Powered by the Trust Atom Protocol
Every contract you deploy through ColdAuth creates a Trust Atom — a verifiable, on-chain record of your governance identity. An open standard for composable trust across any chain.
Explore the Protocol →No CLI. No .env files. No hot keys. ColdAuth works with Tangem, Ledger, MetaMask, Phantom, or any WalletConnect wallet. Solana and EVM — one tool for every chain.
If you own a smart contract, program, or protocol — WalletDeploy is how you manage it. Works with Phantom, Solflare, or any hardware wallet.
Deploy, upgrade, extend, close programs — no CLI required. Transfer upgrade authority. Recover locked SOL from buffers. Cold wallet is authority from block 0.
Scan any wallet for orphaned buffer accounts and recover locked SOL in one click. No wallet connection needed to scan.
Permanently remove upgrade authority. Irreversible. The gold standard for decentralization — cryptographic proof your program can never be changed.
Emergency shutdown, reactivate, make irrevocable. Cold wallet governance for autonomous agents.
Update commission, withdraw from vote account. Full validator management from cold wallet.
Candy Machine updates, Token Metadata authority transfers. Metaplex program management.
Deploy tokens or any contract from your cold wallet via ColdAuth Factory. Paste bytecode, auto-fill owner. Tangem, Ledger, or MetaMask.
Auto-fetch ABI from explorer. Every function becomes a button. Ownership verification. Works with any verified contract on Ethereum, Base, Arbitrum, Optimism, Polygon.
upgradeTo, transferOwnership, changeAdmin. OpenZeppelin TransparentProxy and UUPS.
Deploy ERC-20 tokens. transferOwnership, pause, unpause, mint, burn. All from cold wallet.
Emergency pause, fee updates, oracle changes. Admin operations for any DeFi protocol via custom ABI.
setBaseURI, reveal, pause, setRoyalty. Full collection management from cold wallet via custom ABI.
propose, execute, cancel, setVotingDelay. Any Governor contract — cold wallet signs every governance action via custom ABI.
setGuardian, updateRelayer, pause. Cold wallet administration for any bridge via custom ABI.
Upgradeable contracts on Near, Sui, and Aptos. Same pattern, different instruction encoding.
Every level is better than what you have today. Every level uses the same tool.
No CLI. No keypair file on disk. Your private key never leaves your browser wallet. Top-level signing — no middleware, no CPI, no limitations.
Private key never touches any internet-connected device. Physical possession required to sign. On-chain audit trail — cryptographic proof of every operation. GENIUS Act & CLARITY Act ready.
No single person can sign. N-of-M hardware wallet approval required. Full governance trail on-chain. SOC 2 Type II. The strongest possible model for protocols with real TVL.
Most developers start with Phantom, Solflare, or MetaMask — no hardware wallet needed, no CLI, better than anything available today. When your program has real value on mainnet, graduate to a hardware wallet with one transfer-authority transaction. When your protocol has significant TVL, add multi-sig governance. ColdAuth is the only tool that covers every step.
Every existing tool fails when your program authority isn't a hot CLI keypair.
| Solution | Hardware Wallet Support | Top-Level Signing | Admin Operations | Multi-Chain | No Blind Signing | Zero AI |
|---|---|---|---|---|---|---|
| WalletDeploy | ✓ Yes | ✓ Yes | ✓ Yes | ✓ Yes | ✓ Yes | ✓ Yes |
| CLI Tools | ✗ Exposes key | ✓ Yes | ✓ Yes | ✗ No | ✗ No | ✓ Yes |
| Squads / Gnosis Safe | ✓ Yes | ✗ No (CPI) | ✗ Blocked | ✓ Yes | ✗ No | ✗ No |
| Hardware Wallet Apps | ✓ Yes | ✓ Yes | ✗ No UI | ✗ Limited | ✗ No | ✓ Yes |
Every blockchain runtime enforces the same security invariant: administrative instructions must be top-level transactions signed directly by the authority. This is a security feature that will never change. Squads, Gnosis Safe, and every other middleware tool can never fix this — it's not a bug, it's the design. WalletDeploy submits instructions as top-level transactions, signed directly by your hardware wallet. No middleware. No CPI. No limitations. On every chain. Forever.
ColdAuth is pure client-side HTML and JavaScript — no backend, no build pipeline, no AI inference layer. Press Ctrl+U (Cmd+U on Mac) to view every line of code running in your browser. There is no AI anywhere in this tool — no suggested transactions, no auto-fill, no ML models, no LLM calls. Every instruction is deterministically constructed from your inputs, byte-for-byte verifiable before signing. What you see is exactly what gets signed — nothing more, nothing less. Deploy operations derive ephemeral keypairs in-browser, funded by your cold wallet, to sign buffer writes locally. Your hardware wallet signs only the funding transaction and the final deploy/upgrade. Ephemeral keypairs are destroyed immediately after the operation completes, with unused SOL returned to your cold wallet. No telemetry. No blind signing. This is a stronger trust model than any GitHub repo, where published code and deployed code can differ.
No installation. No signup. No CLI. Just your browser and your wallet — Phantom, Solflare, or any hardware wallet.
Click Connect → choose Phantom or Solflare (browser extension, instant) or WalletConnect (QR code for Tangem, Keystone, or any hardware wallet). Takes 10 seconds.
Choose from program upgrades, authority transfers, buffer recovery, agent management, and more. For deploys: upload your .so file (or paste a buffer address). For upgrades/closes: enter the program address. ColdAuth handles the rest.
For new deploys, ColdAuth chunks your .so file and writes it to a Solana buffer. Tap your hardware wallet to sign the buffer write. For upgrades/closes, skip to step 4.
