Protocol

Multichain & portability

One address everywhere, one signature that can replay actor updates across chains, and a delegation account-change that folds EIP-7702-style code pointing into the 8130 transaction, without a separate authorization_list.

Account types

Three paths into native AA. All share the same Account Configuration contract and authenticator model; they differ in how the account gets code and its first actors.

ConceptMeaning
EOAExisting secp256k1 key via native ecrecover. First AA tx auto-delegates to DEFAULT_ACCOUNT_ADDRESS if code is empty. Override with a delegation entry or a standard EIP-7702 tx.
Existing smart accountAlready-deployed wallet (e.g. ERC-4337) registers actors via importAccount(): a one-time bootstrap authorized by the account’s existing ERC-1271 logic.
New 8130 smart accountCreate entry in account_changes: CREATE2 address from user_salt + code + initial_actors; runtime code placed at the address; calls handle initialization.

CREATE2 uses ACCOUNT_CONFIG_ADDRESS as deployer, so the same salt and actors yield the same counterfactual address on every chain that deploys Account Configuration at that address. Funds can land before the account exists anywhere.

EIP-7819 delegate factory (outlook)

Cross-chain account changes

Config changes are signed state transitions with a chain_id and a sequence counter. Two independent channels live in the packed account-state slot:

ConceptMeaning
multichain_sequenceUsed when chain_id = 0. One signature is valid on every chain that has Account Configuration deployed.
local_sequenceUsed when chain_id equals block.chainid. Chain-local updates; also doubles as the initialized flag (> 0).

One signature, many chains

An admin signs chain_id = 0 once. Relayers (or the wallet) submit the identical payload to each deployment. Each chain checks the signature against its own multichain_sequence, applies authorize/revoke operations, and increments. Nothing bridges or pushes: portability is replayable, not auto-synchronized.

Two application pathstext
// Same signed digest, two transports:

1. account_changes in an 8130 tx   → protocol applies before calls
2. applySignedActorChanges()       → ordinary EVM call (any chain,
                                     including non-8130 / ERC-4337)

Design choices to know

  • No expiry on multichain changes: intentional. A chain_id 0 update stays replayable forever, including on chains that deploy Account Configuration later. Per-chain policies use the local channel (and can expire when applied).
  • Lock is local-only: applySignedLockChanges binds local_sequence only. A locked chain silently rejects config changes while unlocked chains accept the same multichain payload.
  • Sequences assume lockstep: the digest commits to a specific sequence value. Partial relay leaves lagging chains unable to accept a later update until reconciled.
  • Admin only: config changes require scope == 0x00.
Chain-local vs multichain actor configs, and an 8130 transaction that applies create, rotate key, and authorize session key in account_changes before executing calls.
Chain-local actors use a concrete chain id; multichain actors use chain id 0. Just-in-time account changes can ride in the same 8130 tx as the calls that need them.

Delegation account change vs EIP-7702

EIP-7702 added authorization_list as a separate transaction-level field for pointing an EOA at shared implementation code, with ECDSA authority. 8130 folds that into account_changes:

ConceptMeaning
7702 todaySeparate authorization_list on the tx; ECDSA authority; often a second conceptual step beside the user’s action.
8130 delegation entryType 0x02 in account_changes: target address (or address(0) to clear). Authorized by the same sender_auth as the rest of the tx; no separate list.
Delegation entrytext
rlp([
  0x02,    // type: delegation
  target   // address to delegate to, or address(0) to clear
])
  • Sets code = 0xef0100 || target (same indicator as 7702). Allowed only on empty accounts or accounts that already hold a delegation designator; never replaces non-delegation bytecode.
  • Authority is the native secp256k1 self-actor (EOA path or K1_AUTHENTICATOR) with admin scope. That keeps code delegation portable: the same ECDSA authority works via standard 7702 txs on non-8130 chains.
  • First AA tx for a code-less EOA auto-delegates to DEFAULT_ACCOUNT_ADDRESS if no create/delegation entry is present, so EOAs get wallet code without a prior 7702 ritual.
  • 8130 chains MUST support the delegation indicator even when standalone 7702 transactions are not enabled.

What this fixes in practice: install (or clear) code delegation in the same 8130 transaction as actor changes and calls: one sender_auth, no parallel authorization_list ceremony. Non-8130 chains keep using standard 7702 for the same indicator until they adopt 8130. With the EIP-7819 delegate factory, factory-created accounts get that delegation entry for every key type.

Standalone EIP-7702 transactions should also be considered for deprecation alongside 8130 adoption: they are ECDSA-only by construction and therefore not quantum-safe. Prefer the 8130 delegation account change (and, once available, authenticator-agnostic factory delegation) so code pointing rides the same scheme-agile auth path as everything else.

8130 vs non-8130 chains

ConceptMeaning
Account Configuration8130: protocol reads storage for validation. Non-8130: same CREATE2 contract as an ERC-4337-compatible factory.
AuthenticatorsSame contracts everywhere; 8130 path STATICCALLs (or enshrines) them for mempool auth.
Code delegation8130: delegation entry in account_changes. Non-8130: standard EIP-7702 txs.
Multichain configSame signed applySignedActorChanges payload works as ordinary EVM on both.