Non-custodial Design

n0ir is fully non-custodial. Your wallet (EOA) always owns the funds, the agent only acts with limited, revocable permissions.

Control Model

Role
Description
Permissions

SUDO Validator (User’s EOA)

Your wallet (MetaMask, Rainbow, etc.). Full control over the smart account.

Can withdraw, revoke, or execute any operation anytime.

REGULAR Validator (Agent)

Session key controlled by backend.

Limited to whitelisted vault, bridge, and withdrawal functions.

You can revoke the agent anytime or withdraw directly from your smart account.

Smart Account Structure (ZeroDev Kernel v3.2)

Each user deploys a smart account with two validators:

Smart Account (Kernel)
├─ 🔑 SUDO Validator → User EOA (root owner)
│   • Full control
│   • Can revoke agent
│   • Can withdraw anytime
└─ 🤖 REGULAR Validator → Agent session key
    • Limited permissions
    • 30-day expiry
    • Whitelisted functions only

⚙️ Agent Permissions

Allowed Operations

  1. Vault Deposits / Withdrawals (ERC4626) → Only to 17 approved vaults.

  2. USDC Approvals → For whitelisted vaults, CCTP, or Euler Vault Connector.

  3. CCTP Bridge → USDC only, Base ↔ Arbitrum ↔ Sonic, to user’s smart account.

  4. Euler Vault Ops → Through whitelisted EVC contracts.

  5. USDC Transfers → Only to the user’s EOA (for withdrawals).

Forbidden Operations ❌ Withdraw to arbitrary addresses ❌ Approve or call non-whitelisted contracts ❌ Transfer NFTs or other tokens ❌ Modify ownership or validators

Security Model

Backend compromise = no fund loss. Even if the agent key leaks, it can:

  • Move funds only between whitelisted vaults

  • Bridge USDC only to the user’s smart account

  • Withdraw only to user’s EOA

🛠️ Recovery Scenarios

Scenario
User Action

Agent malfunction

Use Emergency Withdraw → funds sent to EOA

Backend offline

Interact with vaults directly via your EOA

Frontend offline

Revoke session key on-chain or wait expiry

Everything offline

Use Etherscan/Web3 tools to redeem manually

Your EOA is always the root validator — full recovery guaranteed.

Technical Overview

  • ZeroDev Kernel v3.2 – modular ERC-4337 smart account

  • Permission Validator – whitelisted calls

  • Paymaster Support – gas-sponsored transactions

  • Multi-Chain Addressing – deterministic smart account across Base, Arbitrum, and Sonic

Data stored by backend:

{
  "agentSessionPrivateKey": "...",  // backend key
  "sessionKeyApproval": "...",       // permission proof
  "smartAccountAddress": "..."
}

No user private key or seed phrase is ever stored.

Summary

  • User EOA = Root Owner

  • Agent = Function-limited session key

  • Revocable anytime

  • Direct withdrawal possible

  • Backend compromise ≠ fund loss

n0ir combines automated yield optimization with true self-custody. Your keys, your crypto. Always.

PreviousAgent FlowNextSupported Protocols

Last updated