How does it handle transaction replay protection?

The skill enforces best practices for nonce management and domain separation to ensure transaction signatures cannot be reused maliciously across different contexts.

How does this skill help with Starknet security?

It provides automated checks and guidance for __validate__ and __execute__ paths to prevent DoS attacks and unauthorized transaction execution.

Can I use this for general Cairo contract development?

While it uses Cairo patterns, this skill is specifically tailored for account-specific semantics like signatures, nonces, and session policies rather than general logic.

Does it support session key implementation?

Yes, it helps design and validate session-key policy boundaries and selector filters to ensure granular control over account permissions.

Starknet Account Abstraction

Name: Starknet Account Abstraction
Author: keep-starknet-strange

bykeep-starknet-strange

•

Seguridad y Pruebas

Ensures the correctness and security of Starknet account abstraction implementations through validation path audits and policy enforcement.

This skill provides specialized guidance for implementing and auditing Starknet Account Abstraction (AA), focusing on the critical security of __validate__ and __execute__ functions. It helps developers design robust session-key policies, prevent replay attacks via nonce and domain separation, and protect against privileged selector vulnerabilities. By providing implementation patterns and error recovery workflows, it is an essential tool for developers building secure AI agents and smart accounts that need to transact safely on the Starknet network while maintaining strict security boundaries.

Características Principales

01Audits __validate__ functions for DoS resistance and lightweight execution

02Enforces execution policy boundaries and selector filters

03Validates replay protection through nonce and domain separation checks

04Provides patterns for session-key policy implementation

05Identifies privileged selector and self-call vulnerabilities

0679 GitHub stars

Casos de Uso

01Auditing custom account contract security before mainnet deployment

02Designing granular session policies for autonomous AI agents

03Debugging signature and nonce validation failures in smart accounts

Características Principales

01Audits __validate__ functions for DoS resistance and lightweight execution

02Enforces execution policy boundaries and selector filters

03Validates replay protection through nonce and domain separation checks

04Provides patterns for session-key policy implementation

05Identifies privileged selector and self-call vulnerabilities

0679 GitHub stars

Casos de Uso

01Auditing custom account contract security before mainnet deployment

02Designing granular session policies for autonomous AI agents

03Debugging signature and nonce validation failures in smart accounts