Skip to main content
When you deposit into Tapioca, a lot happens behind the scenes to keep your experience simple and your funds secure. This page explains the end-to-end flow in plain language — what happens to your assets, who controls them, how yield is generated, and why you never have to pay gas or sign individual approvals.

Your smart account

The moment you sign up with your email, Tapioca creates a smart account — a programmable wallet deployed on Base that belongs exclusively to you. This is different from a traditional externally-owned account (EOA) like a MetaMask wallet. A smart account is a smart contract, which means it can enforce rules, batch actions, and accept sponsored transactions. Tapioca never holds your private keys. Your keys are protected by Privy’s embedded wallet infrastructure and never leave your device in a usable form. You are the sole owner of your smart account; Tapioca can interact with it only under the permissions you grant.

How the deposit flow works

1

You initiate a deposit

You select an asset and an amount in the Tapioca app. Behind the scenes, the app constructs a UserOperation — a structured intent that describes what you want to do — rather than a raw Ethereum transaction.
2

Gas is sponsored on your behalf

Before your UserOperation reaches the network, it passes through ZeroDev’s paymaster — a service that agrees to cover the gas cost. This is how Tapioca makes every transaction gasless. You never need ETH in your wallet for fees; the paymaster handles payment from Tapioca’s gas pool on your behalf.The UserOperation is then sent to ZeroDev’s bundler, which packages it with other users’ operations and submits it as a single Ethereum transaction. This is the ERC-4337 account abstraction standard in action.
3

Your smart account executes the action

Once the bundled transaction lands on Base, your smart account executes the deposit instruction. It transfers your assets to the yield protocol’s smart contracts and records your position.At no point does Tapioca take custody of your assets. The funds move directly from your smart account to the on-chain protocol.
4

Yield accrues on-chain

Your deposited assets are put to work inside battle-tested DeFi yield protocols deployed on Base. These protocols generate yield through mechanisms such as lending markets and liquidity provision — all transparent and verifiable on-chain.Yield accrues continuously and is reflected in your Tapioca portfolio balance in real time. You don’t need to manually claim or compound — this happens automatically.
5

You withdraw when you're ready

When you choose to withdraw, Tapioca constructs another UserOperation, the paymaster sponsors the gas, and your smart account calls the yield protocol to return your principal plus accrued yield to your balance. There are no lock-up periods.

Session keys: interacting without signing every transaction

Traditional wallets require you to manually approve every transaction. Tapioca uses EIP-7702 Session Keys to remove that friction while keeping your account secure. A session key is a time-limited, scoped permission that allows the Tapioca app to submit certain actions on your behalf — such as depositing or withdrawing within limits you set. Session keys cannot exceed the permissions you grant them, and they expire automatically.

Scoped

Each session key specifies exactly which contracts it can interact with and what actions it can perform. It cannot be used for anything outside that scope.

Time-limited

Session keys expire after a set period. When a key expires, Tapioca can no longer act on your behalf until a new key is issued with your approval.

Non-custodial

Session keys authorize actions but do not transfer ownership of your account or assets. Tapioca cannot move funds to arbitrary addresses.

Revocable

You can revoke active session keys at any time from the Settings page. Revocation takes effect immediately on-chain.
When you first sign up, Tapioca asks you to authorize a session key for standard deposit and withdrawal operations. You can review the exact scope of any session key before authorizing it.

Why Base?

Base is an Ethereum Layer 2 network built by Coinbase. It processes transactions faster and at a fraction of Ethereum mainnet costs, which makes it practical to sponsor gas fees for every user action. Base inherits Ethereum’s security model and is fully EVM-compatible, so the same audited smart contracts and DeFi protocols available on Ethereum can run on Base.

Security principles

  • Non-custodial — Your private keys never touch Tapioca’s servers. Your smart account is controlled by you.
  • On-chain — All yield strategies, positions, and transactions are recorded on Base and publicly verifiable.
  • Scoped permissions — Session keys limit what the app can do on your behalf without your explicit authorization.
  • No rug vectors — Tapioca has no ability to drain your smart account or redirect funds to arbitrary addresses.
You can inspect your smart account address and all on-chain activity at any time using a Base block explorer such as Basescan.

Learn more

Smart accounts

A deeper look at what smart accounts are and how yours is secured.

Session keys

How scoped, time-limited permissions work in practice.

Yield concepts

Where yield comes from and how it accrues to your balance.

Quickstart

Ready to deposit? Follow the step-by-step guide.