Management API Reference

FAQs

Can players use ERC-20 tokens to pay for gas fees?#

Yes, you can sponsor fully or partially with the network token or ERC-20.

Do users need to fund the newly created accounts?#

You don't need to. With Openfort you can use policies to sponsor gas fees on behalf of your users.

How do I pay for the sponsored gas fees?#

Openfort handles all the gas payments for you when using policies. While everything is free on Testnets, on Mainnets you'll need to top up your account.

What smart contracts can I interact with?#

Yes, you're free to use any smart contracts you wish. You will need add contracts using the assets page in your dashboard.

Is Openfort ERC-4337 compatible?#

Yes, Openfort is compatible with Account Abstraction (ERC-4337) among other standards and follows best practices and implementations across other ethereum standards.

What blockchains do you support?#

Checkout the comprehensive list of supported chains.

Can users have the same smart account address on all EVM chains?#

Yes, users can have the same address across all EVM chains because the addresses are deterministic. Each chain will have separate smart account.

Has Openfort been audited?#

The Smart Account implementation has been audited by CertiK and the embedded signer is audited by Cure+53.

Do you provide the ability to communicate with players through notifications?#

Openfort can notify you of transactions succeeded or reverted with webhooks. You can use that to send push notifications.

What's Openfort's business model?#

At Openfort we work with any size business to connect your backend and product to the blockchain. Our business model adapts to your needs based on volume as well as the revenue and growth model your business has.

How can I activate "Live Mode"?#

Whenever you want to go live with your product, you need to make sure to complete the details on your billing settings. This is necessary on order to top up your Account Funds.

What options are available for branding and white labeling?#

Openfort offers headless smart accounts which means that you can customize your own UI and experience. You can decide to use any popular framework or completely integrate it within you game (zero popups).

Security and Contingency Planning#

If Openfort were to shut down with a one-month notice, would there be scope to change the signer on the Smart Contract Wallet and use it in connection with a different provider that manages the private keys differently?#

TLDR: With enough time, transitioning is fairly simple. You’d need to invoke the transferOwnership function for users to accept the new signer.

Detailed Answer: Yes, if Openfort shuts down with a one-month notice, it's possible to change the signer. Since Openfort wallets are non-custodial, users have control over their private keys. The key migration process would involve using the "recovery share" and "device share" from Shamir's Secret Sharing (SSS) to reconstruct the private key, allowing users to accept a new signer through the transferOwnership function. The new provider would need to support compatible key management systems.

If Openfort were shut down with zero notice, would there be any scope to do a migration? Would that rely on a self-hosted Shield for the recovery share and the device share being intact?#

TLDR: If there is no self-hosted option, users should rely on on-chain social recovery.

Detailed Answer: Migration is still possible, but it depends on the self-hosted Shield for the recovery share and the availability of the device share. If a self-hosted Shield is not in place, users can utilize on-chain social recovery. As long as the device share and recovery share are intact, users can reconstruct their private key and migrate to a new provider. On-chain social recovery can also help recover the wallet if the device share is lost.

If Openfort's API were compromised, what is the risk there? Can that risk be mitigated? What’s the risk of the auth share on the private key being exposed?#

TLDR: Both Openfort's server and Shield are encrypted. Even if an attacker obtains the auth share, they would need a secret to decrypt it.

Detailed Answer: If Openfort's API were compromised, the risk is limited because both the auth share and Shield service are encrypted. Even if an attacker gains access to the auth share, they would still need to decrypt it using a secret. Furthermore, since the private key is split using Shamir's Secret Sharing, the auth share alone is insufficient to reconstruct the full key without the device or recovery share.