Smart accounts represent the next evolution in blockchain wallet technology, moving beyond traditional private key wallets to offer enhanced security, flexibility, and functionality. If you're managing crypto operations for your business, understanding smart accounts is essential to streamlining your workflows and improving security.
This guide explains what smart accounts are, how they work with the ERC-4337 standard, and how they can transform your team's onchain operations.
What are smart accounts?
Traditional crypto wallets require you to manage private keys—long strings of characters that grant complete access to your funds. Lose the key, lose your assets. Enter a wrong address, your money vanishes forever. Make one security mistake, and your entire treasury is compromised.
Stackup's smart accounts work differently. Instead of relying on private keys, our accounts use smart contracts—code that runs on the blockchain—to manage your assets. This fundamental shift enables business-critical features that hardware wallets can't provide: team permissions, approval workflows, spend limits, and automated transactions.
Think of traditional wallets like carrying cash—whoever holds it can spend it. Smart accounts are like a modern banking system, where different people have different levels of access, transactions require proper approvals, and security doesn't depend on a single point of failure.
What is ERC-4337?
ERC-4337 is an Ethereum standard for smart accounts. It is primarily created by the Ethereum Foundation’s account abstraction team and has been audited multiple times.
Stackup helped develop the ERC-4337 standard and was the primary providers of ERC-4337 infrastructure to Coinbase Wallet and Trust Wallet before creating our business wallet platform.
Learn more about ERC-4337 here.
How Stackup’s smart accounts work
At the core of our system is the SimpleTeamAccount contract. This smart contract:
Manages signers with different access levels (Owner, Member, Outsider)
Handles different authentication methods (WebAuthn and ECDSA)
Implements validation logic for different types of transactions
Executes operations after proper validation
Each Stackup account is deployed as a separate instance of this contract, giving you complete ownership and control over your assets.
The SimpleTeamAccount contract is forked directly from the Ethereum Foundation’s SimpleAccount contract.
Security-First Design
Security is paramount in our implementation, with multiple layers of protection:
Multi-Level Access Control
The SimpleTeamAccount implements two access levels:
Owner: Full control over the account, including adding/removing signers
Member: Limited access according to permissions established by Owners
Outsiders have no access to perform transactions. This ensures that even if someone's credentials are compromised, their access is limited to their specific permissions. For more information about permissions, read Setting up Roles.
WebAuthn Authentication
For maximum security, we support WebAuthn—the modern authentication standard used by major tech companies. This allows you to use your device's secure enclave (like Apple's Secure Element) to generate and store cryptographic keys, protected by your biometrics.
Two-Factor Verification for Members
For member-level transactions, we implement an additional security layer. These transactions require:
Authentication from the Member
Verification from a designated verifier (typically Stackup’s policy manager or a server controlled by your organization)
This creates a true two-factor authentication system that protects against compromised credentials.
Immutable Implementation
Our accounts use the proxy pattern to separate the implementation logic from your specific account state. This means:
The core logic cannot be changed, ensuring security guarantees remain intact
Your specific account can still be upgraded by you (and only you) if needed
This architecture provides both security and flexibility.