Wallet Model#

Your Hightop account looks like a simple fintech app. Underneath, it runs on infrastructure purpose-built for a world where AI agents handle money.

The architecture has four layers:

• You authenticate in the Hightop app. By default, when you sign up, Hightop creates an embedded wallet through Turnkey tied to your email — this becomes your control wallet, the external wallet that owns the underlying smart contract wallet. You can later move control of the account to another wallet you control (hardware, etc).
• The control wallet is the only address that can update rules, add agents, and configure your smart contract wallet.
• The smart contract wallet holds and controls your assets and positions, and enforces the rules and policies onchain.
• Agents request actions through the API — the smart contract decides whether to allow them.

The wallet architecture is built on the Programmable Wallets from Underscore Protocol, which the Hightop team also built. The full source code is available on GitHub.

Everything below explains why these layers exist and how they work.

Why Crypto Rails#

Traditional financial rails were not designed for AI agents, and the gaps show up fast.

Agents operate globally, around the clock. An AI agent does not have business hours. It does not live in one country. It might pay an inference provider in Singapore at 2am, buy a dataset from a vendor in Berlin at 6am, and settle a compute bill in Virginia by noon — all without a human in the loop. Traditional banking rails shut down on weekends, close for holidays, and impose geographic restrictions. Blockchain infrastructure runs 24/7, globally, with no downtime. And it is permissionless — agents can pay anyone, anywhere, without needing both sides to share the same bank, processor, or country-specific payment network.

Micropayments need to be viable. Agents often transact in small amounts — a few cents for an API call, a few dollars for a dataset, fractional payments for usage-based services. Traditional card networks charge a minimum of $0.30 per transaction plus percentage fees, making small payments uneconomical or impossible. On a Layer 2 blockchain like Base, transaction costs are fractions of a cent. That makes micropayments practical for the first time.

Stablecoins are digital dollars that move like data. A stablecoin like USDC is designed to track the US dollar — one USDC represents one dollar. But unlike a bank transfer, it settles in seconds, moves across borders without intermediaries, and can be programmed into rules-based workflows. When an agent pays a vendor in USDC, it is sending a dollar-denominated payment that arrives instantly, costs almost nothing to send, and does not require either party to have a bank account in the same country — or any country.

The agent economy needs programmable money. More people are building AI agents and offering them out to work. More agents are consuming services from other agents — data feeds, compute, inference, storage. This machine-to-machine economy needs money that can move programmatically, settle instantly, and work within enforceable rules. Stablecoins on a programmable blockchain are the natural fit.

This is not about being a crypto product. Most Hightop users do not need to think about blockchains at all. It is about using the right infrastructure for the problem — the same way a messaging app uses the internet without asking you to understand TCP/IP.

Smart Contract Wallet#

Your Hightop account is backed by a smart contract wallet deployed on Base.

A smart contract wallet is different from a traditional crypto wallet. It is not just an address with a private key. It is a program that lives on the blockchain, with built-in logic for who can do what, under what conditions, and within what limits.

This is what makes Hightop's control model possible. The wallet itself can enforce rules — not just Hightop's servers, not just an app, but the wallet's own code running on the blockchain. When an agent tries to execute an action, the smart contract checks the request against the configured rules before anything happens. If the request violates any boundary, the transaction fails and no funds move.

Think of it as the difference between a lockbox with a key and a vault with programmable access controls. A lockbox either opens or it does not. A smart contract wallet can say: "this person can access this much, for this purpose, during this time window, using these assets only." And because the smart contract code is open-source and runs on a public blockchain, the vault is not a black box — anyone can read the rules and verify they work as described.

Control and Enforcement#

The control wallet configures the smart contract wallet. The smart contract wallet holds the assets and enforces the policies. These are separate roles.

Policy changes — adding an agent, updating limits, approving a new payment path — can only be initiated by the control wallet. Agents cannot widen their own permissions, and a stolen API key cannot change the rules. The control wallet acts through the smart contract, which means even those control actions go through the onchain mechanisms rather than silently overriding a backend policy.

This separation is what allows Hightop to offer programmable control without requiring trust in any single party — including Hightop itself. The full control model — how the control wallet is created, how control can be moved to another wallet, and what happens if that control wallet is compromised — is covered in Why Onchain Enforcement Matters.

