Agent Wallets

How Atract enables seamless trading without constant wallet popups.

The Problem

Traditional DeFi trading requires signing every order with your wallet:

  1. You click "Buy BTC"

  2. MetaMask popup appears

  3. You review and approve

  4. Order is signed and submitted

  5. Repeat for every single order

This is terrible UX for active trading. Imagine signing 50-100 orders per day.

Atract's Solution: Agent Wallets

Agent wallets enable one-time authorization for seamless trading:

  1. You authorize an agent wallet once

  2. Agent signs orders on your behalf (server-side)

  3. No more popups for every trade

  4. You trade as fast as you can click

Result: Trading feels like Web2 apps (instant), but remains fully transparent and revocable.

How It Works

Architecture Overview

┌─────────────────┐
│  Your Wallet    │  ← You control (MetaMask, WalletConnect)
│  (Master)       │
└────────┬────────┘

         │ 1. Authorize agent (one-time)

┌─────────────────┐
│  Agent Wallet   │  ← Server-side, signs orders for you
│  (Authorized)   │
└────────┬────────┘

         │ 2. Sign orders

┌─────────────────┐
│  Hyperliquid    │  ← Trading happens here
│  Exchange       │
└─────────────────┘

Step-by-Step Flow

1. One-Time Authorization

When you first connect:

  • You sign a message authorizing the agent wallet address

  • Authorization is recorded on Hyperliquid

  • Agent can now sign orders on behalf of your master wallet

2. Placing Orders

When you click "Buy" or "Sell":

  • Order details sent to Atract backend

  • Backend verifies you're authenticated

  • Agent wallet signs the order (server-side, no popup)

  • Signed order submitted to Hyperliquid

  • Hyperliquid verifies: "Is this agent authorized for this master wallet?"

  • Order executes

3. Order Execution

Hyperliquid sees:

  • Master wallet address (yours)

  • Agent signature (from agent wallet)

  • Authorization (you gave agent permission)

Result: Order executes against your account, as if you signed it yourself.

Security Model

What You Control

Full Control:

  • Your master wallet private key (never shared)

  • Authorization (you can revoke agent anytime)

  • Funds (always in your Hyperliquid account)

  • Positions (you own them, not the agent)

Agent Cannot:

  • Withdraw your funds

  • Transfer assets out of your account

  • Execute trades after you revoke authorization

  • Access your wallet for anything except trading

What Agent Controls

Limited Authority:

  • Sign trading orders on Hyperliquid

  • Only on your behalf (tied to your master address)

  • Only while authorized

Agent's Scope:

  • Place orders (buy, sell, limit, market)

  • Cancel orders

  • That's it

Agent Cannot:

  • Initiate withdrawals

  • Transfer funds between accounts

  • Access other smart contracts

  • Sign arbitrary transactions

Authorization Lifecycle

Authorize Agent:

You → Sign message → Hyperliquid records authorization

Agent Signs Order:

Backend → Agent signs → Hyperliquid verifies authorization → Execute

Revoke Agent:

You → Sign revoke message → Hyperliquid removes authorization
→ Agent can no longer trade on your behalf

Non-Custodial Guarantee

Atract never has custody of your funds.

Your funds are always:

  • On Hyperliquid, in your account

  • Controlled by your master wallet

  • Withdrawable by you at any time (directly via Hyperliquid)

Agent wallet only:

  • Signs orders

  • Has no withdrawal permissions

  • Loses all power if you revoke

If Atract goes offline:

  • Your funds remain on Hyperliquid

  • You can trade directly via Hyperliquid UI

  • You can withdraw anytime

Revoking Agent Authorization

When to Revoke

Consider revoking if:

  • You're done using Atract

  • You suspect security compromise

  • You want to pause all automated trading

  • You're switching to a new account

How to Revoke

Via Hyperliquid UI:

  1. Go to Hyperliquid dashboard

  2. Navigate to "Agent Wallets" or "Authorizations"

  3. Find Atract's agent wallet address

  4. Click "Revoke"

  5. Sign the revoke message

Effect:

  • All future trade attempts fail

  • Agent can no longer sign on your behalf

  • Existing orders remain active (cancel manually if needed)

To resume trading on Atract:

  • Re-authorize the agent wallet (new authorization flow)

Agent Key Security

How Atract Protects the Agent Key

Server-Side Only:

  • Agent private key stored on backend server

  • Never exposed to frontend/client

  • Never sent over network

Environment Variable:

HL_AGENT_PRIVATE_KEY=0x...  # Server-only, not in code

Access Control:

  • Only backend API routes can access

  • No public endpoints expose key

  • Logged access for audit

Rotation Policy:

  • Agent key can be rotated if compromised

  • Users re-authorize new agent

  • Old agent immediately loses power

What If Agent Key Leaks?

