Where this stands today. The non-custodial Safe7579 account described here is rolling out in a gated early access, not yet the default for everyone. During the migration, live trade execution still runs on Otto’s existing execution rail, and the fully self-custodied converged path (including agent execution scoped to bounded sessions) is being enabled progressively. We label what’s live as live and what’s coming as coming throughout.
What is a smart account?
A normal wallet (an EOA — “externally owned account”, like MetaMask) is controlled by a single private key. A smart account is a wallet that lives in a small program (a smart contract) on-chain. It still has an owner, but the contract can enforce extra rules about what’s allowed — spending limits, expiries, scoped permissions — that a plain key can’t. The account Otto is converging onto is built on Safe — the most widely used and audited smart-account framework in crypto, securing tens of billions of dollars across the ecosystem. Specifically, Otto uses Safe with the ERC-7579 modular standard (we refer to it internally as the Safe7579 account). ERC-7579 is what lets the account support scoped, rule-bound permissions without ever handing over ownership.You own it — Otto does not
This is the single most important property of the model:- You are the sole owner. The account is deployed with your wallet (your connected EOA, or your Dynamic embedded wallet) as the only owner. There is no Otto co-signer and no Otto owner key.
- Otto cannot withdraw. Because Otto holds no owner key, it has no ability to move funds out of your account. Withdrawals require your signature.
- Deterministic address. Your account address is derived from your wallet, so it’s the same every time you connect — it isn’t a custodial sub-account Otto assigns to you.
- Otto’s only on-chain role at setup is to relay the deployment and pay the deploy gas. That relay key cannot sign transactions for your account; it can only help your account come into existence.
For email / social (“embedded wallet”) sign-ups, the owner key is held by Dynamic, our wallet-infrastructure provider, on your behalf — that’s the trade-off for not managing a seed phrase. The key is still yours, not Otto’s. If you’d rather hold the key yourself end-to-end, connect an external wallet (MetaMask, Rabby, Coinbase Wallet) instead. See Connecting Your Wallet.
How this differs from the existing execution path
Otto AI has two distinct on-chain custody models, and the platform is migrating from the first to the second. It’s worth being precise about which is which.| Otto Safe (Safe7579) | Existing execution Safe | |
|---|---|---|
| Owner | You (your EOA / embedded wallet) | An Otto-managed agent key |
| Can Otto withdraw your funds? | No — Otto holds no owner key | The agent key can sign |
| Custody model | Non-custodial / self-custody | Agent-custodial |
| Status | Rolling out (gated early access) | The current live execution rail |
Honest status: the existing agent-custodial rail is what carries live execution today. The user-owned Safe7579 account is rolling out in a gated early access and is not yet the default. This page will be updated as that changes.
Why it matters
- No honeypot of user keys. When you own the key, there is no central store of user keys for an attacker (or a rogue insider) to target.
- You can always exit. Because you hold the owner key, you can withdraw or move your funds at any time without Otto’s cooperation or permission.
- Rules live in the account, not in a promise. A smart account can enforce limits on-chain. As Otto adds scoped automation (below), the boundaries are encoded in the contract — not just in our app logic.
- One account, one balance. As convergence rolls out, your swaps, bridges, lending, yield, and perps funding all reference the same user-owned account, instead of being split across separate wallets.
What’s coming: owner-armed agent execution
The non-custodial ownership is the foundation. The next step — letting an Otto agent execute a bounded trade directly from your Safe — is being rolled out, and is not enabled yet. Here’s the model, so you know what to expect:- You arm a scoped permission. To let an agent act, you would sign — once — a bounded permission (an ERC-7579 “smart session”): e.g. “the agent may run a swap through this specific router, sending output back to my own account, up to an exact USDC amount, with an expiry.”
- The agent gets a narrow lane, not the keys. That permission scopes the agent to a single, specific action under strict on-chain limits — an exact spend cap (never “unlimited”), a fixed recipient (your own account), a time limit, and a usage limit. It cannot withdraw, cannot send to arbitrary addresses, and cannot exceed the cap. The owner key still never leaves your control, and withdrawals stay owner-only.
- You can disarm anytime. Revoking the permission ends the agent’s ability to act — your ownership is untouched throughout.
/app is converging toward, not a feature you can turn on today. When it ships, this page and the roadmap will be updated with the exact steps.
Related
- Connecting Your Wallet — how your account owner is established
- Your Wallet, Your Responsibility — custody models across Otto, side by side
- What’s Live & What’s Next — current product status