Security Model

The BankrWallet protocol separates a small deploy helper from the Coinbase Smart Wallet that holds assets. Threat modeling should cover both.

Helper contract (BankrWallet.sol)

• Ownership is caller-bound — Only msg.sender is encoded as the CSW owner. The helper cannot redirect ownership to a third party.
• Minimal surface — One external function (deploy), a nonce mapping, and a factory call. No admin keys, no upgrade hook on the helper.
• ETH forwarding — msg.value is passed into the factory for seeding; the helper does not implement a separate withdrawal path.

Coinbase Smart Wallet (your wallet)

Security of balances and operations follows the Coinbase Smart Wallet design (ERC-4337, multi-owner, passkey or EOA owners). Review their docs for UserOperations, owners, and recovery.

What we do not claim today

• No gasless relayer or EIP-2771 forwarder in this repo
• No soul-bound NFT credential contract
• No module system (escrow, swap router) in the helper
• No Twitter bot custody path — see Bot (Coming soon)

Operational hygiene

• Verify the helper address on Basescan before use
• Use Sepolia for testing; double-check chain id in the app env
• Confirm deployed wallet addresses from WalletDeployed events

Deploy from the site: /deploy. Contract API: Contracts Reference.