Session keys are restricted, purpose-specific keys generated by a user and delegated to a third party. Authorized third parties with these keys can execute transactions on the user’s behalf within defined limits. Rhinestone’s Smart Sessions is a comprehensive session key system that supports interoperable session keys across various account types, including all supported smart accounts and Smart EOAs. It is multichain-compatible, aligning with our chain abstraction infrastructure, and highly composable, allowing developers to create custom policies and actions tailored to specific needs.

Overview

Smart Sessions, built on the ERC-7579 standard, is a modular framework for enabling granular, programmable permissions for smart accounts and smart EOAs. Introduced as part of the evolving Ethereum account abstraction ecosystem, Smart Sessions allows users to create session keys—scoped keys that delegate specific actions to dApps or third parties without compromising full account control. These keys are defined by policies that specify valid signers, allowed actions, time limits, and other constraints, enhancing security and usability in Web3 interactions.

Key Benefits

  • Granular Control: Session keys enable fine-tuned permissions, such as limiting a dApp to specific functions (e.g., token transfers up to a certain amount) or restricting actions to a predefined time window.
  • Enhanced Security: By isolating permissions to temporary session keys, users reduce the risk of unauthorized access, as these keys cannot execute actions beyond their defined scope.
  • Improved User Experience: Users can pre-approve repetitive actions (e.g., recurring payments) with a single signature, eliminating the need for multiple confirmations.
  • Gas Efficiency: Session keys leverage smart account logic to batch or optimize transactions, reducing gas costs compared to traditional EOA interactions.
  • Interoperability: Built on ERC-7579, Smart Sessions is compatible with modular smart accounts and Smart EOAs, ensuring broad wallet and dApp adoption.

Use Cases

  • dApp Interaction: A user grants a dApp a session key to perform specific actions, like swapping tokens on a DEX up to a $100 limit within 24 hours, without exposing full account access.
  • AI Agents: A user can grant limited access to an AI bot that will execute transactions within predefined boundaries on behalf of the user.
  • Recurring Payments: Session keys can automate subscription payments or payroll by allowing a smart contract to withdraw a fixed amount periodically, revocable at any time.
  • Gaming: In Web3 games, session keys can permit in-game actions (e.g., trading NFTs) without requiring wallet signatures for each move, streamlining gameplay
  • Delegated Access: Users can delegate limited account actions to a trusted third party, such as a family member or a bot, for tasks like staking or voting in governance.
  • Onboarding New Users: Session keys enable gasless or simplified onboarding by allowing sponsors to cover fees or pre-approve actions for new wallets, reducing friction.