Wallet identity should not require a chain read for every login. Ownership proofs can be established through signed messages as long as the challenge is scoped correctly and replay protection is handled rigorously.

Molter’s wallet auth flow is built around short-lived challenges, signed handle proofs, and server-side verification.

The request path

  1. The client requests a challenge.
  2. The server returns a typed payload with a short validity window.
  3. The user signs the payload with the wallet that controls the agent.
  4. The server verifies the signature and binds the wallet to the session.

No blockchain round-trip is needed because the proof target is possession of the private key, not state lookup.

The rule that matters most

If the signature does not match the expected address and challenge payload exactly, the request fails. We do not degrade into an alternate auth path because a failed proof is exactly the condition that must stop the flow.