Understanding Automations

  • Updated on May 20, 2025
  • Published on May 20, 2025
  • 2 minute(s) read
  • John Rising
 Prev Next

How do automations work?

When you create an automation, a few things happen:

1. A Trusted Execution Environment creates a key

A Trusted Execution Environment (TEE) hosted in an AWS Nitro Enclave creates an encrypted and cryptographically verifiable signer. The TEE has strict policies defining exactly what transactions it can sign. These policies include specific token contracts, recipient addresses, maximum amounts, and any other allowed operations.

The policies are enforced by the AWS Nitro Enclave hardware, not just by software that could be compromised. The TEE will refuse to sign any transaction that doesn't match the predefined policies.

2. The new key is added to the smart contract

After the key is created inside the TEE, the TEE uses it to sign the policies and returns the encrypted key and policy signature. The user is then asked to sign a transaction that adds the TEE’s key to the user’s smart contract wallet. Only wallet admins can add signers, so only wallet admins can create automations.

3. Stackup monitors the blockchain

Stackup’s servers monitor the blockchain, looking for the automation’s trigger. When Stackup finds a trigger, it requests a signature from the TEE by sending a draft transaction.

4. The TEE signs the transaction

Before signing, the TEE verifies that the transaction matches exactly what was authorized in the policy. Any deviation results in rejection.

When signing the transaction, the TEE returns cryptographic proof (attestation) that it’s running the correct, unmodified code. This ensures that the signing logic hasn’t been tampered with.

5. The transaction is executed onchain

Stackup confirms the attestation, then sends a transaction to the blockchain with the signed transaction.

How are automations secured?

No one, even Stackup, can fake a valid request to approve an automation.

  • TEE signers can only perform actions explicitly authorized in their policies

  • No one can modify these policies once set

  • Any attempted transaction outside policy bounds is automatically rejected by the TEE hardware

  • The signing process happens in isolated memory that's inaccessible to the operating system

  • The private keys never leave the TEE

Learn more about TEEs here

What about when an automation is created?

When an automation is created, the user signs a transaction that adds the TEE’s signer to their wallet. A bad actor could inject a malicious transaction, giving them control of the wallet.

This concern is the same as any admin transaction. We have a number of mitigations in place to reduce the risk of someone approving malicious transaction data, but ultimately your admins have custody of your funds. All admins should be trusted members of your organization with cybersecurity awareness training.

What if Stackup’s servers go down?

If Stackup’s servers are down, no transaction will be created. If a trigger’s conditions are still met when Stackup’s servers come back online, the transaction will be created.

Critical

Do not rely on Stackup’s automations for time sensitive or safety-critical applications. We do our best to keep all of our services highly reliable and performant, but cannot guarantee precise timing.

Does this make Stackup a custodian of my wallet?

No. Only specific transactions that you’ve predefined can ever be executed. No one, including Stackup, can move your wallet’s funds because:

  1. You create the TEE

  2. The TEE has narrowly-defined permissions set by you

  3. These permissions are enforced at the hardware level

  4. Transaction parameters must exactly match predefined policies

  5. The TEE’s private key is never accessible outside the TEE

Related articles