Skip to content

feat: cross-chain CREATE2 smart wallet factory #2451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gakonst wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: cross-chain CREATE2 smart wallet factory #2451

gakonst wants to merge 4 commits into from

Conversation

@gakonst
Copy link
Contributor

@gakonst gakonst commented Feb 5, 2026

Summary

Implements deterministic CREATE2-based address derivation for Tempo smart wallets, ensuring the same passkey produces the same wallet address on all EVM chains.

Problem

Users see their Tempo wallet address 0xfoo and send funds to it on other chains (e.g., Base) where the wallet isn't deployed. With traditional CREATE-based deployment, addresses differ per chain → funds lost forever.

Solution

Use CREATE2 to derive wallet addresses deterministically from passkey public key coordinates:

address = CREATE2(factory, salt, initCode)
salt = keccak256(passkey.x, passkey.y, index)

Key Design Decisions (Oracle-Audited)

Decision Rationale
No proxy pattern Keeps initCode identical across chains (proxies need chain-specific impl addresses)
Atomic deploy+init Factory deploys and initializes in one call to prevent griefing/front-running
Chain params via factory AccountKeychain stored as factory immutable, not caller-supplied
Account index Supports multiple wallets per passkey via index parameter
Multi-key support Accounts can add/remove keys for rotation without changing address

Files

  • tips/ref-impls/src/CrossChainAccountFactory.sol - CREATE2 factory
  • tips/ref-impls/src/CrossChainAccount.sol - Passkey-authenticated smart wallet
  • tips/ref-impls/test/CrossChainAccountFactory.t.sol - 24 tests (all passing)

User Flow

  1. User creates passkey → extract (x, y) public key coords
  2. Client computes counterfactual address via factory.getAddress(x, y)
  3. Address is identical across all EVM chains before any deployment
  4. First tx on any chain deploys wallet via factory
  5. User deposits to Base? Wallet deploys there. Deposits to Ethereum? Same address.

Tests

Ran 24 tests: 24 passed, 0 failed

Migration Path

Existing CREATE-deployed wallets cannot be converted. Recommended UX:

  1. Show new deterministic address as primary deposit address
  2. Offer in-app "Move funds to new address" flow
  3. Keep old wallets functional where deployed

Thread: https://tempoxyz.slack.com/archives/C0A99L9RLHZ/p1770239877682879
cc @georgios @varun @jxom

@gakonst @ampcode-com
feat: cross-chain CREATE2 smart wallet factory
2098213 
Implements deterministic address derivation for Tempo smart wallets,
ensuring the same passkey produces the same wallet address on all EVM chains.

Key design decisions (per Oracle audit):
- No proxy pattern to keep initCode identical across chains
- Atomic deploy+initialize to prevent griefing/front-running
- Chain-specific accountKeychain stored as factory immutable
- Account index support for multiple wallets per passkey
- Multi-key support for rotation without address change

Includes:
- CrossChainAccountFactory: CREATE2 factory for deterministic deployment
- CrossChainAccount: Passkey-authenticated smart wallet
- Comprehensive test suite (24 tests)

Addresses: https://tempoxyz.slack.com/archives/C0A99L9RLHZ/p1770239877682879
Amp-Thread-ID: https://ampcode.com/threads/T-019c2a93-ed22-74de-918f-c74f24bf203e
Co-authored-by: Amp <amp@ampcode.com>
@github-actions
Copy link

github-actions bot commented Feb 5, 2026
edited
Loading

📊 Tempo Precompiles Coverage

precompiles

Coverage: 16376/17309 lines (94.61%)

