Skip to main content

Non-custodial Design

n0ir is fully non-custodial. Your wallet (EOA) always owns the funds, the agent only acts with limited, revocable permissions.

Control Model

RoleDescriptionPermissions
SUDO Validator (User’s EOA)Your wallet (MetaMask, Rainbow, etc.). Full control over the smart account.Can withdraw, revoke, or execute any operation anytime.
REGULAR Validator (Agent)Session key controlled by backend.Limited to whitelisted vault, bridge, and withdrawal functions.
You can revoke the agent anytime or withdraw directly from your smart account.

Smart Account Structure (ZeroDev Kernel v3.2)

Each user deploys a smart account with two validators: 
Smart Account (Kernel)
├─ 🔑 SUDO Validator → User EOA (root owner)
│   • Full control
│   • Can revoke agent
│   • Can withdraw anytime
└─ 🤖 REGULAR Validator → Agent session key
    • Limited permissions
    • 30-day expiry
    • Whitelisted functions only

Agent Permissions

Allowed Operations

  1. Vault Deposits / Withdrawals (ERC4626) → Only to 17 approved vaults.
  2. USDC Approvals → For whitelisted vaults, CCTP, or Euler Vault Connector.
  3. CCTP Bridge → USDC only, Base ↔ Arbitrum, to user’s smart account.
  4. Euler Vault Ops → Through whitelisted EVC contracts.
  5. USDC Transfers → Only to the user’s EOA (for withdrawals).

Forbidden Operations

  • Withdraw to arbitrary addresses
  • Approve or call non-whitelisted contracts
  • Transfer NFTs or other tokens
  • Modify ownership or validators

Security Model

Backend compromise = no fund loss. Even if the agent key leaks, it can:
  • Move funds only between whitelisted vaults
  • Bridge USDC only to the user’s smart account
  • Withdraw only to user’s EOA

Recovery Scenarios

ScenarioUser Action
Agent malfunctionUse Emergency Withdraw → funds sent to EOA
Backend offlineInteract with vaults directly via your EOA
Frontend offlineRevoke session key on-chain or wait expiry
Everything offlineUse Etherscan/Web3 tools to redeem manually
Your EOA is always the root validator — full recovery guaranteed.

Technical Overview

  • ZeroDev Kernel v3.2 – modular ERC-4337 smart account
  • Permission Validator – whitelisted calls
  • Paymaster Support – gas-sponsored transactions
  • Multi-Chain Addressing – deterministic smart account across Base and Arbitrum
Data stored by backend: 
{
  "agentSessionPrivateKey": "...",  // backend key
  "sessionKeyApproval": "...",       // permission proof
  "smartAccountAddress": "..."
}
No user private key or seed phrase is ever stored.

Summary

  • User EOA = Root Owner
  • Agent = Function-limited session key
  • Revocable anytime
  • Direct withdrawal possible
  • Backend compromise ≠ fund loss
n0ir combines automated yield optimization with true self-custody. Your keys, your crypto. Always.