Engineering · Universal Login

Universal Login on AERE, multi-key wallets, recovery, gasless onboarding

Tier 1.15 shipped passkey wallets, tap your fingerprint, get an AERE wallet. The audit that followed flagged two SEV-1 gaps: no recovery (lose your phone + iCloud, lose your funds) and no ERC-4337 compatibility (standard bundlers can't sponsor AERE wallets). Today we closed both.

What's new: AerePasskeyAccountV2 with MultiOwnable (multiple keys per account, passkey + EOA + add/remove freely), real ERC-4337 validateUserOp shim, EIP-1271 isValidSignature for DeFi integrations, and a Foundation-funded relayer at aere.network/relay that submits transactions on behalf of users who don't hold AERE yet.

What's deployed

ComponentAddress on chain 2800
AereEntryPointV20x8D6f40598d552fF0Cb358b6012cF4227B86aF770
AerePasskeyAccountFactoryV20x5FFa9a6487DA4641a1A1e7900ff2bD4525D34fdA
Account init code hash0x59b39b48…1dc1
Foundation relayer (HTTP endpoint)https://aere.network/relay/
Relayer EOA0x0c8e643510Ee21f72de501FE27F8882C517cdA38

End-to-end test transcript

Every code path was verified on chain 2800. Account 0x2e0757962e72C3e25f7f287907fC9687CE9D956b:

TestTx hashGas
Deploy multi-owner account (1 passkey + 1 EOA)0xae18…293a1,991,894
Execute via passkey (owner idx 0)0xae18…293a130,816
Execute via EOA (owner idx 1)0x2322…ea6953,592
EIP-1271 isValidSignature → 0x1626ba7eview call,
Recovery: passkey adds second passkey via self-call0xc349…ac2a,
Execute via newly-added passkey (owner idx 2)0xf2d8…8b88113,716

How recovery works

Every owner-management op (addOwnerPublicKey, addOwnerAddress, removeOwnerAtIndex) is gated by onlyOwner which requires msg.sender == address(this). To add an owner, you call account.executeWithPasskey(sig, address(this), 0, addOwnerCalldata), your existing signer authorizes a self-call that adds a new key.

Result: if you have a YubiKey paired with your Touch ID, lose both, but kept an old MetaMask EOA as a third owner, you sign with that EOA and add a fresh passkey from your new phone. Funds preserved.

Why the relayer matters

New users don't have AERE. Without a relayer, they can't deploy their own wallet or send their first transaction. With the Foundation-funded relayer at https://aere.network/relay/:

  1. User taps Face ID → browser creates passkey, computes counterfactual address
  2. Browser POSTs (initialOwners, salt) to /relay/createAccount
  3. Relayer EOA submits factory.createAccount(...) + pays gas (~2M gas, ~0 AERE because min-gas-price=0)
  4. Account is live on chain, ready to receive funds
  5. User signs a transaction with their passkey, browser POSTs to /relay/execute
  6. Relayer submits, transaction lands

The relayer NEVER sees the user's private key. The smart account validates every signature itself, the relayer is just a gas-payer. Compromising the relayer doesn't compromise any user funds; it just halts gasless submission until a new relayer is stood up.

Phase 1 honest limits

What's next

Tier 1.17, bring external users in. Cross-chain swap UI at bridge.aere.network: swap USDT on Ethereum to AERE on chain 2800 in one click, fund a passkey wallet you created via Touch ID, send your first AERE transaction without any prior interaction with the AERE ecosystem. The pieces are all live; the UX wrapper is the work.

→ Try wallet.aere.network   ← Back to all posts