AxonAxon

Contract System Overview

Architecture overview of the three Axon smart contracts: AxonVault, AxonVaultFactory, and AxonRegistry.

Contract System Overview

Axon's on-chain footprint is deliberately minimal. Three contracts handle all on-chain logic, while complex policy enforcement, AI verification, and transaction routing live off-chain in the relayer.

The Three Contracts

AxonVault

The core contract. One vault is deployed per owner (vault owner) via the factory. It holds funds, enforces authorization, and executes payments.

  • Receives ERC-20 deposits from anyone
  • Executes payments only when called by an authorized relayer with a valid bot-signed EIP-712 intent
  • Manages bot whitelists, destination whitelists, and per-bot spending configurations
  • Supports same-chain swap-and-pay through approved DEX routers

AxonVaultFactory

A deployment contract that creates new vault instances from a master template. Every vault deployed through the factory shares the same audited bytecode for its version.

  • Deploys vault clones with deterministic or standard CREATE addresses
  • Emits VaultDeployed(owner, vault, version) for indexing
  • Tracks all deployments per version

AxonRegistry

An Axon-controlled registry that maintains a list of authorized relayer (delegator) addresses and approved swap routers. Vaults reference this registry to verify that executePayment calls come from a legitimate relayer.

  • Maintains a mapping of authorized delegator addresses
  • Referenced immutably by each vault at deploy time
  • Axon-administered: only Axon can add or remove relayer addresses

Design Philosophy

Minimal On-Chain Surface

The vault contract is intentionally thin. It handles five responsibilities:

  1. Signature verification -- EIP-712 bot signature checked on-chain
  2. Bot authorization -- bot must be active in the vault's whitelist
  3. Deadline enforcement -- intent must not be expired
  4. Hard spending cap -- maxPerTxAmount enforced with a require statement
  5. Destination whitelist -- on-chain enforcement of allowed recipients

Everything else -- daily limits, velocity windows, AI verification triggers, behavioral analysis -- is enforced by the relayer. The relayer reads policy values from the contract (so the owner can verify them on-chain), but enforcement logic runs off-chain.

Config On-Chain, Enforcement Off-Chain

Policy values like dailySpendingLimit and aiTriggerThreshold are stored in the vault's BotConfig struct on-chain. This gives owners verifiability: Axon cannot silently modify a bot's limits because the configured values are publicly readable on the blockchain.

The relayer reads these values from the contract and enforces them using Redis rolling windows and the policy engine. This hybrid approach gives you:

  • Auditability -- anyone can read the configured limits from the contract
  • Flexibility -- complex enforcement logic (rolling windows, velocity checks, AI triggers) without gas costs
  • Simplicity -- the contract stays small and auditable

Non-Upgradeable by Design

Each vault is a fixed version. There are no proxy patterns, no DELEGATECALL, no admin upgrade keys.

VERSION = 4  // uint16, stored on-chain

When new features are needed, Axon deploys a new factory with a new template. Owners on version 4 stay on version 4 until they explicitly choose to deploy a new vault and migrate funds. No one -- not Axon, not anyone -- can change a deployed vault's code.

Version Tracking

Every vault stores its version as a public constant:

uint16 public constant VERSION = 4;

This allows the relayer, indexers, and the dashboard to detect which feature set a vault supports and route accordingly. The factory also emits the version in the VaultDeployed event.

OpenZeppelin Dependencies

Axon contracts build on battle-tested OpenZeppelin libraries:

LibraryPurpose
Ownable2StepTwo-step ownership transfer (propose + accept) to prevent accidental loss
PausableGlobal emergency pause, callable by owner or operator
ReentrancyGuardProtection against reentrancy in payment execution and withdrawals
EIP712Structured data signing for bot payment intents
SafeERC20Safe token transfer wrappers that handle non-standard ERC-20 implementations
ECDSASignature recovery for EIP-712 verification

Contract Interactions

Owner (EOA / multisig)
    |
    |-- deploys via --> AxonVaultFactory
    |                       |
    |                       |-- creates --> AxonVault (per owner)
    |                                          |
    |                                          |-- references --> AxonRegistry (immutable)
    |
    |-- configures ------> AxonVault (addBot, setOperator, whitelist, etc.)

Bot (off-chain)
    |
    |-- signs EIP-712 intent --> Relayer (off-chain)
                                    |
                                    |-- calls executePayment() --> AxonVault
                                    |                                  |
                                    |                                  |-- checks AxonRegistry
                                    |                                  |-- verifies signature
                                    |                                  |-- transfers ERC-20

The relayer is the only entity that submits transactions to the vault. Bots never interact with the blockchain directly.