Soroban smart contracts for ephemeral account restrictions
MVP Status
🚧 MVP — Active Development: Authorization and token transfer layers are not yet implemented on-chain. See MVP Status for details.
Bridgelet Core contains the Soroban smart contracts that enforce single-use restrictions on ephemeral Stellar accounts and manage the sweep logic for transferring funds to permanent wallets.
- Language: Rust
- Framework: Soroban SDK 22.0.0
- Testing: soroban-cli + Rust test framework
- Build: Cargo + stellar-cli
Manages restrictions on temporary accounts:
- Single inbound payment enforcement
- Authorized sweep destination
- Time-based expiration logic
- Event emission for auditability
Handles fund transfers:
- Validates claim authorization
- Executes atomic sweeps
- Handles multi-asset transfers
- Reclaims base reserves
Stores and exposes the Stellar base reserve configuration:
- Admin-controlled base reserve amount (stored in stroops)
- Distinguishes user funds from network overhead in ephemeral accounts
- TTL management to prevent contract data archival
- Event emission for reserve updates and auditability
contracts/ ├── ephemeral_account/ │ ├── src/ │ │ ├── lib.rs # Main contract │ │ ├── storage.rs # State management │ │ ├── events.rs # Event definitions │ │ └── errors.rs # Error types │ └── Cargo.toml ├── sweep_controller/ │ ├── src/ │ │ ├── lib.rs │ │ ├── authorization.rs │ │ ├── transfers.rs │ │ ├── storage.rs # State management │ │ └── errors.rs # Error types │ └── Cargo.toml ├── reserve_contract/ # ← NEW │ ├── src/ │ │ ├── lib.rs # Main contract │ │ ├── storage.rs # State management │ │ ├── events.rs # Event definitions │ │ └── errors.rs # Error types │ └── Cargo.toml └── shared/ ├── src/ │ ├── lib.rs │ └── types.rs └── Cargo.toml
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install Soroban CLI
cargo install --locked soroban-cli --version 22.0.0
# Add wasm target
rustup target add wasm32-unknown-unknown# Build contracts
./scripts/build.sh
# Run tests
cargo test
# Deploy to testnet
soroban contract deploy \
--wasm target/wasm32-unknown-unknown/release/ephemeral_account.wasm \
--network testnet \
--source SIGNER_SECRET_KEY# Unit tests
cargo test
# Integration tests
cargo test --test integration
# Deploy to local sandbox for testing
./scripts/test-local.shpub trait EphemeralAccountInterface {
// Initialize ephemeral account with restrictions
fn initialize(
env: Env,
creator: Address,
expiry_ledger: u32,
recovery_address: Address,
) -> Result<(), Error>;
// Record inbound payment (called automatically)
fn record_payment(env: Env, amount: i128, asset: Address) -> Result<(), Error>;
// Execute sweep to permanent wallet
fn sweep(env: Env, destination: Address, auth_signature: BytesN<64>) -> Result<(), Error>;
// Check if account is expired
fn is_expired(env: Env) -> bool;
}
⚠️ MVP: On-chain authorization is not enforced at theEphemeralAccountcontract level. CallingEphemeralAccount::sweep()directly bypasses all signature verification. Authorization is only enforced when sweeps are routed throughSweepController. Do not callEphemeralAccount::sweep()directly in production.
See Bridgelet Documentation for full API reference.
Contracts emit events for off-chain monitoring:
AccountCreated { creator, expiry_ledger }
PaymentReceived { amount, asset }
SweepExecutedMulti { destination, payments }
AccountExpired { recovery_address, total_amount, reserve_amount }- All storage keys use proper namespacing
- Authorization checks on every state-changing operation
- Reentrancy protection via Soroban's execution model
- Timestamp-based expiration uses ledger time
See Security Audit Report (coming soon)
MIT