This repository demonstrates two powerful integration patterns between Lit Protocol's Programmable Key Pairs (PKPs) and ERC-7579 modular smart accounts. These patterns enable advanced cross-chain capabilities and signature flexibility for smart contract wallets.
In this pattern, a PKP acts as an executor module within the smart account's modular architecture. This allows the smart account to leverage Lit's decentralized key management for cross-chain operations.
Use Cases:
- Cross-chain asset management without deploying the full wallet on every chain
- Programmable signing logic through Lit Actions
- Conditional execution based on custom rules
Example: examples/pkp-smart-account-module/
This is the pattern proposed in proposal.txt
In this pattern, the smart account owns a PKP that it can control through intent-based authorization. This enables the smart account to sign messages for dApps that don't support EIP-1271 (smart contract signatures).
Use Cases:
- Signing for legacy dApps that only accept EOA signatures
- Cross-chain identity where the PKP represents the smart account
- Intent-based authorization for PKP operations
Example: examples/smart-account-owns-pkp/
Smart Account (ERC-7579)
├── Validators (signature verification)
├── Executors
│ └── PKP Executor Module (Lit Integration)
└── Hooks (pre/post execution logic)
Smart Account (ERC-7579)
├── ECDSA Validator
├── PKP Owner Module (owns PKP NFT)
└── Intent System
└── PKP (controlled via intents)
└── Signs for external dApps
- Node.js 18+
- A funded wallet on Base Sepolia
- ZeroDev API key
- Clone the repository:
git clone <repository-url>
cd SmartAccountModule- Install dependencies:
npm install --legacy-peer-deps- Configure environment variables:
cp .env.example .envEdit .env with your configuration:
ZERODEV_BASE_SEPOLIA_RPC=<your-zerodev-rpc-url>
WALLET_PRIVATE_KEY=<your-wallet-private-key>
LIT_PKP_EXECUTOR_ADDRESS=0x5C3cdbD408282b5f44009dEA215d4A5A1CEfd918
INTENT_VALIDATOR_ADDRESS=0x35B1d5709507259CC689c87d38Fc5768691ba7C0
PKP_OWNER_MODULE_ADDRESS=0x4aC9D1E06068992C70B57F12a78205A1aB5E6a10
- Compile contracts:
npx hardhat compile- Deploy contracts (if needed):
npm run deploy:intentThis example demonstrates adding a PKP as an executor module to a smart account.
npm run example:moduleWhat it does:
- Creates a ZeroDev smart account
- Mints a PKP through Lit Protocol
- Installs the PKP as an executor module
- Executes transactions through the PKP
Flow:
// 1. Mint PKP
const pkpInfo = await litContracts.pkpNftContractUtils.write.mint();
// 2. Install as executor module
await kernelClient.sendTransaction({
to: litPKPExecutorAddress,
data: installCalldata
});
// 3. Execute through PKP
const signature = await litNodeClient.pkpSign({
pubKey: pkpPublicKey,
sessionSigs: pkpSessionSigs,
toSign: operationHash
});This example implements the architecture described in proposal.txt, where a smart account owns and controls a PKP for signing operations.
npm run example:owns-pkpWhat it does:
- Creates a ZeroDev smart account with ECDSA validator
- Mints a PKP that will be owned by the smart account
- Installs the PKP Owner Module to manage ownership
- Creates and signs intents for PKP operations
- Uses the PKP to sign data/transactions after intent verification
- Demonstrates signing for dApps that don't support EIP-1271
Flow:
// 1. Smart account creates intent
const intent = IntentPKPSigner.createSigningIntent(
smartAccount, target, data, nonce, expiry
);
// 2. Smart account signs intent
const intentSignature = await kernelClient.signMessage({
message: { raw: intentHash }
});
// 3. PKP verifies intent and signs
const result = await intentPKPSigner.signWithIntent(
intent, intentSignature, dataToSign, smartAccount, chainId
);ERC-7579 compliant executor module that enables PKP integration:
- Registers PKP ownership per smart account
- Verifies PKP signatures with EIP-191 prefix
- Executes operations after signature validation
- Prevents replay attacks
Module for smart accounts to own and manage PKPs:
- Stores PKP token ID and Ethereum address
- Manages PKP ownership transfers
- Integrates with Lit Protocol contracts
Validates intents from smart accounts using EIP-1271:
- Creates deterministic intent hashes
- Verifies smart account signatures
- Prevents intent replay
- Enforces expiry timestamps
Manages PKP signatures authenticated by smart account intents:
- Creates intent hashes for operations
- Manages Lit Protocol connections
- Executes Lit Actions for verification
- Formats signatures for Ethereum compatibility
Verifies signatures in a decentralized manner:
- Supports EIP-6492 (counterfactual signatures)
- Verifies EIP-1271 smart contract signatures
- Handles kernel account signature formats
- Applies EIP-191 message prefixes correctly
