Candide Docs


Overview of problems and the technical solution behind Candide Wallet

Problems with wallets today

Almost every wallet on Ethereum today have certain limitation in one way or the other.
  • Externally Owned Account (EOA) come with the risk of lost or stolen seedphrases. They are limited in functionality in terms of logic, and cannot abstract away some complexities when intercting with dapps.
  • Contract based wallets solves many of the issues that were raised with EOAs by offering specific wallet logic inside the contracts. Nevertheless, because of the fact that each transaction on Ethereum needs to originate from an ECDSA-secured EOA makes this very difficult to build, neverthelss scaled. Dapps needs to adopt each contract interface for every smart contract wallet that wants to integrate, opposite to the standard EOA adopts. The high fees on Ethereum Mainnet makes contract based wallets very costly as well.

Introducing Candide Beta

Candide Beta is a contract based wallet on Ethereum. It is build on top on ERC-4337 as a standard interface for the global contracts named Entry Point. These set of contracts alleviate much of the heavy lift security burden to ensure safety is done not in the wallet itself, but in the entry point contracts.
ERC-4337 is a collaboration by Infinitism, a collaboration between Nethermind, Opengsn and Ethereum Foundation. Their contracts have been audited by OpenZepplin.
Candide Beta infrastructure is started based off of a fork of Stackup great effort in developing a client native app on Polygon. Candide has made several changes to the Stackup codebase, all of which were thoughtfully chosen to ensure that the wallet would carry out the original intended mechanism of allowing users to get the best experience possible for an Ethereum Wallet.

Candide Beta Features

No Seed Phrases | Account Recovery

Candide hides seedphrases thanks to a system called Social Recovery, which was popularized by the Argent Team. Users can recover their lost wallet by simply calling their set guardians, an experience similar to what banks offer today, except that it is fully self-custodial. We detail our chosen design for account recovery here.


Candide will allow batched transactions to execute a sequence of transactions, which helps bring user friendly dapps. The common case for many smart contract interactions are 2 transactions: Approve ERC-20 spend + Spend. Instead, users can sign once to commit to both transactions that can be signed one after the other atomically. Candide Beta ships with an integrated Uniswap Dapp that showcase a one tap swap for ERC-20.


Candide Beta will allow transfers of ETH and ERC-20, a similar experience that most wallets offer today.

Gas Abstraction

Candide will have a paymaster for users to pay gas in any ERC-20. Upon signing up, users won't need to have ETH to deploy their smart contract based wallet, and can simple deposit funds and transact without knowing the notion of gas payments in ETH. We details our chosen paymaster design here.

Technicality in a nutshell

  • Users confirm the signing of the transaction they want to do through Candide Beta. Candide then packages the transactions in a UserOperation that contains the necessary information about the sender, the transactions, along with signatures and other data for verification.
  • Candide extends the entry point logic to support paymasters that sponsor transactions for its own users. Our paymaster is used to subsidize fees for the wallet deployment, and allow users to pay fees with ERC20 tokens. From there, either miners or bundlers can package up a set of UserOperation objects into a single “bundle transaction”, which then gets included into an Ethereum block.
  • Candide runs its own bundler to package UserOperation as a service for its own wallet. The bundler packages up multiple UserOperation objects into a single handleOps call to the pre-published global entry point contract.