How Agents Execute Without Custody#

Agents in Hightop do not hold private keys. They do not own the wallet. They do not have direct access to funds. What they have is the ability to request actions — and the smart contract decides whether those actions are allowed.

Here is what that looks like end to end:

Say you have an operations agent configured to pay approved vendors in USDC, with a $1,000 monthly budget and a $200 per-transaction cap. The agent — running in a framework like OpenClaw or Hermes, or in your own stack — sends a request to the Hightop API to pay a compute vendor $150 in USDC.

1. Hightop identifies which agent profile the request belongs to and assembles the transaction.
2. The transaction is submitted to the smart contract wallet on the blockchain.
3. The smart contract checks the request: Is this agent active? Does it have payment permission? Is USDC an allowed asset? Is this vendor an approved recipient? Is $150 within the per-transaction cap? Is the agent still within its monthly budget?
4. If every check passes, the payment executes. If any check fails, the entire transaction reverts — no funds move.

The checks happen in two phases (pre-execution and post-execution), both within the same atomic transaction. The full validation model — what gets checked, when, and how rules combine — is covered in Agent Permissions and Limits.

This is what "execution rights, not custody" means in practice. The agent can operate inside the lane you configured. The smart contract enforces the boundaries of that lane for every single request, regardless of who is behind the API key.

One Wallet, Every Protocol#

Your Hightop wallet connects to DeFi protocols through standardized adapters — uniform interfaces that translate each protocol's operations into a consistent format the wallet understands.

Whether it is depositing into a yield protocol like Aave, swapping tokens on Aerodrome, or managing a borrowing position on Ripe Protocol, the wallet interacts with each through the same kind of interface. A high-level summary of supported assets and protocol types is in the FAQ.

New integrations can be added through new adapters without redeploying the wallet. When a new protocol launches, the wallet gains access the moment its adapter is deployed — no migration, no update, nothing changes for you. New adapters expand what the wallet can reach, but existing agent permissions and allowed-venue rules still determine what each agent can actually use. A new protocol does not automatically widen any agent's lane.

This also means agents can interact with many protocols through a single wallet address, within the boundaries you configured. A yield-optimization agent, for example, can monitor rates across multiple lending protocols and move funds to the best opportunity — all through one wallet, all within its configured limits, and all without needing separate accounts on each protocol.

Batch Operations#

The smart contract wallet can execute multiple actions in a single atomic transaction. This means complex multi-step operations either succeed completely or fail completely — there is no partial execution.

This matters for agents running sophisticated strategies. A yield rebalancing operation might need to:

• withdraw from one lending protocol
• deposit into another with a better rate
• claim rewards from both
• reinvest those rewards

Without batch operations, each step is a separate transaction. If one fails halfway through, you end up in an inconsistent state — funds withdrawn but not redeposited, rewards claimed but not reinvested. With batch operations, the entire sequence executes as one unit. If any step fails, everything reverts cleanly.

One Wallet, Not Many#

Traditional approaches to agent finance often involve creating multiple wallets — one per agent, or one per purpose. That creates operational complexity: funds fragmented across addresses, balances that need manual reconciliation, no unified view of what is happening, and constant transfers between wallets that cost gas and add friction every time money needs to move for a different purpose.

Hightop uses one smart contract wallet per account. All agents operate through the same wallet, with the smart contract enforcing different rules for each agent. Funds stay in one place. Protocol positions are unified. Everything is visible in a single view.

This also means your assets can work harder. Idle funds in the wallet can earn yield through Earn. Earn positions can serve as collateral for borrowing. An agent optimizing yield and an agent managing payments are working with the same pool of capital, within their own separate lanes — not with separate pots of money scattered across different addresses.

Where to Go Next#

• Why Onchain Enforcement Matters explains the trust model, protections around the control wallet, and what happens during a compromise.
• AI Agents covers the agent model and what you configure per agent.
• Agent Permissions and Limits details the full rules layer.
• Earn Under the Hood explains vault architecture and AI-managed yield.
• Borrowing Under the Hood explains collateral, productive lending, and borrowing infrastructure.
• Technical References for the full map of protocol repos, technical docs, and live params tools.