> ## Documentation Index
> Fetch the complete documentation index at: https://docs.immutable.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Architecture
> How Passport secures user wallets with distributed key management
Passport provides non-custodial wallets without seed phrases. This page explains how it works and compares it to other wallet solutions.
## Smart Contract Wallet
Each Passport user has a smart contract wallet deployed on Immutable Chain. This enables:
Immutable sponsors gas for approved operations. Players never need to buy IMX just to play.
Whitelisted game contracts can execute instantly without confirmation popups—critical for real-time gameplay.
Lost your device? Log in with the same social account to regain access. No seed phrase needed.
Rate limiting, spending limits, and fraud detection protect users from malicious actors.
Wallet addresses are defined at account creation through CREATE-2 counterfactual deployment, with the actual contract deployed when the user performs their first transaction.
### Contract Source Code
Passport's wallet contracts are open source:
View the smart contracts powering Passport wallets
### Audits
| Component | Auditor | Report |
| ---------------- | ------------- | -------------------------------------------------------------------------------- |
| Wallet Contracts | Trail of Bits | [View on GitHub](https://github.com/immutable/wallet-contracts/tree/main/audits) |
## How Passport Works
Passport wallets are controlled by a **2-of-2 multisig**. Every transaction requires signatures from two separate keys:
| Key | Stored By | Purpose |
| ---------------- | --------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| **User Key** | [Magic](https://magic.link) | Downloaded to the user's device to sign transactions. Only the user can initiate transactions. |
| **Guardian Key** | Immutable | Enforces security policies: rate limits, spending caps, fraud detection, and protection against malicious games. |
Immutable never has access to the User Key. All transactions must be signed directly on the user's device—we cannot move funds without user action.
### Key Generation Flow
When a user authenticates with Passport:
1. User logs in via Immutable's OAuth flows (Google, Apple, email, etc.)
2. [Magic's infrastructure](https://magic.link) securely generates and stores the User Key
3. The User Key is downloaded to the user's device for signing transactions
4. Immutable's Guardian Key co-signs to enforce security policies
### Security Guarantees
| Property | Guarantee |
| ------------------------ | ----------------------------------------------------- |
| **Non-custodial** | User controls their private key |
| **No unilateral access** | Immutable cannot move funds without user action |
| **Recoverable** | Lost device? Log in again with same identity provider |
| **No seed phrases** | Key tied to authenticated identity |
## Comparing Wallet Solutions
Passport combines the best aspects of traditional and embedded wallets:
| Feature | MetaMask | Privy / Magic | Passport |
| ------------------------ | ----------------------------- | -------------------- | --------------------------- |
| **Onboarding friction** | High (extension, seed phrase) | Low (social login) | Low (social login) |
| **Transaction friction** | High (manual approval) | Low | Low + pre-approved options |
| **Cross-app identity** | ✅ One wallet everywhere | ❌ New wallet per app | ✅ One wallet everywhere |
| **Cross-device access** | ❌ Manual seed import | ✅ Login to access | ✅ Login to access |
| **User owns keys** | ✅ | ✅ | ✅ |
| **Gaming optimized** | ❌ | ❌ | ✅ Pre-approved transactions |
### The Problem with Traditional Embedded Wallets
Services like Privy and standalone Magic create a new wallet for each application. This fragments users across many addresses:
* **Scattered assets**: NFTs and tokens split across wallets
* **No unified identity**: Can't build cross-game reputation
* **Portfolio confusion**: Users don't know where their assets are
### Passport's Approach
Passport solves this by providing **one wallet that works across all Immutable games and apps**:
* Same address everywhere on Immutable
* Assets visible in any Passport-enabled app
* Build reputation and history across the ecosystem
* Still get the low-friction embedded wallet experience
**Best of both worlds**: Passport delivers the seamless UX of embedded wallets with the unified identity of traditional wallets like MetaMask.
## Supported Chains
| Chain | Network ID | Status |
| ----------------- | ---------- | ------------------------------- |
| Immutable Mainnet | 13371 | Full Support |
| Immutable Testnet | 13473 | Full Support |
| Ethereum Mainnet | 1 | Limited support, ejections only |
| Other EVM Chains | Various | Support coming in future |
Do not send funds to your Passport address on unsupported chains.
If you have sent funds on Ethereum mainnet, you can use the wallet functionality on [Immutable Play](https://play.immutable.com) to eject those funds to Immutable Chain.
If you have sent funds to your Passport address on any other chain, your funds will be stuck indefinitely. Please raise a ticket with [Support](https://support.immutable.com), but this will not be able to be resolved until Passport supports all EVM chains.
## Next Steps
Implement login flows
Send transactions and sign messages