Architecture

The protocol design is in its early stages and may undergo significant changes as it develops.

The protocol is crafted to maximize decentralization and operates without permission. It can be split in two primary components:

• An ERC4337-compatible wallet

• An oracle

ERC4337 wallet

When a user sets up their automation strategies, a smart wallet is automatically deployed behind the scenes. This wallet uses Bastion's SDK to ensure compatibility with ERC4337 standards. Additionally, it includes functions specific to the user's requirements, which dictate what actions the protocol can perform on their behalf.

The protocol is safeguarded using call policies, restricting it from executing arbitrary actions. Further details about call policies in an ERC4337 wallet can be explored here.

The protocol is designed with strict limitations to enhance security; it cannot transfer tokens or liquidate DeFi positions from a user's wallet. Only the master key, which is the user's externally owned account (EOA), has the authority to perform these actions.

Oracle

To activate functions based on predefined conditions, whether originating from on-chain or off-chain sources, an external service is required. This role is fulfilled by Otomato's oracle.

Example for a simple use case

In this scenario, the protocol is specifically authorized to perform only the following three calls:

• Withdraw USDC from AAVE

• Deposit ETH on AAVE

• Swap USDC to ETH on Uniswap