Worst case scenario: Someone gets agent private key.

What they can do:

  • Sign orders for users who authorized that agent

  • Place trades on behalf of those users

What they cannot do:

  • Withdraw funds (no withdrawal permission)

  • Access funds on other chains

  • Impersonate users outside of trading

Mitigation:

  1. Detect leak immediately (monitoring)

  2. Rotate agent key

  3. Notify users to revoke old agent

  4. Deploy new agent, users re-authorize

User protection:

  • You can revoke anytime

  • Funds never leave Hyperliquid

  • All trades logged (audit trail)

Comparison: Agent vs. Manual Signing

Feature
Agent Wallet
Manual Signing

UX

Seamless (no popups)

Popup every order

Speed

Fast (instant click)

Slow (approve each)

Security

Revocable authorization

Full control every time

Custody

Non-custodial

Non-custodial

Transparency

All trades logged

All trades logged

Best for

Active trading

Occasional trades

Agent Wallet vs. API Keys

Hyperliquid API Keys:

  • Different authorization mechanism

  • Also enables programmatic trading

  • Atract uses agent wallets (not API keys)

Why agent wallets:

  • More flexible for UX (embedded in web app)

  • Easier revocation

  • Better fits Atract's architecture

Technical Implementation

Authorization Message

When you authorize an agent:

// Message you sign
const message = {
  type: 'agent',
  agent: '0x...',  // Agent wallet address
  master: '0x...',  // Your wallet address
  timestamp: Date.now()
};

// You sign this message with your wallet
const signature = await masterWallet.signMessage(message);

Order Signing

When agent places order for you:

// Backend (server-side only)
const orderAction = {
  type: 'order',
  symbol: 'BTC',
  side: 'buy',
  size: 0.1,
  price: 50000,
  nonce: Date.now()
};

// Agent signs on your behalf
const signature = await agentWallet.signOrderAction(orderAction, masterAddress);

// Submit to Hyperliquid
await HLClient.postToExchange({
  action: orderAction,
  nonce,
  signature
});

Hyperliquid verifies:

  1. Is this agent authorized for this master?

  2. Is signature valid?

  3. Execute order if both true

Best Practices

For Users:

  1. Authorize only trusted agents

    • Verify agent address matches Atract's official address

    • Don't authorize random addresses

  2. Monitor your trades

    • Check trade history regularly

    • All trades visible on Hyperliquid dashboard

  3. Revoke when done

    • If you stop using Atract, revoke authorization

    • Reduces security surface area

  4. Keep master wallet secure

    • Agent signing doesn't change your wallet security needs

    • Use hardware wallet for large holdings

For Atract:

  1. Rotate agent keys periodically

    • Defense in depth

    • Limits exposure if compromised

  2. Log all agent signatures

    • Audit trail for transparency

    • Detect anomalies

  3. Never expose agent key

    • Server-side only

    • No accidental leaks in logs, errors, etc.

Vault Trading with Agent Wallets

When trading with vaults, the same agent mechanism applies:

Personal Trading:

  • Agent signs orders for your master wallet

  • Orders execute against your personal Hyperliquid balance

Vault Trading:

  • Agent signs orders for the vault's wallet

  • Vault wallet is the Hyperliquid account holding vault capital

  • Same agent, different master address (vault address)

Authorization:

  • Vault wallet authorizes the agent during vault creation

  • Trader can then place orders on behalf of the vault

Security:

  • Vault has its own Hyperliquid account

  • Agent signs, but vault wallet controls funds

  • Smart contract enforces risk limits (drawdown, etc.)

Common Questions

Q: Is my wallet at risk if Atract is hacked?

A: No. Agent can only sign trading orders, not withdrawals. Your funds remain in your Hyperliquid account. Worst case: unauthorized trades (which you'd see immediately and can revoke).

Q: Can Atract steal my funds?

A: No. Agent has no withdrawal permissions. Even with agent authorization, funds can only be withdrawn by your master wallet (which Atract never has access to).

Q: What if I lose access to my master wallet?

A: Atract cannot help recover your wallet. The agent can trade, but cannot move funds. You'd need to recover via your wallet provider (seed phrase, etc.).

Q: How is this different from giving Atract my private key?

A: Completely different. You never share your master private key. Agent is a separate wallet with limited, revocable permissions. You retain full control.

Q: Can I use Atract without agent authorization?

A: Not currently. Agent wallets are core to Atract's seamless trading UX. Future versions might offer manual signing mode, but it defeats the purpose.

Q: What if Hyperliquid is compromised?

A: Agent authorization is a Hyperliquid feature, not Atract-specific. If Hyperliquid is compromised, all users (not just Atract users) are affected. This is inherent to using any exchange.

Next Steps

Related Pages

PreviousRisk ControlsNextOverview

Last updated