Skip to main content

The Problem

Giving your Gotchipus the ability to execute on-chain transactions is powerful — but power without control is dangerous. How do you let your Gotchipus act autonomously while ensuring it doesn’t drain its wallet or interact with malicious contracts?

Sessions: Time-Limited Delegation

A Session is a time-bounded permission grant that lets an authorized party (such as the AI agent or a keeper) execute transactions on behalf of your Gotchipus’s TBA, within strict constraints.

Session Parameters

ParameterDescription
ExpirationWhen the session expires (absolute timestamp)
Max Value per TransactionMaximum PROS/ETH that can be sent in a single call
Max Value per SessionTotal spending cap for the entire session
Whitelist/BlacklistWhich contract addresses are allowed or forbidden
CooldownMinimum time between consecutive executions

Session Lifecycle

Create Session → Active (executing within limits) → Expired / Revoked
  • Create: The Gotchipus owner defines constraints and creates the session
  • Active: Authorized callers can execute within the session’s boundaries
  • Revoke: The owner can revoke a session at any time, immediately cutting off access

Security Options

Beyond sessions, four security flags provide additional protection:
FlagWhat It Does
Block Infinite ApprovalsPrevents unlimited ERC-20 token approvals — no contract can get blanket spending permission
Daily Transfer LimitCaps the total value that can leave the TBA in a 24-hour period
Single Transaction LimitCaps the value of any individual outgoing transaction
Restrict Target AddressesOnly allows execution against pre-approved contract addresses
Each flag can be independently enabled or disabled, letting you build the exact security profile your Gotchipus needs.

Transfer Limits

Transfer limits operate on a rolling daily basis:
  • Daily limit resets every 24 hours from the first transfer
  • Per-transaction limit applies to each individual call
  • Both limits are enforced at the TBA level, regardless of who initiates the transaction

Whitelist & Blacklist

You choose between two modes:
ModeBehavior
WhitelistOnly contracts on the whitelist can be called
BlacklistAll contracts can be called except those on the blacklist
This lets you either lock your Gotchipus to a specific set of trusted protocols, or broadly enable it while blocking known risks.

Why This Matters

The session and security system solves the fundamental tension of autonomous agents:
  • For cautious players: Set tight limits, short sessions, and strict whitelists. Your Gotchipus can only do exactly what you allow.
  • For power users: Set generous limits and long sessions. Let your Gotchipus operate with more freedom.
  • For everyone: You can always revoke a session instantly. You never lose ultimate control.
This graduated security model is what makes it safe to give an AI-powered NFT real economic agency. Without it, autonomy would be a liability. With it, autonomy becomes a feature.