Smart Wallets Overview
The smart wallet layer is the security foundation of NMT. It's a set of Solidity contracts that allow users to delegate DeFi actions to operators — without ever sharing their private keys.
The Problem It Solves
In traditional DeFi, if you want someone to manage your funds, you have two bad options:
- Share your private key — they can steal everything
- Manually sign every transaction — defeats the purpose of delegation
NMT's smart wallets solve this by creating a permissioned execution environment. An operator can only perform actions you've explicitly approved, on protocols you've explicitly allowed.
How It Works
The system is built on Gnosis Safe, the most widely used smart wallet in DeFi. NMT extends it with three custom components:
+--------------------------------------------------+
| Gnosis Safe |
| (User's smart wallet — holds all funds) |
| |
| +--------------------------------------------+ |
| | PermissionsManager | |
| | "Who can do what on this Safe?" | |
| +--------------------------------------------+ |
| |
| +--------------------------------------------+ |
| | DelegateBundler | |
| | "Execute multiple steps atomically" | |
| +--------------------------------------------+ |
| |
| +------+ +------+ +------+ +------+ +------+ |
| |UniV3 | |UniV2 | |Aave | |Morph | |Yearn | |
| |Module | |Module| |Module| |Module| |Module| |
| +------+ +------+ +------+ +------+ +------+ |
| +------+ +------+ +------+ |
| |Aero | |Relay | | Base | |
| |Module | |Module| |Module| |
| +------+ +------+ +------+ |
| |
| External modules (deployed separately): |
| +------+ +--------+ |
| | Cow | |Krystal | |
| |Module | |Module | |
| +------+ +--------+ |
+--------------------------------------------------+
A user's Safe showing net worth, asset value, DeFi position value, and performance chart.
Gnosis Safe
The user's wallet. All funds live here. It's a multi-signature contract that requires authorized signatures to execute transactions.
PermissionsManager
The access control layer. It defines:
- Which addresses (operators/delegates) can interact with the Safe
- Which modules each delegate is authorized to use
- What actions are permitted per module
DelegateBundler
The execution engine. When an operator wants to execute a strategy (e.g., "borrow USDC from Aave, then deposit into a Uniswap pool"), the bundler:
- Verifies the operator's EIP-712 signature
- Checks the nonce and deadline
- Executes all steps atomically — if any step fails, everything reverts
Protocol Modules
Each module is a specialized adapter for one DeFi protocol. Modules:
- Know how to talk to their specific protocol's contracts
- Validate that the operation is within the delegate's permissions
- Execute the actual on-chain calls through the Safe
Contract Files
All contracts live in smart-wallets/contracts/:
contracts/
├── PermissionsManager.sol # Access control
├── DelegateBundler.sol # Atomic execution
├── modules/
│ ├── BaseModule.sol # Shared module logic
│ ├── UniswapV3Module.sol # Uniswap V3 concentrated LP
│ ├── UniswapV2Module.sol # Uniswap V2 basic swaps
│ ├── AaveModule.sol # Aave lending/borrowing
│ ├── MorphoModule.sol # Morpho vault deposits
│ ├── YearnModule.sol # Yearn vault deposits
│ ├── AerodromeModule.sol # Aerodrome DEX (Base)
│ └── RelayModule.sol # Gelato gasless transactions
├── safe/ # Gnosis Safe base contracts
│ ├── Safe.sol
│ ├── ModuleManager.sol
│ ├── OwnerManager.sol
│ └── ...
└── interfaces/ # Contract interfaces
Deployment
Contracts are deployed via Hardhat scripts in smart-wallets/deploy/. Each chain has its own config file with protocol addresses:
| Chain | Config File |
|---|---|
| Base | deploy/config/base.ts |
| Ethereum | deploy/config/ethereum.ts |
| Arbitrum | deploy/config/arbitrum.ts |
| Optimism | deploy/config/optimism.ts |
| Sepolia (testnet) | deploy/config/sepolia.ts |
The deployment order matters — PermissionsManager must be deployed first, then DelegateBundler, then each protocol module (since modules reference the PermissionsManager).