Before every signing step, a QR code appears showing the full transaction details. Scan with your phone to see exactly what you’re signing — action, program address, all addresses in full — before approving. This is our no blind signing guarantee. Works on all operations: deploy, upgrade, freeze, close, transfer authority, buffer recovery.
ColdAuth builds the final transaction and sends it to your wallet. Approve in Phantom or Solflare, or tap your Tangem card / scan with Keystone. Transaction submitted directly to the blockchain. Every operation includes an on-chain memo — a permanent audit trail of exactly what was signed.
Start with the wallet you already have. Upgrade to a hardware wallet when you're ready.
Ethereum, Base, Arbitrum, Optimism, Polygon — deploy and manage any contract from your cold wallet. Proven on Base mainnet with Tangem.
Launch EVM App →All deployment and upgrade operations are free, forever. Upgrade to Enterprise for compliance, white-label, and multi-signature workflows.
$50K-$150K/year — see full details below
Learn More →Choose your workflow — browser, terminal, or editor. All three use the same signing architecture: zero hot keys, on-chain audit trail, any wallet.
Open your browser, connect your wallet, manage programs. No installation. Works on any device with a browser. Best for quick one-off operations and first-time users.
Launch App →Interactive terminal sessions. Connect once, run multiple commands. Auto-extend on upgrade. Local program labels. Transaction history with memos. Best for power users and multi-operation workflows.
Inline buttons above declare_id!() macros. Hover for program status. Right-click to upgrade, transfer authority, or recover SOL. Deploy without leaving your editor.
Install from Marketplace →Build WalletDeploy operations into your own deployment scripts. Same transaction construction, same hardware wallet signing, fully programmable.
Hardware wallet signing as a gate condition in deployment pipelines. Pipeline pauses, you approve on your wallet, pipeline continues. No hot keys in CI ever again.
When the SEC audits your stablecoin or regulators question your protocol's decentralization, WalletDeploy provides cryptographic proof on a public blockchain that every smart contract upgrade was authorized by your hardware cold wallet. Our compliance package includes legal opinion letters explaining why this satisfies GENIUS Act and CLARITY Act requirements. The conversation ends there.
ROI: Regulatory fine avoidance ($10M+) · SOC 2 certification (required to operate) · Legal defense costs ($500K-$5M) · Cost of building internally ($1M-$2M) · Your cost: $50K-$150K/year
Book a DemoNo. Start with Phantom, Solflare, or MetaMask — your private key never leaves your browser wallet, no CLI required, and you get the full ColdAuth feature set. When your contract has real value on mainnet, graduate to a hardware wallet for cold storage security. Same tool, one step up.
Yes. Use the devnet web app, run walletdeploy session -u devnet in the CLI, or switch to devnet in the VS Code extension — all the same features, no real SOL at risk. Works with Phantom, Solflare, or any WalletConnect wallet pointed at devnet.
ColdAuth is free forever for developers — unlimited operations, all chains, no account, no credit card, ever. Deploy, upgrade, close, freeze, recover SOL, transfer authority — all free. Enterprise pricing ($50K-$150K/year) is for stablecoin issuers, protocols, and institutions requiring GENIUS Act / CLARITY Act compliance, legal opinion letters, multi-signature workflows, and white-label deployment.
ColdAuth is pure client-side HTML and JavaScript — press Ctrl+U (or Cmd+U on Mac) to audit every line. Deploy operations derive ephemeral keypairs in-browser, funded by your cold wallet, to sign buffer writes locally. Your hardware wallet signs only the funding transaction and the final deploy/upgrade. Ephemeral keypairs are destroyed immediately after the operation completes, with unused SOL returned to your cold wallet. No backend. No telemetry. No blind signing. This is a stronger trust model than a GitHub repo, where the published code and the deployed code can differ.
ColdAuth never touches your private keys. Your hardware wallet signs every transaction locally. We build the transaction, send it to your wallet via WalletConnect, you approve it, and it's submitted directly to the blockchain. Zero custody. Zero risk.
Before signing, a QR code appears with the full transaction details. Scan it with your phone to verify exactly what you're signing — every address in full — before tapping your hardware wallet. Every operation also includes an on-chain memo as a permanent audit trail, visible on Solana Explorer.
Squads and Gnosis Safe route transactions through their own smart contracts (CPI on Solana, delegatecall on EVM). Blockchain runtimes permanently reject administrative instructions that don't come from a top-level transaction signed directly by the authority. This is a security feature, not a bug. ColdAuth submits top-level transactions, so it works for all admin operations.
Yes. Deploy tokens, deploy any contract, and manage any verified contract on Ethereum, Base, Arbitrum, Optimism, Polygon, BNB Chain, and Avalanche. Connect via MetaMask or WalletConnect (Tangem, Ledger, any hardware wallet). Launch EVM App →
Ledger can connect via WalletConnect in the CLI and web app. Trezor has limited WalletConnect v2 support and hasn't been verified. Tangem, Keystone, Ngrave, and Ellipal are fully confirmed working. If you've tested other wallets successfully, let us know at dev@walletdeploy.com.
ColdAuth is infrastructure tooling — it signs transactions, nothing more. No tokens, no custody, no funds held, no private keys touched. It has no exposure to the GENIUS Act (stablecoin issuers) or CLARITY Act (digital asset trading). As regulatory frameworks push protocol teams toward verifiable admin key security, WalletDeploy’s audit logs provide cryptographic proof of every admin operation — who signed it, what was signed, and when.
The web app stores nothing — it's completely stateless. No wallet addresses, no transaction history, no user data. The CLI stores only local program labels (in ~/.walletdeploy/labels.json) so you can tag program IDs with names. No data is ever sent to our servers.
Every contract you deploy through ColdAuth creates a Trust Atom — a verifiable, on-chain record of your governance identity. An open standard for composable trust across any chain.
Explore the Protocol →