Fusionist
Behind the Code

Embedded EOA 7702 WebAuthn PRF Smart Wallet

It sounds incredible even when I say it myself, but our Endurance network, a technical clone of Ethereum, has somehow developed self-awareness.

Generally speaking, in the tech world, if Ethereum says something is right, we applaud with both hands. We don’t need to think, because Ethereum has already done the thinking for us. Ethereum is always more correct than we are, because truth comes from practice. With a scale thousands of times larger than ours, a single day of their operation yields more truth than a year of our practice.

In this situation, the best strategy isn’t innovation, but cloning. And it has to be 100% cloning, because a 90% clone will only turn you into a high-maintenance L1 that eventually collapses into an L2—one that might be sustainable in the short term, but in the long run, faces extinction if a single tech provider goes under. (I’m not pointing any fingers at Celo or Ronin).

Copying homework is bliss, and copying it forever is eternal bliss. But in the quiet moments of the night, our brain, which shouldn’t even exist, sometimes experiences phantom pains. We can faintly hear the cries of druids, foxes, and rabbits, along with two large letters, “AA,” looming like something out of Twin Peaks, shrouded in mystery.

Is it possible that we’ve copied… shit? Or that part of it is shit? This is a bitter question. And the answer is obvious: yes, it’s possible.

If I had to rank all the messes in the Ethereum ecosystem, I think “wallets” would come in second.

From the most traditional EOA wallets to multi-sigs, MPC wallets, ERC-4337 wallets (including their passkey variants), and the recent EIP-7702, which attempts to grant “intelligence” to EOAs. Every historical phase has given birth to a batch of famous companies, all claiming to have the best solution. And the most terrifying part is, even though none of these companies seem to make any money, they’re like immortals who just refuse to die. To this day, they are still active in every major wallet discussion group.

So when the love-and-peace-advocating EF tries to answer the question, “How can we improve the wallet UX?”, all they can offer is the same old meaningless talk that goes in circles.

But us? We’re different. We don’t have that historical baggage. To be specific, there’s a river separating us from Ethereum, much like the English Channel separates the UK from Europe. Most of the solutions I mentioned have never been deployed on our network, and naturally, their parent companies have nothing to do with us. The wallet that currently dominates our network is the renowned MetaMask. We thank MetaMask. Even though its product iteration speed feels like it’s being held captive by a group of people terrified of being replaced by more talented new hires, so they only ever hire people weaker than themselves. But they have the most generous UX for adding a custom network. As long as they don’t change that, we will always love and support them.

Within our team, we once had a brief but intense fling with ERC-43371. But I could never wrap my head around why an ERC proposal—a free code template for a bunch of poor Solidity programmers—requires a separate Java or TypeScript server running 24/7 to function correctly. If you need a Java or TypeScript server running 24/7, that job should belong to Besu or Lodestar. And if it does that job, it’s not an ERC-4337, it’s an EIP-4337!

How did a freak of nature like this ERC even get approved? Tell me.

Before our network’s Pectra upgrade this August, I was constantly thinking about how we could leverage EIP-7702 on our plain-vanilla, no-makeup-needed blockchain to make another brave attempt at building a wallet that is “correct, simple, and useful.”

The good news is, during the development of Findex—a perpetuals-like exchange for our game, Fusionist Game2—I think I may have found the answer.

One piece of feedback we received after the first Findex mainnet test was that users wanted take-profit and stop-loss features. Of course, this is a perfectly reasonable and common demand that we should provide, but we didn’t in the first version.

Let me explain why. The reason is simple: we don’t want to waste a ton of manpower on the long-term maintenance of a Solidity contract codebase that is constantly growing in features and lines of code. We just want to go through one expensive and painful audit, and then forget about all this code. Completely and utterly forget it, to the point where even the original source code is nowhere to be found. Just like those system contracts on Ethereum—eternal and reliable.

We don’t think releasing a V2, then a V3 and V4, is a very cool process. That’s not cool. If there’s nothing to do, you can just do nothing. Life is short, and boredom can be a form of enjoyment.

Once you break free from the mental shackles of “I must write every single feature in Solidity,” you’ll find that you’ve already arrived in Rome. The best way to implement all sorts of advanced order/closing strategies is to write a bot service in your favorite programming language. Then, you let users grant this bot service limited, non-custodial control over their wallets, allowing it to operate the core on-chain functions of our exchange to buy and sell while they sleep.

So the question becomes, does a wallet like this exist?

  • It’s your own wallet, and no one knows or stores your private key (passkeys?).
  • But at the same time, you can grant controllable permissions to a specific third party to operate the wallet on your behalf (a contract?).

What is the shortest path to achieving this—the “correct, simple, and useful” path I mentioned earlier?