File details
File Lines Coverage
src/account_keychain/dispatch.rs 36/41 87.80%
src/account_keychain/mod.rs 636/656 96.95%
src/error.rs 78/97 80.41%
src/lib.rs 277/292 94.86%
src/nonce/dispatch.rs 19/23 82.61%
src/nonce/mod.rs 236/247 95.55%
src/stablecoin_dex/dispatch.rs 349/353 98.87%
src/stablecoin_dex/error.rs 51/51 100.00%
src/stablecoin_dex/mod.rs 2674/2768 96.60%
src/stablecoin_dex/order.rs 362/362 100.00%
src/stablecoin_dex/orderbook.rs 621/660 94.09%
src/storage/evm.rs 321/344 93.31%
src/storage/hashmap.rs 118/133 88.72%
src/storage/mod.rs 5/5 100.00%
src/storage/packing.rs 526/552 95.29%
src/storage/thread_local.rs 135/188 71.81%
src/storage/types/array.rs 211/262 80.53%
src/storage/types/bytes_like.rs 323/338 95.56%
src/storage/types/mapping.rs 131/150 87.33%
src/storage/types/mod.rs 61/85 71.76%
src/storage/types/primitives.rs 564/567 99.47%
src/storage/types/slot.rs 282/296 95.27%
src/storage/types/vec.rs 1072/1095 97.90%
src/test_util.rs 194/231 83.98%
src/tip20/dispatch.rs 534/563 94.85%
src/tip20/mod.rs 1338/1405 95.23%
src/tip20/rewards.rs 444/487 91.17%
src/tip20/roles.rs 187/206 90.78%
src/tip20_factory/dispatch.rs 26/29 89.66%
src/tip20_factory/mod.rs 488/500 97.60%
src/tip403_registry/dispatch.rs 406/443 91.65%
src/tip403_registry/mod.rs 1247/1333 93.55%
src/tip_fee_manager/amm.rs 908/939 96.70%
src/tip_fee_manager/dispatch.rs 278/289 96.19%
src/tip_fee_manager/mod.rs 475/493 96.35%
src/validator_config/dispatch.rs 210/221 95.02%
src/validator_config/mod.rs 553/605 91.40%

contracts

Coverage: 164/329 lines (49.85%)

File details
File Lines Coverage
src/lib.rs 1/71 1.41%
src/precompiles/account_keychain.rs 24/30 80.00%
src/precompiles/nonce.rs 9/18 50.00%
src/precompiles/stablecoin_dex.rs 33/48 68.75%
src/precompiles/tip20.rs 46/64 71.88%
src/precompiles/tip20_factory.rs 6/12 50.00%
src/precompiles/tip403_registry.rs 12/15 80.00%
src/precompiles/tip_fee_manager.rs 21/45 46.67%
src/precompiles/validator_config.rs 12/26 46.15%

Total: 16540/17638 lines (93.77%)

📦 Download full HTML report

gakonst and others added 2 commits February 5, 2026 04:23
@gakonst @ampcode-com
refactor: remove Tempo-specific AccountKeychain precompile dependency
d319f2c 
BREAKING CHANGE: CrossChainAccount no longer uses AccountKeychain precompile

## Problem
The AccountKeychain is a Tempo-specific precompile that doesn't exist on
other EVM chains (Ethereum, Base, Arbitrum, etc.). This broke the core
value proposition of cross-chain deterministic addresses.

## Solution
Replaced precompile-based authorization with pure Solidity signature
verification using Solady's battle-tested libraries:

- P256: Raw P-256 ECDSA signature verification
- WebAuthn: Passkey/authenticator signature verification
- ECDSA: Standard secp256k1 signature verification

## Changes
- Remove accountKeychain storage and constructor parameter
- Add KeyType enum (Secp256k1, P256, WebAuthnP256) inspired by ithacaxyz/account
- Add ERC-1271 isValidSignature support
- Add signature-based execute() with EIP-712 typed data
- Add key expiry support
- Update factory to remove chain-specific configuration

## Cross-Chain Compatibility
The contract now works identically on ANY EVM chain without modification.
Signature verification is done entirely in Solidity, no precompiles needed.

Addresses feedback from @horsefacts and @jxom

Ran 30 tests: 30 passed, 0 failed

Amp-Thread-ID: https://ampcode.com/threads/T-019c2b95-3535-76e4-a61a-b60108fb6ad2
Co-authored-by: Amp <amp@ampcode.com>
@gakonst @ampcode-com
style: format Solidity files
1377209 
Amp-Thread-ID: https://ampcode.com/threads/T-019c2c0c-be67-705a-b5be-a950b332e782
Co-authored-by: Amp <amp@ampcode.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@legion2002 legion2002 Awaiting requested review from legion2002 legion2002 is a code owner

@howydev howydev Awaiting requested review from howydev howydev is a code owner

@0xKitsune 0xKitsune Awaiting requested review from 0xKitsune 0xKitsune is a code owner

@danrobinson danrobinson Awaiting requested review from danrobinson danrobinson is a code owner

@dankrad dankrad Awaiting requested review from dankrad dankrad is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gakonst