Understanding the Wallet Infra Stack: The Driver and The Vehicle

Kurt

7 min read
Understanding the Wallet Infra Stack: The Driver and The Vehicle

If you're building a product on blockchain technology today, you've already encountered the problem: you search for "wallet infrastructure" and find twenty companies that all seem to do the same thing. Embedded wallets. Smart accounts. Chain abstraction. Key management. Once you dive in, they all have overlapping terminology, and the marketing blurs together making it difficult to understand when one provider stops and another starts. The wrong choice could mean ripping out infrastructure six months down the line. This article tries to help clarify the core components.

We hear it on nearly every first customer call: teams assume that providers like Magic Labs and other key management providers are our competitors when they're actually some of our closest partners. The wallet infrastructure stack has been modularized, and understanding the layers is the most important architectural decision you can make before writing a line of integration code.

The wallet is no longer one thing

Five years ago, a "wallet" was MetaMask. It stored your keys, held your assets, and signed your transactions — all in one package. That model doesn't work in a world with dozens of chains, millions of non-crypto-native users, and applications that need to move value across networks in seconds. The wallet has split into specialized layers, just as backend infrastructure split into auth, compute, storage, and networking a decade ago.

For a developer choosing infrastructure, three layers matter:

  • The Driver: key management, authentication, and signing. This is who controls the wallet. TEE and MPC based embedded wallet providers solve this problem.
  • The Vehicle: the onchain account, transaction orchestration, and execution engine. This is what the wallet can do. Smart account infrastructure like Rhinestone lives here.
  • The Road: settlement layers, bridges, and liquidity rails. This is how value moves between chains and tokens. Protocols like Across, Relay, Eco, Li.Fi, Uniswap, and many more live here.

Each layer is purpose-built and works best when composed with the others rather than when a single vendor tries to do everything.

The Driver: key management and authentication

Embedded wallet providers solve the hardest UX problem in crypto — getting a user from "sign up" to "has a wallet" without seed phrases, browser extensions, or gas tokens. They manage private keys securely using MPC (multi-party computation) or TEEs (trusted execution environments), handle social login and email-based authentication, and provide the signing interface that authorizes transactions. This is essential infrastructure.

It's worth noting that MPC and TEE-based key management is a somewhat trusted model — the user delegates a degree of trust to the provider to manage key shares or secure enclaves on their behalf. This is a feature, not a bug: for institutional and enterprise use cases, that trust layer is exactly the security property you want. But it does mean the choice of key management provider carries long-term implications, which brings us to one of the most important reasons to separate the driver from the vehicle.

The Vehicle: smart accounts, orchestration, and execution

Once a user has a signer (the driver), what can they actually do onchain? The answer depends entirely on whether that signer controls a basic EOA or a smart account.

An EOA from an MPC provider can sign transactions on one chain at a time. A smart account unlocks a fundamentally different set of capabilities: gas sponsorship (users never hold or think about gas tokens), session keys (scoped onchain delegations that let your app automate actions on a user's behalf), transaction batching (multi-step workflows compressed into single operations), and cross-chain orchestration (multi-chain transaction bundles that only require one signature, not one per chain).

Gas sponsorship deserves special attention because it's one of the most tangible improvements a smart account delivers over a vanilla EOA. Smart accounts require a relayer or bundler to process transactions onchain. What's distinctive about Rhinestone is that our solvers combine the bundler, paymaster, and cross-chain execution roles into a single system. They process single-chain transactions, sponsor gas from a single USDC balance on Base, and manage token inventory (native tokens and stablecoins) to fill crosschain transactions, taking repayment wherever the user has funds. The result is cross-chain execution without bridging and without gas tokens. For apps that want to be multi-chain and stablecoin-only, this eliminates the need to deal with ETH on EVM chains, POL on Polygon, SOL on Solana, or any other native token. Just one stablecoin balance, spendable anywhere.

The smart account becomes part of the orchestration layer itself. Consider how ENS uses Rhinestone: when a user registers a domain, the purchase involves a commit step and a register step. With session keys, ENS compresses this into a single click — the smart account handles the multi-step flow without requiring the user to approve each action individually. The user's funds can live on any chain while the intent engine figures out how to move them to where they need to be.

