LUKSO LSP6 Key Manager Standard
The permission layer. Many controllers per account, each with a scoped permission bitfield.
// Controllers call the Key Manager; the Key Manager calls the account.
function execute(bytes calldata payload)
external payable returns (bytes memory);
// Permissions are stored as ERC-725Y data on the account:
// AddressPermissions[] → array of controller addresses
// AddressPermissions:Permissions:<controller> → 32-byte bitfield
// AddressPermissions:AllowedCalls:<controller> → list of (standard, target, selector)
// AddressPermissions:AllowedERC725YDataKeys:<controller> → list of data keys
LSP6 turns the account permission question into a structured grant: this controller can do
these things, on these contracts, with these data keys. The whole vocabulary lives
on-chain. Granting an app a narrow session controller is setData calls; revoking is
setData calls. The wallet UI can’t bypass it, because the Key Manager checks every call
before it reaches the account.
The permission bitfield includes CALL, SUPER_CALL, STATICCALL, DELEGATECALL,
TRANSFERVALUE, SIGN, ADDCONTROLLER, EDITPERMISSIONS, SETDATA, and several scoped
variants. AllowedCalls constrains which contracts a controller can invoke;
AllowedERC725YDataKeys constrains which data keys it can write. Use both for real session
scoping; use neither and you’ve handed over a permanent app key.
What it solves.
What it does not solve.
Anti-overselling is a feature.
- LSP6 doesn't decide your recovery policy. You compose it from permissions.
- It doesn't expire keys on its own — time-bound sessions are app-level (or via a recovery contract).
- Permissions are on-chain state. Frequent rotation costs gas.
Companions.
Standards this composes with.