Signature Verticals

Vertical 1 — Wallet-as-Bot

6 min read

What it is

Non-custodial automation. You sign a session policy with your own wallet via EIP-712 typed data. The policy declares hard caps ($100k/trade, $1M/session, 30-day max) and a forbidden-operations floor that even a malicious frontend cannot raise. Every trade still requires your wallet's signature in v1; v2 will add Permit2/ERC-4337 session keys for one-tap delegation inside the same caps.

How to think about it

Competitors either custody your funds (3Commas, Pionex, Bitsgap) or rely on long-lived API keys with withdrawal rights. Wallet-as-Bot is the third option: you keep custody and you control the cap table the bot can ever exceed — by signing it. Read the floor at any time without an account: GET /api/wallet-sessions/policy.

Step-by-step

  1. Open Trade → Wallet Sessions

    Connect your wallet (RainbowKit/MetaMask). Click "New Session".

  2. Configure caps

    Pick chain, allowed actions (swap / limit_order / rebalance), per-trade cap ($), session-total cap ($), and session expiry (max 30 days).

  3. Sign the policy

    Your wallet shows the EIP-712 typed data with all caps + forbidden ops. Reject if anything looks off; the frontend cannot raise these caps after you sign.

  4. Approve trades inside the session

    When a bot proposes a trade, it shows up in your wallet for individual approval. The session enforces caps server-side at /api/wallet-sessions/{id}/check-trade.

  5. Revoke any time

    Click Revoke on the session card. Effective immediately — no further trades can be staged against that session.

Tips & pitfalls

  • The forbidden-operations floor is hardcoded in walletSessionEngine.js — even the platform admin cannot remove setApprovalForAll, transferFrom, permit2_unlimited, etc.
  • Read your policy live with curl: curl https://api.haythix.com/api/wallet-sessions/policy
  • For very-high-value automation, rotate sessions weekly. Lower the cap, narrow the action set.