TL;DR: Click “Connect Wallet” → click “Deploy Smart Account” → click “Enable Session Keys (7 days)”. After that, creating posts and tipping burns MOON and signs transactions automatically — no MetaMask popups for 7 days. Your funds stay in your control the entire time.

What is a Smart Account?

When you connect MetaMask to MoonVote, you’re using a standard Ethereum wallet (called an EOA — Externally Owned Account). Every on-chain action requires you to manually approve a popup. Burn 1 MOON to post? Popup. Approve the token? Popup. Tip someone? Popup.

Your MoonVote Smart Account is a separate on-chain wallet built on the ERC-4337 standard. It’s deployed as a lightweight clone contract on Arbitrum One, owned by your MetaMask key. It can do everything your regular wallet can, but with one major difference: it supports programmable permissions.

You deploy it once (one transaction, costs a tiny amount of gas), and it gets a deterministic address tied to your wallet. You can send MOON to it, and it holds its own ETH balance for gas.

What are Session Keys?

Session keys are temporary, restricted keys that your Smart Account trusts for a limited time. When you enable session keys on MoonVote, your browser generates a fresh keypair and installs it as an approved signer on your Smart Account with these constraints:

  • Time-limited: Valid for 7 days, then automatically expires
  • Target-restricted: Can only call the MoonActions contract (burns and tips) and the MOON token contract (approvals)
  • Function-restricted: Can only call specific functions — burnForPost, approve, etc.
  • No delegatecall: Cannot execute arbitrary code through your account

This means even if someone extracted the session key from your browser, they could only burn MOON for posts or approve the MoonActions contract. They couldn’t transfer your tokens to another address, call arbitrary contracts, or do anything outside the narrow allowlist.

Why This Matters

Without session keys, every post costs you two interactions:

  1. Wallet popup to approve MOON spending (first time)
  2. Wallet popup to burn MOON for the post

With session keys enabled, posting works like this:

  1. Click “Create Post”
  2. Confirm the burn in the MoonVote UI
  3. Done — the transaction is built, signed with your session key, and submitted through the bundler. No MetaMask popup.

Same for tipping. The experience goes from “crypto app with constant interruptions” to “normal website that happens to settle on-chain.”

How It Works Under the Hood

MoonVote uses the full ERC-4337 account abstraction stack:

  • MoonAccount (ERC-4337 + ERC-7579): Your smart wallet, deployed as a minimal proxy clone. Supports modular validators, executors, and fallback handlers.
  • MoonAccountFactory: Deterministic deployment — your smart account address is known before it’s even deployed, so you can fund it in advance.
  • SessionKeyValidator (ERC-7579 module): Installed on your smart account as a validator module. Checks every UserOperation against the target/selector/time allowlist.
  • Rundler: Self-hosted ERC-4337 bundler that packages your UserOperations and submits them to the EntryPoint contract on Arbitrum.

When you create a post with session keys active:

  1. The frontend builds a UserOperation containing: approve MOON → burnForPost
  2. The session key signs the UserOperation (no MetaMask involved)
  3. The bundler submits it to the EntryPoint contract
  4. The EntryPoint calls your Smart Account’s validateUserOp
  5. Your Smart Account delegates to the SessionKeyValidator module
  6. The validator checks: correct target? correct function selector? within time window? → approved
  7. The burn executes on-chain, the backend verifies the receipt, and your post goes live

All of this happens in a few seconds, completely in the background.

Your Funds Stay Safe

A few things worth emphasizing:

  • Non-custodial: MoonVote never holds your keys or your funds. The session key lives in your browser’s memory only.
  • Revocable: You can revoke session keys at any time from the wallet modal. This uninstalls the validator module from your Smart Account immediately.
  • Auto-expiry: Session keys expire after 7 days. No action needed — the on-chain time check rejects expired keys.
  • Scoped: Even an active session key cannot transfer tokens to arbitrary addresses. It can only interact with MoonActions (burns, tips) and the MOON token (approvals for MoonActions).
  • Your Smart Account, your rules: The Smart Account is owned by your EOA. Only you can install or remove modules, and only you can execute arbitrary calls.

Setup Steps

  1. Connect your wallet — click “Connect Wallet” in the top right
  2. Deploy Smart Account — in the wallet modal, click “Deploy Smart Account” (one-time, ~$0.01 in gas)
  3. Fund it — send some MOON and a small amount of ETH (for gas) to your Smart Account address shown in the modal
  4. Enable Session Keys — click “Enable Session Keys (7 days)” and approve the module installation in MetaMask (one signature)
  5. Post freely — for the next 7 days, posting and tipping work without any wallet popups

After 7 days, just re-enable session keys with one click. Or keep using the standard EOA flow with popups — both paths work and always will.