Account Abstraction Schnorr Multi Signatures SDK

A typescript library for creating ERC-4337 Account Abstraction which utilizes Schnorr Signatures for multi signatures.

Current library provide utilities to sign/send User Operation's with Schnorr Signer. Alchemy Account Kit used to send User Operations. To better understand usage of library go to Examples section.

Never reuse public nonces. Reusing them will cryptographically expose your private keys and lead to a loss of funds. Implement robust nonce management in your application is crucial for security, make sure to delete nonce after usage and never use it again.

Construction of multisignature address uses salts. Ensure salts are deterministic and consistent to maintain cross-wallet compatibility. Usage of different salts will lead to different multisignature address. Use the following salts that are used by SSP Wallet:

• accountSalt: aasalt
• factorySalt: aafactorysalt

Install via npm:

npm install @runonflux/aa-schnorr-multisig-sdk

Or clone the repository:

git clone https://github.com/RunOnFlux/account-abstraction.git
cd account-abstraction/aa-schnorr-multisig-sdk
npm i

To get started, explore our examples and documentation. Ensure you have a .env file configured with the necessary environment variables as shown in .env.sample.

• Get Smart Account Address On-Chain/Off-Chain
• Smart Account Deployment
• Sign 3 of 3

Found a bug? Please report it on our issue tracker.

This project is licensed under the MIT License.

• MultiSig Smart Account - ERC-4337 Smart Contracts
• Account Abstraction - Schnorr Multisig SDK

SSP Wallet is a multi-signature multi-asset wallet that uses this AA Schnorr Multi-Signature SDK for EVM chains. Check out the SSP Wallet repository for more information and proper usage of the library

• SSP Wallet Repository

• This library is based on Borislav Itskov research and draws inspiration from the schnorrkel.js implementation.
• Account Abstraction ERC4337 eth-infinitism/account-abstraction

The smart contracts and SDK underwent a comprehensive security audit by Halborn finalised in February 2025.

📄 Smart Contracts Audit

• Halborn Audit Report – Smart Contracts (GitHub)
• Halborn Public Report – Smart Contracts (Halborn)

📄 SDK Audit

• Halborn Audit Report – SDK (GitHub)
• Halborn Public Report – SDK (Halborn)

• Smart Contracts: All findings were in unused code, which has been removed in the main branch. Contracts were redeployed, and the main branch is recommended for production while master branch is an archive where audits were assessed and perfectly safe to continue using. (Fix PR)
• SDK: All important findigs were addressed in the main branch. Be noted that examples are using hard coded values, furthermore this library requires proper nonce management on the client side, and following a strict error-throwing approach. (Fix PR)