Aztec-TEE-Automator
schedule private recurring payments on TEE
Created on 22nd June 2025
•
Aztec-TEE-Automator
schedule private recurring payments on TEE
The problem Aztec-TEE-Automator solves
Smart contract automation is a widely-adopted solution in crypto applications and protocols, e.g. Gelato and Chainlink. Primary use cases in finance(DeFi) are limit order, DCA, auto-rebalancing, and recurring payment, but you can also find non-financial ones, e.g. time-locked proposal execution in DAO and auto-token ( airdrop / NFT ) claiming.
However, it is currently difficult to implement it on Aztec, a privacy-first Ethereum layer2 zkrollup, without compromising privacy. This is because whoever initiates transactions have to know complete information about the transaction for proving. In other words, the third party you outsource your work(transactions) to can know what you do, e.g. what / how much token you transfer to whom.
This is where Aztec TEE Automator, Intel-TDX-based PXE server that privately executes scheduled txs on behalf of users, comes into play. We use Phala's TEE infrastructure called CVM(Confidential Virtual Machine) where our automator service is deployed as a docker image. Phala not only provides cloud dashboard useful for configuring/monitoring our service in TEE but also tools/infra for attestation over TEE and apps running inside. *Note that Phala doesn't run Intel TDX but uses ones ran by external providers.
To be more concrete on what our automator does, it basically 1) receives encrypted job requests from users that contain tx execution requests along with the information about user's account keys, contracts, execution schedule, 2) decrypts them and registers accounts & contracts into PXE running in the server, 3) periodically check and execute the job.
For this hackathon, we built the TEE Automator server service, client-side library for any apps to tap into this service, and a demo example app of recurring payments that demonstrates the utility of the service and library.
Challenges I ran into
Issues in Aztec.js
-
random zod error on [email protected]. Fixed once i bumped to 0.87.8.
-
pino issue in 0.87.8 that blocked browser app with aztec.js to run ( vite build ). fixed once i passed logger manually to browser-pxe instantiation method.
The places where I was getting stuck most were mostly around Phala's cloud / CVM, in which i, a newbie of docker, was trying to properly publish and run our dockernized service on their cloud.
Besides that, there are a few challenging-to-implement improvements I can work on but couldn't due to limited amount of time.
-
Support more privacy-preserving delegation:
TEE PXE only receives users’ app-siloed keys ( nullifying keys and decryption keys etc.. ) instead of master secret key so that master secret key won't be leaked even in the event of TEE compromises. -
Secure authorization over payload execution:
Users' account contract can be configured in a way that allows external contracts to execute specific payloads ( target address and selector ) during a certain period of time. ( example executeFromOutside() in Safe ). Then, an account contract we control in our service can call into users' account contract to perform jobs without knowing user's signing key.
According to official sources, Intel-TDX has never get compromised unlike SGX, but less battle-tested as it's new. So it's wiser to try to minimize its risks by not having users handing over their sensitive information to it.
Tracks Applied (3)
Grand Prize: Best Overall Aztec Testnet Project
Aztec
Most Innovative or Technically Proficient Aztec Integration
Aztec
"Builder's Choice" Grant
Aztec
Technologies used
Cheer Project
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.