Secure & Certified: Audit is Completed
We are proud to share that the first security audit of the Clave Account Infrastructure has been completed through Cantina without any critical risks, and it’s now open-sourced!
After presenting the account infrastructure for early testers during the Devconnect with zkBazaar and zkCafe, we are ready to go mainnet with a battle-tested and audited smart contract stack.
Let’s dive into the details and updates!
Clave Account Infrastructure
Our product empowers the native account abstraction model of zkSync to achieve the most secure account model with the best user experience practices, revealing an upgradable and modular account architecture with smart contracts on zkSync Era.
offers a self-custodial wallet infrastructure that ensures that your funds are accessible only to you, so you do not need to trust centralized exchanges or any custodial service providers.
presents various recovery mechanisms by eliminating seed phrases, hence you can always access your wallet via the cloud or your guardians without having to store any keys.
connects you with zkSync’s native paymaster flow via our paymasters, so you can pay fees with any ERC-20s like stable coins or be sponsored by Clave or any dApp to subsidize your gas fees.
extends range to various cryptographic key primitives, in this way, you can use the keys of your different devices to directly manage their accounts for instance hardware elements, browsers, and mobile devices.
allows you to send batch transactions and execute multiple operations together.
account contracts can be upgraded to newer, safer, and more advanced versions or their feature set can be enriched by adding new account modules.
accounts don’t differ from EOAs in zkSync and don’t require any other third parties to run, you can keep using frictionless with every other tool on zkSync.
hooks can improve transaction validation or execution with new features such as new authentications like 2FAs or configurations like spending limits.
modules empower wallets and enhance the feature sets by extending the accounts like different recovery options (https://blog.getclave.io/p/recovery-for-everyone-cloud-and-guardians)
We believe that powering open-source tools improves products and ecosystems through collaboration. So, our smart contract stack is now open-sourced with GPL-3.0 (GNU GENERAL PUBLIC LICENSE) and ready to use.
The audited zkSync version and experimental ERC-4337 supporting version can be reviewed here.
Although the main version of Clave accounts is customized for zkSync, we are also working on an experimental version compatible with ERC-4337 and all other EVMs in our stack. Thus, we will make our improvements and features accessible at every point. The ongoing work can be followed by this repository:
We continue our unwavering commitment to prioritizing user security through our partnership with Cantina. Understanding the critical importance of robust smart contract security in the blockchain space, we engaged Cantina's expertise to connect leading security researchers and complete our audits. In light of this partnership, we have completed our smart contract security audit without any critical risks. All other risks at lower levels were also eliminated with the secondary fix review. The audit report can be reviewed here.
Our contracts were inspired by many valuable sources in the ecosystem, primarily:
Let’s get connected: