Audits

Sail uses audited ERC-7702 smart accounts and scoped session keys, while keeping custom logic offchain to minimize risk.

Sail does not currently deploy bespoke, Sail-owned protocol contracts. Our onchain execution is built on Thirdweb’s ERC-7702 smart account infrastructure and ERC-7702 smart session keys, which have been audited by independent security firms. We rely on these audited, production-grade components and keep Sail’s custom logic offchain (policy, routing, explainability) to minimize onchain attack surface.

What we do today

Use audited primitives for execution User accounts are ERC-7702 smart accounts with scoped session keys, implemented using Thirdweb’s audited codebase.
Review our integration and configuration We run internal security reviews focused on:
- permissions and transaction constraints
- session key scoping and lifecycle
- protocol integration safety checks
Make permissions explicit at signing time When you authorize a session key, Sail shows the exact session key you are approving in the UI, including its scope and permissions, so you can verify what you are granting.

Audit reports (Thirdweb / ERC-7702 components)

PreviousSecurity Agent: Sonar

Last updated 2 months ago

hashtagWhat we do today

hashtagAudit reports (Thirdweb / ERC-7702 components)

What we do today

Audit reports (Thirdweb / ERC-7702 components)