ΞTHΛURΛ is an implementation of ERC-4337 Account Abstraction that uses P-256/secp256r1 signatures instead of the traditional secp256k1. This enables users to control their Ethereum accounts using WebAuthn/Passkeys (Touch ID, Face ID, Windows Hello, etc.).
P-256 (secp256r1) is widely supported by hardware security modules, secure enclaves, and WebAuthn. This allows users to:
- Use biometric authentication (Touch ID, Face ID)
- Leverage hardware security (Secure Enclave, TPM)
- Avoid managing private keys manually
- Use the same keys across multiple platforms
EIP-7951 introduces a precompile at address 0x0100 for verifying P-256 signatures. This makes verification much cheaper (~6,900 gas) compared to Solidity implementation (~330,000 gas).
No. This is experimental software that has not been audited. Do not use with real funds on mainnet.
Currently:
- ✅ Sepolia testnet (after Fusaka upgrade)
- ⏳ Mainnet (planned for future upgrade)
- ❌ Other networks (check individually)
- User signs with passkey (P-256 ECDSA)
- Frontend decodes DER signature to r,s components
- Contract computes
messageHash = SHA256(userOpHash) - Contract calls precompile at
0x0100with (hash, r, s, qx, qy) - Precompile verifies signature and returns result
Raw P-256 mode (used in this implementation):
- Sign
SHA256(userOpHash)directly - Simpler, more gas-efficient
- Works with any P-256 signer
WebAuthn mode:
- Sign
authenticatorData || SHA256(clientDataJSON) - More complex, requires parsing on-chain
- Full WebAuthn compliance
No, MetaMask uses secp256k1 keys. ΞTHΛURΛ accounts use P-256 keys from passkeys. However, you can:
- Use MetaMask to deploy the factory
- Use MetaMask as the owner address
- Sign transactions with passkeys
Accounts are deployed using CREATE2, so addresses are deterministic:
address = CREATE2(
factory,
salt,
keccak256(creationCode || abi.encode(entryPoint))
)
Same public key + salt = same address across all networks.
ΞTHΛURΛ has multiple recovery options:
Option 1: Owner-initiated recovery (48 hours)
- Login to Web3Auth from a new device
- Propose a new passkey update
- Wait 48 hours (timelock)
- Execute the update
- ✅ Access restored
Option 2: Guardian-based recovery (24 hours, recommended)
- Contact your guardians
- Guardian initiates recovery with your new passkey
- Other guardians approve (e.g., 2 out of 3)
- Wait 24 hours (timelock)
- Execute recovery
- ✅ Access restored
Important: If you still have access to your passkey, you can cancel any malicious recovery attempts!
This is why guardians are critical!
If you lose both:
- Contact your guardians
- Guardians initiate recovery
- Multiple guardians approve (threshold required)
- Wait 24 hours
- Execute recovery
- ✅ Access restored
Without guardians: Funds may be permanently lost. Always set up guardians!
Your funds are safe! The new security model prevents this attack:
- Attacker gains access to your social login
- Attacker tries to propose a new passkey
- ⏰ 48-hour timelock starts
- You receive notification
- You cancel the proposal with your passkey signature
- ✅ Attack prevented, funds safe
Key protection: Owner address CANNOT execute transactions or immediately change passkey.
The current implementation supports one public key per account. However, you can:
- Update the public key to a different passkey (with timelock)
- Set up multiple guardians as backup
- Use 2FA (passkey + owner signature) for high-value transactions
ΞTHΛURΛ implements defense-in-depth security:
- ✅ Passkey-first: All transactions require passkey signature
- ✅ No owner bypass: Owner cannot execute transactions directly
- ✅ Timelock protection: 48-hour delay for administrative changes
- ✅ Guardian recovery: Decentralized social recovery
- ✅ P-256 cryptography: NIST standard, hardware-backed
- ✅ EIP-7951 precompile: Efficient signature verification
- ✅ ERC-4337 EntryPoint: Battle-tested account abstraction
⚠️ Not externally audited - use at your own risk
See SECURITY_MODEL.md for detailed security analysis.
The implementation enforces s <= N/2 to prevent malleability attacks. This ensures each message has only one valid signature.
Passkeys are stored in your device's secure enclave and cannot be extracted. However:
- Protect your device with a strong password
- Enable biometric authentication
- Keep your device updated
- Don't jailbreak/root your device
If a critical bug is found in the precompile:
- Network upgrade would be required to fix
- Existing accounts would be affected
- This is why auditing is crucial before mainnet
Guardians are trusted contacts who can help you recover your account if you lose access to your passkey. They are:
- Decentralized: No single guardian can recover your account
- Multi-sig: Requires threshold approval (e.g., 2 out of 3)
- Time-locked: 24-hour delay before recovery executes
- Cancellable: You can cancel malicious recovery attempts
Important: Your owner address (from Web3Auth) is automatically added as the first guardian when you create your account! This means you can initiate recovery immediately even before adding other guardians.