- Intent Creation: Smart account creates an intent specifying what the PKP should sign
- Intent Signing: Smart account signs the intent with its validator (e.g., ECDSA)
- Verification: Lit Action verifies the intent signature via EIP-1271
- PKP Signing: Upon successful verification, PKP signs the requested data
- Usage: Signed data can be used with external dApps/protocols
sequenceDiagram
participant SA as Smart Account
participant PKP as PKP (Lit)
participant LA as Lit Action
participant dApp as External dApp
SA->>SA: Create Intent
SA->>SA: Sign Intent (EIP-1271)
SA->>PKP: Request Signature with Intent
PKP->>LA: Execute Verification
LA->>SA: Verify Intent via EIP-1271
SA-->>LA: Return Magic Value
LA->>PKP: Authorize Signing
PKP->>PKP: Sign Data
PKP-->>SA: Return Signature
SA->>dApp: Use PKP Signature
- Deploy smart account on one chain, operate on multiple chains via PKP
- No need for deployment on every chain
- Reduced gas costs and complexity
- Universal address across all EVM chains
- Support for dApps that don't recognize smart contract signatures
- Programmable signing conditions through Lit Actions
- Intent-based authorization for enhanced security
- Compatible with both EOA and smart contract verification
- Clean separation of concerns
- Easy to add/remove capabilities
- Compatible with ERC-7579 ecosystem
- Upgradeable and extensible
- EIP-1271: Smart Contract Signature Validation
- EIP-191: Signed Data Standard (Ethereum Signed Message)
- EIP-6492: Universal Signature Validator
- EIP-712: Typed Data Signing
- EIP-7579: Minimal Modular Smart Accounts
The system handles different signature formats:
-
Kernel Smart Account Signatures
- Prefixed with mode byte (e.g.,
0x01) - Requires EIP-191 message prefix for verification
- Validated through kernel's internal validator system
- Prefixed with mode byte (e.g.,
-
Intent Verification
- Smart account signs intent hash
- Lit Action verifies via EIP-1271 call
- Applies proper message formatting
-
PKP Signing
- Uses threshold cryptography
- Produces standard ECDSA signatures
- Compatible with any Ethereum verification
- Always verify intent signatures before PKP operations
- Use expiry timestamps to prevent replay attacks
- Implement proper nonce management
- Store used intents to prevent reuse
- PKPs use threshold cryptography (no single point of failure)
- Session signatures have time limits
- Authorization tied to specific smart accounts
- Lit Actions run in secure, decentralized environment
- Reentrancy protection on all external calls
- Access control for module installation/removal
- Signature verification before any execution
- Chain ID validation to prevent cross-chain replay
-
Signature Verification Fails
EIP-1271 returned: 0xffffffff- Solution: Ensure the smart account signs with EIP-191 prefix
- Check that the validator is properly installed
- Verify chain ID matches
-
PKP Not Signing
Error: Unauthorized PKP- Solution: Confirm PKP ownership is properly set
- Check Lit Network connectivity
- Ensure session signatures are valid
-
Module Installation Fails
Error: Module already installed- Solution: Check if module is already installed
- Verify module addresses in
.env - Ensure sufficient gas for transaction
npm run build# Test PKP module integration
npm run example:module
# Test smart account owning PKP (proposal implementation)
npm run example:owns-pkp├── contracts/
│ ├── LitPKPExecutor.sol # PKP executor module
│ ├── PKPOwnerModule.sol # PKP ownership management
│ └── IntentValidator.sol # Intent validation
├── src/
│ ├── intent-pkp-signer.ts # Intent-based PKP signing
│ └── lit-actions/
│ └── eip6492-verifier.ts # Signature verification
├── examples/
│ ├── pkp-smart-account-module/ # PKP as executor
│ └── smart-account-owns-pkp/ # Smart account owns PKP
├── scripts/
│ └── deploy-intent-contracts.ts # Deployment scripts
└── proposal.txt # Original proposal
- Multi-chain transaction batching
- Advanced Lit Actions for complex conditions
- Gas optimization with signature aggregation
- Integration with more wallet providers
- Cross-chain state synchronization
- Decentralized intent pools
- Social recovery mechanisms
- Automated security monitoring
Contributions are welcome! Please ensure:
- Code follows existing patterns
- Examples are well-documented
- Tests pass before submitting PRs
- Security considerations are addressed
ISC
- Lit Protocol Team: For PKP infrastructure and support
- ZeroDev Team: For ERC-7579 implementation
- Kernel Team: For modular smart account architecture
- Community: For feedback and contributions
- Lit Protocol Documentation
- ZeroDev Documentation
- ERC-7579 Specification
- Kernel Smart Account
- Proposal Document
This implementation demonstrates the future of smart account interactions: modular, cross-chain, and user-controlled through programmable key pairs.