Skip to content

Session Keys

Estimated time to read: 2 minutes

The Arcana Gasless (Standalone) SDK implements Session Keys as defined in ERC-4337 and EIP 6900. It allows adding smart controls or policies for pre-approving and authorizing transactions via smart contract wallets.

Better UX

In Web3, users' private keys enable authentication and full control over transactions. This poses security risks if the key is lost. Session keys offer limited authorization, allowing multiple signers with limited capabilities that can only access specific functions. Modular access control with session keys benefits the following use cases:

  • Enhanced Security: Session keys lower risk exposure if compromised compared to full-access private keys.
  • Delegation: Allow a trusted third party to perform specific transactions or functions without needing the wallet owner's direct involvement.
  • Automation: Using session keys to autonomously sign repetitive transactions improves UX in highly interactive Web3 apps. These keys allow signing for a specified period, transaction parameters, and limits.

Session Policy

To create session keys, use the CreateSession method of the SCW object provided by the Arcana Gasless (Standalone) SDK. Define the pre-approval policy with the following parameters:

  • Time: Set an allowed period for a pre-approved session or use 0 for an indefinitely approved session.
  • Maximum Value: Limit the maximum native token value transferable in a single transaction via the smart contract wallet address.
  • Contract Address: The address of the contract in the policy.
  • Function: Specify the contract function allowed for pre-approval.
  • Rules: Use rules to define permissions for the allowed parameters of the function specified above.

Session keys are successfully created and enabled only after the user's approval. Developers can create one or more sessions and seek user approval.

Approve Session Keys
Session Keys: User Approval Request

Transacting with Session Keys

Use doTx() method of the SCW object to perform a transaction via the Arcana Gasless (Standalone) SDK. If this transaction is whitelisted via gasless configuration settings then it will incur zero gas fees from the user's SCW address. Otherwise, it will be a normal transaction.

Use the session parameter in doTx() to specify whether the transaction is a native one or an autonomous one. By default, session is set to false. The transaction is a native one and the user will be required to review and take action for further processing.

If session is set to true when calling doTx(), the latest session is used. It will be autonomously processed if the policy conditions are met.

Select Session

Developers can override this behavior by specifying a specific session identifier via the session parameter in doTx() call.

First obtain the specific session identifier, then call doTx() 

const sessions = await scWallet.sessionManager.sessionStorageClient.getAllSessionData()

// Filter specific session object's ID, say session 'i'
...

// Session txn
let tx = await scWallet.doTx(tx1, {
  session: sessions[i].sessionID// true,
});
tx = await tx.wait();
console.log(`Transfer done ${tx.userOpHash}`);

Learn more...

Last update: July 29, 2024 by shaloo