- You already have 1 guardian: Your owner address (threshold = 1)
- Choose 2+ additional trusted contacts: Family, friends, colleagues
- Add guardians via passkey signature:
await account.addGuardian(guardianAddress)
- Set threshold (e.g., 2 out of 3 total guardians):
await account.setGuardianThreshold(2)
- Inform guardians: Let them know they're your guardians
Good guardian choices:
- ✅ Family members you trust
- ✅ Close friends
- ✅ Trusted colleagues
- ✅ People in different locations
- ✅ People with different risk profiles
Bad guardian choices:
- ❌ People you don't trust completely
- ❌ All guardians in same location
- ❌ People who might collude
- ❌ People who might lose access to their keys
Single guardian compromised:
- ✅ No problem! Threshold prevents single guardian attack
- ✅ Remove compromised guardian with passkey signature
- ✅ Add new guardian
Multiple guardians compromised:
⚠️ If threshold is met, they can initiate recovery- ✅ You have 24 hours to cancel with passkey
- ✅ Monitor recovery requests closely
Yes! You can remove guardians anytime with passkey signature:
await account.removeGuardian(guardianAddress)Step 1: Guardian initiates recovery
await account.initiateRecovery(newQx, newQy, newOwner)Step 2: Other guardians approve
await account.approveRecovery(requestNonce)Step 3: Wait 24 hours (timelock)
Step 4: Execute recovery
await account.executeRecovery(requestNonce)Step 5: Access restored!
Yes! If you still have access to your passkey, you can cancel any recovery request:
await account.cancelRecovery(requestNonce)This protects against malicious guardians.
- Open the frontend demo
- Click "Create Passkey"
- Authenticate with Touch ID/Face ID
- Deploy account via factory
- Fund the account with ETH
- Enter target address and amount
- Click "Send Transaction"
- Sign with your passkey
- Transaction is submitted as UserOperation
Approximate costs:
- Account deployment: ~300k gas
- Transaction (with precompile): ~100k gas
- Signature verification: ~6,900 gas
Yes! WebAuthn works on:
- iOS (Touch ID, Face ID)
- Android (fingerprint, face unlock)
- Desktop (Windows Hello, Touch ID)
For production use, yes. The bundler:
- Collects UserOperations
- Submits them to EntryPoint
- Handles gas estimation
- Manages mempool
For testing, you can submit UserOperations directly.
Yes, by implementing a Paymaster contract. This allows:
- Gasless transactions for users
- Payment in ERC-20 tokens
- Subscription models
- Sponsored onboarding
# All tests
make test
# With gas report
make test-gas
# Specific test
forge test --match-test testFunctionName
# With verbosity
forge test -vvv# Setup environment
cp .env.example .env
# Edit .env with your values
# Deploy
make deploy-sepolia- Write the contract code
- Add tests
- Update documentation
- Submit a pull request
See CONTRIBUTING.md for details.
The project uses Foundry, but you can:
- Port contracts to Hardhat
- Use Hardhat for deployment
- Keep Foundry for testing
forge verify-contract \
--chain-id 11155111 \
--compiler-version v0.8.23 \
<ADDRESS> \
src/P256AccountFactory.sol:P256AccountFactoryYou're on a network without EIP-7951 support. Use Sepolia testnet after Fusaka upgrade.
Your browser doesn't support WebAuthn. Try:
- Chrome/Edge (recommended)
- Safari (iOS/macOS)
- Firefox
- Use HTTPS or localhost
Check:
- Signature format is correct (r || s, 64 bytes)
- Public key matches the account
- Message hash is computed correctly
- DER decoding is correct
Ensure:
- Account has sufficient balance
- EntryPoint deposit is sufficient
- Signature is valid
- Target contract doesn't revert
Verify:
- RPC URL is correct
- Network is Sepolia
- Factory address is correct
- Browser console for errors
| Feature | ΞTHΛURΛ | EOA |
|---|---|---|
| Key management | Passkey | Private key |
| Signature | P-256 | secp256k1 |
| Gas cost | Higher | Lower |
| User experience | Better | Worse |
| Recovery | Possible | Difficult |
| Feature | ΞTHΛURΛ | Safe |
|---|---|---|
| Deployment | ERC-4337 | Traditional |
| Signatures | P-256 | secp256k1 |
| Multi-sig | No (yet) | Yes |
| Modules | No | Yes |
| Maturity | Experimental | Production |
ΞTHΛURΛ's unique features:
- P-256 signature support
- Native passkey integration
- Hardware security module support
- Cross-platform key usage
- Security audit
- Multi-device support
- Session keys
- Social recovery
- Paymaster integration
- Mobile app
- Mainnet deployment
We welcome contributions! See CONTRIBUTING.md.
- GitHub: github.com/yourusername/ethaura
- Discord: discord.gg/ethaura
- Twitter: @ethaura
- Check README.md
- Read ARCHITECTURE.md
- Open a GitHub Discussion
- Join our Discord