Smart Sessions
What if your dapp could execute transactions on behalf of users, without requiring them to sign every time? Let's explore how Smart Sessions enable automated trading while maintaining security and user sovereignty.
The Concept
Smart Sessions allow dapps to execute transactions on behalf of users within strictly defined boundaries. Think of it like giving your broker limited trading permissions - they can execute trades for you, but only within the parameters you've set.
Smart Sessions are blockchain-native JWTs. While JWTs let users stay logged into web apps, Smart Sessions let dapps execute transactions on users' behalf - but with stronger security guarantees:
| Web2 (JWTs) | Web3 (Smart Sessions) |
|---|---|
| Stored in databases | Validated on-chain |
| Server controls permissions | User defines exact limits |
| Can be compromised if server is hacked | Enforced by blockchain |
| Basic role-based access | Function & parameter-level control |
For example:
// Web2: Basic role-based permissions
{
"role": "trader",
"permissions": ["execute_trades"]
}
// Web3: Granular, trustless control
{
sessionRequestedInfo: [{
actionPoliciesInfo: [{
contractAddress: POOL_ADDRESS,
functionSelector: "trade",
rules: [{
condition: "LESS_THAN",
offsetIndex: 1,
ref: parseEther("1.0") // max 1 ETH per trade
}]
}]
}]
}Unlike traditional trading bots, you never give up control of your keys. Instead, you grant specific, limited permissions that are enforced by the blockchain itself. Set spend limits, timeouts, and contract restrictions - then let your strategy run automatically.
What Makes This Different?
- True Self-Custody: Your keys stay yours - we just automate within your rules
- Gas-Free Experience: All gas fees are covered by our Paymaster
- Seamless Approvals: No separate approval transactions needed
- Developer Friendly: Complex AA features with clean, simple code
How Sessions Work with AbstractJS
- Session Creation
// Create a session with specific permissions
const session = await client.grantPermission({
sessionRequestedInfo: [{
sessionPublicKey: sessionKey,
actionPoliciesInfo: [{
contractAddress: POOL_ADDRESS,
functionSelector: "0x...", // trade function
rules: [/* trading parameters */]
}]
}]
})-
Permission Boundaries
- Whitelist specific contract addresses
- Allow only certain functions (e.g., trading)
- Set maximum transaction amounts
- Define time-based constraints
- Automated Execution
// Execute trades using session permissions
const userOpHash = await sessionClient.usePermission({
calls: [{
to: POOL_ADDRESS,
data: encodeFunctionData({
abi: POOL_ABI,
functionName: "trade",
args: [/* trade parameters */]
})
}]
})Security First
Sessions are designed with security as the primary concern:
- Time-Bound: Sessions automatically expire after 24 hours
- Limited Scope: Each permission grant is strictly bounded to specific actions
- User Control: Sessions can be revoked at any time
- On-Chain Verification: All permissions and rules are verified on-chain
Technical Implementation
Key Components
-
Session Management
- Single dapp session key pattern
- Universal action policy for trade validation
- Time-based session expiry
-
Trading Logic
- EMA-based trend detection
- Automated buy/sell execution
- Position size management
-
Gas Optimization
- Gasless transactions via Biconomy Paymaster
- Batched permission updates
- Efficient session validation
Try It Out
- Connect your wallet
- Grant trading permissions
- Watch the automated trading in action
- Revoke permissions any time
For implementation details, check out the complete source code or visit our Smart Sessions documentation.
Next: We'll explore combining Smart Sessions with cross-chain messaging for multi-chain automated trading strategies.