Expand description
Account keychain precompile for managing session keys and spending limits.
Each account can authorize secondary keys (session keys) with per-token spending caps, signature type constraints, and expiry. The main key (address zero) retains full control and is the only key allowed to authorize, revoke, or update other keys.
Modules§
- IAccount
Keychain - Account Keychain interface for managing authorized keys
- __
packing_ authorized_ key - __
packing_ key_ scope - __
packing_ selector_ scope - __
packing_ spending_ limit_ state - __
packing_ target_ scope - dispatch
- ABI dispatch for the
AccountKeychainprecompile. - slots
Structs§
- Account
Keychain - Authorized
Key - Key information stored in the precompile
- Authorized
KeyHandler - Type-safe handler for accessing
#struct_namein storage. - Call
Scope - Per-target call scope.
- KeyInfo
- Key information structure
- KeyRestrictions
- Optional access-key restrictions configured at authorization time.
- KeyScope
- Key-level call scope.
- KeyScope
Handler - Type-safe handler for accessing
#struct_namein storage. - Selector
Rule - Selector-level recipient rule.
- Selector
Scope - Selector-level scope for one selector under one target.
- Selector
Scope Handler - Type-safe handler for accessing
#struct_namein storage. - Spending
Limit State - Per-token spending limit state.
- Spending
Limit State Handler - Type-safe handler for accessing
#struct_namein storage. - Target
Scope - Target-level scope for one target under one account key.
- Target
Scope Handler - Type-safe handler for accessing
#struct_namein storage. - Token
Limit - Token spending limit structure
- authorize
KeyCall - Authorize a new key for the caller’s account with T3 extensions.
@param keyId The key identifier (address derived from public key)
@param signatureType 0: secp256k1, 1: P256, 2: WebAuthn
@param config Access-key expiry and optional limits / call restrictions
Function with signature
authorizeKey(address,uint8,(uint64,bool,(address,uint256,uint64)[],bool,(address,(bytes4,address[])[])[]))and selector0x980a6025. - getAllowed
Calls Call - Returns whether an account key is call-scoped and, if so, the configured call scopes.
@dev
isScoped = falsemeans unrestricted.isScoped = true && scopes.length == 0means scoped deny-all. @dev Missing, revoked, or expired access keys also return scoped deny-all so callers do not observe stale persisted scope state. Function with signaturegetAllowedCalls(address,address)and selector0x0163e7ec. - getAllowed
Calls Return - Returns whether an account key is call-scoped and, if so, the configured call scopes.
@dev
isScoped = falsemeans unrestricted.isScoped = true && scopes.length == 0means scoped deny-all. @dev Missing, revoked, or expired access keys also return scoped deny-all so callers do not observe stale persisted scope state. Container type for the return parameters of thegetAllowedCalls(address,address)function. - getKey
Call - Get key information
@param account The account address
@param publicKey The public key
@return Key information
Function with signature
getKey(address,address)and selector0xbc298553. - getRemaining
Limit Call - Get remaining spending limit using the legacy pre-T3 return shape.
@param account The account address
@param publicKey The public key
@param token The token address
Function with signature
getRemainingLimit(address,address,address)and selector0x63b4290d. - getRemaining
Limit Return - Get remaining spending limit together with the active period end.
@param account The account address
@param publicKey The public key
@param token The token address
@return remaining Remaining spending amount
@return periodEnd Period end timestamp for periodic limits (0 for one-time)
Container type for the return parameters of the
getRemainingLimitWithPeriod(address,address,address)function. - getRemaining
Limit With Period Call - Get remaining spending limit together with the active period end.
@param account The account address
@param publicKey The public key
@param token The token address
@return remaining Remaining spending amount
@return periodEnd Period end timestamp for periodic limits (0 for one-time)
Function with signature
getRemainingLimitWithPeriod(address,address,address)and selector0xa7f72cab. - getTransaction
KeyCall - Get the key used in the current transaction
@return The keyId used in the current transaction
Function with signature
getTransactionKey()and selector0xb07fbc1a. - remove
Allowed Calls Call - Remove any configured call scope for a key+target pair.
Function with signature
removeAllowedCalls(address,address)and selector0xf3941811. - revoke
KeyCall - Revoke an authorized key
@param publicKey The public key to revoke
Function with signature
revokeKey(address)and selector0x5ae7ab32. - setAllowed
Calls Call - Set or replace allowed calls for one or more key+target pairs.
@dev Reverts if
scopesis empty; useremoveAllowedCallsto delete target scopes. @devscope.selectorRules = []does NOT block the target; it allows any selector on that target. @dev To block the target entirely, callremoveAllowedCalls. To block one selector, omit that selector rule fromscope.selectorRules. Function with signaturesetAllowedCalls(address,(address,(bytes4,address[])[])[])and selector0xf5456703. - update
Spending Limit Call - Update spending limit for a key-token pair
@param publicKey The public key
@param token The token address
@param newLimit The new spending limit
Function with signature
updateSpendingLimit(address,address,uint256)and selector0xcbbb4480.
Enums§
Constants§
- TIP20_
APPROVE_ 🔒SELECTOR - TIP20_
TRANSFER_ 🔒SELECTOR - Allowed TIP-20 selectors for recipient-constrained rules.
- TIP20_
TRANSFER_ 🔒WITH_ MEMO_ SELECTOR