Summary
Let a delegator keep their cold wallet offline and authorize a “bot wallet” to handle all the routine staking chores—claiming rewards or redelegating across every delegation contract they use. The Delegation Manager stores a single owner→bot mapping and exposes two new batch endpoints:
- claimMultiOf(owner, contract1, contract2, …): Call claimRewardsOf(owner) on each listed delegation contract in one transaction.
- reDelegateMultiOf(owner, contract1, contract2, …): Same, but for redelegating rewards.
Each delegation contract also gains direct single-call endpoints:
- claimRewardsOf(owner): Transfer rewards to the caller if and only if the caller is the owner or the owner’s registered bot.
- reDelegateRewardsOf(owner): Redelegate the owner’s rewards while the caller only needs bot authorization.
Owners register or revoke their bot through the manager and every change is logged:
- setDelegatedWallet(bot)
- removeDelegatedWallet()
The entire feature is gated by a new DelegationOnBehalfFlag, so we can deploy safely then enable when ready.
Why this is needed
Large stakeholders (validators running dozens of pools, custodians, DAOs, multisigs, Ledger users) need to claim or compound rewards daily. Today they must either repeatedly plug in the cold wallet that controls the node or funds, or hand over the keys to a hot wallet or third-party service. Neither is acceptable for accounts that control significant value.
By introducing delegated bot wallets:
- Cold storage stays cold: the owner only signs once to register a bot and again to revoke it. Day-to-day automation happens with a hot wallet that has no authority beyond running the public endpoints.
- Services can scale: a custody provider or DAO can run a single bot that serves many owners, with full audit logs and revocation.
- Users keep control: the manager and each delegation contract enforce authorization on every call. If an owner revokes or rotates the bot, all delegated operations instantly stop.
Security and behavior
- Authorization is checked twice: once in the manager before dispatch, and again in each delegation contract. Unauthorized bots cannot succeed even if they invoke contracts directly.
- Calls are atomic: if any provider rejects the request or the VM runs out of gas, the entire batch reverts—no partial state.
- Backwards-compatible: existing claimMulti / reDelegateMulti flows stay under their original flag; the new functionality only activates when DelegationOnBehalfFlag is set.
- One bot, many owners: a single bot can be authorized by multiple owners, and each owner can use the same bot across all current and future delegation contracts.
Endpoints Overview
Manager:
- setDelegatedWallet(bot)
- removeDelegatedWallet()
- claimMultiOf(owner, contract1, contract2, …)
- reDelegateMultiOf(owner, contract1, contract2, …)
Delegation contracts:
- claimRewardsOf(owner)
- reDelegateRewardsOf(owner)