User

Users are the consumers of modular smart accounts and cross-chain applications who hold assets distributed across multiple blockchain networks. They seek simplified experiences that allow them to perform complex operations without understanding the underlying technical complexities.

Users serve as the initiators of cross-chain intents by creating and signing orders that express their desired outcomes. When a user wants to perform a cross-chain operation, they sign either a GaslessCrossChainOrder or submit an OnchainCrossChainOrder directly to the origin chain. This signature authorizes the entire cross-chain operation, including asset transfers, swaps, or interactions with smart contracts on the destination chain.

The user's signature contains critical information such as the maximum amount they're willing to spend, the minimum amount they expect to receive, and the specific actions to be performed. This signature serves as both authorization and protection, ensuring that fillers can only execute operations within the user's specified parameters.

Security Considerations

Users must understand that their signatures on cross-chain orders create binding commitments that authorize specific asset movements and contract interactions. The signed data includes nonces that prevent replay attacks but also means failed operations may consume these nonces, requiring users to generate new signatures.

When signing UserOperations embedded within cross-chain intents, users authorize specific function calls that will be executed on destination chains. These signatures are publicly visible on-chain, making them vulnerable to front-running attacks where malicious actors can extract and prematurely execute the UserOperation before the legitimate filler provides the required assets.

Users should verify that their signed orders include appropriate deadlines (openDeadline and fillDeadline) and that the maxSpent and minReceived parameters reflect their actual intentions. The protocol's security depends on users understanding the scope of their authorization and the potential for nonce consumption even in failed execution attempts.