This gets to a critical architectural point: smart accounts allow intents to be signed or validated separately from execution. The user signs what they want to happen — "register this domain," "swap these tokens," "deposit into this protocol" — and a solver handles the execution on their behalf, funding gas, routing across chains, and settling the transaction. The user doesn't need to be involved at each step, and they don't need to understand which chain their assets are on. Rhinestone operates across the onchain account, orchestration, and solver layers, running a first-party solver market that enables sub-1.5-second cross-chain execution without protocol or API fees. We'll go deeper on the architecture in a future post; the point here is that the vehicle does far more than hold assets.

Why the separation matters

Pairing a dedicated key management provider (the driver) with a smart account and execution layer (the vehicle) isn't just a nice architectural pattern — it delivers three concrete advantages that compound over time.

Signer rotation eliminates vendor lock-in

With a traditional embedded wallet, your user's onchain address is tied directly to their key management provider. If that provider raises prices, changes terms, or faces a regulatory reassessment of whether MPC constitutes non-custodial key management, you're stuck — migrating means new addresses, new onboarding flows, and disruption for every user. Smart accounts solve this. Because the onchain account is separated from the signer, you can rotate to a different key management provider at any time. No user needs to upgrade their address. No migration. No downtime. The smart account stays the same; only the signer changes. 

This is a meaningful operational advantage that isn't available when using a plain EOA from an MPC provider. With an EOA, the address is derived from the key — change the key management provider, and every user's address changes with it. With a smart account, the address is the contract. The signer is a module that can be rotated without touching the user-facing identity.

Onchain policies create trustless security guarantees

Because the smart account lives onchain and is separate from the signer, developers can embed immutable policies and guards directly into the account: spending limits, whitelisted contracts, time-locked operations, multi-party approval requirements. These policies are transparent, onchain, and guaranteed regardless of what the key management layer does.

This creates stronger security properties than the signer alone can provide. A compromised key with a $500 daily spending limit enforced at the account level is a very different risk profile than a compromised key with unrestricted access. For fintech applications, institutional products, and any use case where users hold meaningful value, this separation of concerns between authentication and authorization — between who can act and what they can do — is a fundamental design advantage.

The capability gap is substantial

As covered above — gas sponsorship from a single stablecoin balance, session key delegations, transaction batching, cross-chain orchestration, and intent-based execution are all properties of the vehicle layer and are derived from the smart account, not the key management solution.

This pattern is already in production

The driver-plus-vehicle architecture isn't theoretical. It's the standard approach for serious applications that need both seamless onboarding and powerful onchain functionality:

  • Polymarket pairs Magic Labs for key management with Safe smart accounts to run the highest-volume prediction market in crypto.
  • ENS uses Para for authentication alongside Rhinestone smart accounts and cross-chain intents for one-click domain registration with funds from any chain.
  • Clave combines Privy's embedded wallet with Rhinestone's smart accounts and orchestration layer to build a crypto neobank with stablecoin savings, spending, and DeFi access.
  • Infinex integrates Turnkey for key management with Kernel smart accounts to power their cross-chain DeFi platform.

When teams need both a seamless, invisible onboarding experience and a powerful onchain execution layer, they reach for specialized infrastructure at each layer rather than asking one vendor to do everything.

Choosing your stack

If you're evaluating infrastructure, three questions will clarify 90% of your architecture:

Who manages your users' keys? This is your driver. Choose based on authentication methods, compliance posture, and key security model.

What can your users' wallets do onchain? This is your vehicle — the smart account, orchestration, and execution layer. If your application needs cross-chain transactions, gas sponsorship, session key automation, or intent-based execution, you need a smart account infrastructure provider.

How does value move between chain and tokens? This is the road — settlement layers like Across, Relay, and Eco, or marketplaces like Uniswap, COW and more. With Rhinestone, the solver network handles this for you, so you don't integrate settlement layers and AMM's directly.

The wallet stack has modularized. The driver and the vehicle are complementary layers, not competing products. Understanding this distinction is the first step toward building a stack that won't need to be ripped out in six months.

If you're building with an embedded wallet provider and need smart accounts, cross-chain execution, or session key automation, check out our quickstart guide or get in touch.

Read more