search

Smart Account Security

Audited contracts, open standards, transparent architecture.

hashtag
Contract Audits

QR Wallet uses Alchemy LightAccount — a wallet smart contract that has undergone multiple audits:

  • Open source

  • Deployed on all supported EVM networks

  • Used by thousands of applications

We do not use custom smart contracts for the wallet. LightAccount is a proven and audited solution from Alchemy.

hashtag
ERC-4337 Standard

Smart Account operates on the open ERC-4337 standard, which:

  • Is accepted by the Ethereum community

  • Is implemented by multiple independent teams

  • Does not depend on any specific provider

Key contracts of the standard:

Contract
Role

EntryPoint

Router — accepts and executes UserOperations

LightAccount

Wallet — holds funds and executes calls

Paymaster

Sponsor — pays gas on behalf of the user

All contracts are public and verified on blockchain explorers.

hashtag
Ownership Model

  • Only your EOA can sign Smart Account transactions

  • Smart Account verifies the signature at the smart contract level

  • Without a valid signature — the transaction is rejected by the blockchain

hashtag
Attack Protection

Threat
Protection

Device theft

Biometrics + Secure Storage

Fake transaction

Signature verified on-chain

Server compromise

Keys only on device

Malicious DApp

Explicit confirmation for every TX

Replay attack

Nonce and chainId in UserOperation

hashtag
What We Do NOT Store

  • ❌ User private keys

  • ❌ Mnemonic phrases

  • ❌ Biometric data

  • ❌ Passwords

We only store public information: wallet addresses, transaction history, profile settings.

hashtag
Transparency

  • ERC-4337 standard is open and documented

  • LightAccount contracts are open source

  • EntryPoint is verified on Etherscan

  • Anyone can inspect the contract code on block explorers

PreviousLock, Logout & DeleteNextArchitecture

Last updated

Was this helpful?