Tutorial — Security & verification

Build a custody app

Smart accounts on Tenzro install ERC-7579 validator modules: social recovery, session keys, and spending limits. Combined with passkey signing, the user never holds a seed phrase.

Level: Advanced
Time: ~30 min
Prerequisites: Familiarity with ERC-4337
Stack: TypeScript · Solidity

Deploy a smart account

The account factory uses CREATE2 for a deterministic address bound to the user's passkey.

const account = await tz.call("create_smart_account", {
  owner_passkey: passkeyPubKey,
  salt: userId
});

Install social recovery

Guardians signed by Ed25519 + ML-DSA-65 can rotate the owner on N-of-M quorum.

await tz.call("install_validator_module", {
  account: account.address,
  module: "social_recovery",
  config: { guardians: [g1, g2, g3], threshold: 2 }
});

Install a session key

Session keys are scoped to specific contracts, selectors, time windows, and value caps.

await tz.call("install_validator_module", {
  account: account.address,
  module: "session_key",
  config: {
    pubkey, valid_until: ts + 3600,
    allowed_targets: [router], allowed_selectors: ["0x38ed1739"],
    max_value_per_call: "1000"
  }
});

Sign a user op

The bundler bundles the UserOp; every installed module must approve before the EntryPoint accepts it.

await tz.call("send_user_op", { account: account.address, op: userOp });

Open the docs →Browse all tutorials

← All tutorials