefits:

  • No more fragmented approvals or risky “infinite allowances.”

  • Your smart account handles all farming, lending, and compounding in a programmable sandbox—efficient, secure, and fully under your control.

  • If the agent is deactivated, only the owner (your wallet) can move funds, and all delegated permissions are instantly revoked.

In short, SurfLiquid’s Smart Accounts deliver secure, non-custodial, permissioned automation for DeFi, blending user sovereignty with the flexibility and safety of advanced on-chain account abstraction.

PreviousVelocity - Liquidity MiningNextAI Decision Engine

Last updated