My answer is: EOA + WebAuthn PRF + EIP-7702 + a single, hand-written .sol file.

Why is it correct?

  • Because the key isn’t even stored anywhere. That’s right, the user’s key is not saved anywhere—not locally, and certainly not on a remote server. Why? Because the key is derived deterministically, guaranteed by the WebAuthn PRF standard. As long as you’re logged into the same account on your device (iCloud/Google Account), the EOA wallet’s private key is derived in memory via PRF only when you open the wallet. The resulting 32 bytes are the 32 bytes of your private key (what a beautiful coincidence!).

Why is it simple?

  • This entire tech stack relies on only two things from the Ethereum ecosystem: EOA wallets and the EIP-7702 protocol. I won’t say much about EOAs; another word from me would just be a waste of your time. And EIP-7702 is a very concise protocol. It does just enough and not too much. It allows an EOA to send a special transaction to make its address point to a specific contract code, and it can send a similar transaction to revoke that designation. That’s it. It’s so simple there’s hardly any room for error.

  • And the remaining tech, WebAuthn PRF? My dear baby, it comes from another world you, the reader, are more familiar with: the Web2 world. From standard revisions to underlying OS API support in Windows/Mac/Android/iOS and implementations in Chromium/Chrome/Safari/Firefox. Not a single company in that entire chain has airdrop expectations or wants to manage your assets. When those folks were drafting this standard, their understanding of “crypto” was limited to “cryptography.” A technology this pure has zero hidden fees.

  • Finally, you’re left with a single .sol file under 200 lines (including newlines and comments). It’s a .sol file so simple that even the free version of ChatGPT-3 could explain it to you.

So, it doesn’t just “look” simple—that’s not hard to achieve. Many wallets make similar claims: “An embeddable wallet with just one line of import!” or “Never worry about forgetting your password again!” This has been overly commercialized.

What’s more important is that it’s also incredibly simple on the inside. Simple inside and out. That, my friend, is a rare gem.

It proves the old saying: If it looks like a duck, swims like a duck, and quacks like a duck, then it probably IS a duck.

Why is it useful?

  • Because by the time you’re reading this article, we’ve already begun integrating this wallet into our Findex website. And Findex isn’t some Proof of Concept website; it runs on our Endurance mainnet and serves all our users. Our user base is split between a group of morally-driven players who agonizingly ask us every day why X product is delayed again, and a group of morally-bankrupt farmers whose greatest pleasure is pushing the rules to their absolute limit in every event. You know what they have in common? They all need a better wallet.

In summary, I believe what I’ve created is a “novel and practical invention.” Its value isn’t in its technical difficulty, but more in the fact that we were the first to “assemble” it this way.

As my research deepened, I kept reminding myself: this technical route is too elegant. There’s no way it was left for us to discover.

So I scoured the internet to see if anyone else was doing or had already done the same thing. The results were interesting. One month ago, a developer in the Polkadot community tried to “promote” one of the key technologies2, WebAuthn PRF. Around the same time, another developer even founded a company and released a simple implementation3.

But looking back, I think I still see a bit further than they do. Because none of them mentioned 7702! EIP-7702 is something that only emerged in the Ethereum ecosystem after May of this year. And precisely because of the ulterior motives of the various wallet companies I mentioned earlier, 7702 rarely gets promoted on the Crypto Twitter timeline. As a result, you wouldn’t think of this layer unless you were paying very close attention to the Ethereum ecosystem.

What I’ve done is like a hacker chaining two 0-day exploits to jailbreak a system. This is just an analogy, of course, because the tech route I’ve assembled is no vulnerability. It won’t be patched; on the contrary, it will become more and more widespread. Time is on my side.

I know that by this point in the article, some readers may still not fully grasp what makes this so special compared to MetaMask or Coinbase Wallet. Fortunately, the purpose of this article isn’t to be a comprehensive guide. The links from my peers I shared above are enough to lead any curious reader down the rabbit hole.

The purpose of this article is more to be indexed in the Internet Archive. To prove that we inadvertently caught a glimpse of the future of Ethereum’s wallet ecosystem. And that this prophecy came from an Ethereum clone chain. It’s truly incredible.

To close out the article, let’s spell out the features of this good thing, one word at a time.

EMBEDDED

EOA

PRF

7702

SMART

WALLET

  1. https://devlog.fusionist.io/posts/op-endurance-has-its-first-aa-wallet-up-wallet/ ↩︎

  2. https://forum.polkadot.network/t/webauthn-passkeys-with-prf-extension-for-stateless-private-keys/14368 ↩︎

  3. https://github.com/Boole-Digital/portkey-client ↩︎
Update: 2025-09-17
Tags:
<< Are We Fast Yet We Built a Simple Tool to Pair with Dora, Aiming to Replace the Current Beacon Explorer >>