Delegate.cash is a decentralized, non-custodial delegation protocol on Ethereum that allows users to grant specific usage rights for their NFTs and tokens to another wallet address, known as a delegate or vault, without transferring ownership. This solves a critical security problem: users can interact with third-party applications, games, or marketplaces using a low-value hot wallet while their high-value assets remain securely stored in a separate cold wallet. The protocol uses a system of on-chain registrations to create verifiable, revocable links between a user's vault (holding wallet) and their delegate (operating wallet).
LABS
Glossary
Delegate.cash
Delegate.cash is a delegation registry protocol that allows NFT owners to delegate token-gated access rights to another wallet without transferring ownership.
Chainscore © 2026
definition
DELEGATION PROTOCOL
What is Delegate.cash?
Delegate.cash is a public utility smart contract that enables secure, non-custodial delegation of asset permissions across the Ethereum ecosystem.
The core innovation is the separation of asset ownership from asset utility. Common use cases include allowing a delegate wallet to - stake NFTs in a game, - vote in a DAO, - mint allowlist tokens, or - display a profile picture (PFP) in a social app, all while the true ownership and private keys remain in the secure vault. This significantly reduces wallet drain risk, as the delegate wallet typically holds little to no assets, making it a less attractive target for phishing or malicious smart contracts. The delegation is permissionless and can be set with varying levels of scope, such as for a specific collection (CONTRACT), a specific token (TOKEN), or as a broad ALL delegation.
Technically, Delegate.cash operates as a set of immutable, audited smart contracts that maintain a public registry of delegation links. Applications integrate by simply reading this registry to check if a connecting wallet (the delegate) has been granted rights by a vault that owns a required asset. This check is a simple view function call, making it gas-efficient. The protocol supports revocation at any time by the vault owner, instantly removing the delegate's permissions. As a public good with no native token, its design emphasizes security and minimalism, making it a foundational piece of infrastructure for improving user security in Web3.
how-it-works
DELEGATION PROTOCOL
How Delegate.cash Works
Delegate.cash is a decentralized delegation registry that enables secure, non-custodial management of token-gated access and permissions across the Ethereum ecosystem.
Delegate.cash is a public utility smart contract that functions as a delegation registry, allowing users to assign specific permissions for their NFTs or tokens to another wallet address, known as a delegate, without transferring ownership. This mechanism solves the security and convenience problem of needing to connect a valuable, asset-holding cold wallet (like a hardware wallet) directly to risky applications. Instead, a user can delegate rights from their vault to a low-value hot wallet for daily interactions, keeping their primary assets secure. The protocol supports three core delegation types: token-level (for a specific NFT), contract-level (for all NFTs in a collection), and wallet-level (for all NFTs a wallet owns).
The protocol's operation is permissionless and trustless. A user initiates a delegation by signing a transaction from their vault wallet to register a delegate address for a specific scope (token, contract, or wallet) within the Delegate.cash contract. This creates a permanent, on-chain record. When the delegate connects their hot wallet to a supporting dApp, the application queries the Delegate.cash registry. If a valid delegation is found, the dApp grants the delegate the same token-gated access rights as if they held the actual NFT, enabling actions like minting, voting, or entering exclusive areas. Critically, the delegate never gains custody of the underlying asset; they only gain temporary, revocable usage rights.
A key innovation is the concept of revocation. The vault wallet owner can revoke any delegation at any time by submitting a transaction to the registry, instantly removing the delegate's permissions. This provides superior security over simply sending an NFT to a delegate, which requires a separate transaction to reclaim. The system is gas-efficient for delegates, as they pay no gas to register or revoke delegations—only the vault owner incurs those costs. This architecture has made Delegate.cash a critical piece of infrastructure for NFT communities, gaming ecosystems, and DAO governance, where secure, flexible access management is paramount.
key-features
DELEGATE.CASH
Key Features
Delegate.cash is a decentralized registry protocol that enables secure delegation of asset permissions without transferring custody. It solves the 'cold wallet problem' by allowing users to grant specific, revocable powers to a hot wallet or agent.
02
Three Delegation Types
The protocol supports three granular levels of delegation:
- Contract-Level: Delegate rights for all assets from a specific collection.
- Token-Level: Delegate rights for specific token IDs within a collection.
- Wallet-Level: Delegate rights for all assets held by the vault wallet. This allows for precise control, from broad access for a gaming project to specific access for a single PFP.
03
Revocable & On-Chain Registry
All delegations are recorded as immutable, gas-efficient events on the Ethereum blockchain. The vault wallet can revoke any delegation at any time with a single transaction, instantly removing the delegate's permissions. This on-chain truth provides transparency and security, as any application can independently verify delegation status.
04
Solving the Cold Wallet Problem
Before Delegate.cash, users faced a dilemma: keep valuable NFTs secure in a cold wallet (inaccessible to dApps) or risk them in a hot wallet. This protocol decouples asset custody from asset utility. Users can now safely mint, stake, vote, or play games using delegated rights while their high-value assets remain in deep cold storage.
05
Gasless for Delegates
A key user experience feature is that the delegate (hot wallet) never pays gas to create a delegation. Only the vault wallet pays a one-time gas fee to register the delegation. The delegate can then interact with supported applications permissionlessly, using the pre-registered rights, without additional setup costs.
06
Application Integration
For dApp developers, integrating Delegate.cash involves checking the registry contract to see if a connecting wallet is a valid delegate for a vault. This enables features like:
- Allowing delegates to claim airdrops for vault-held NFTs.
- Letting delegates stake vault NFTs in a game or protocol.
- Enabling community managers to vote with a DAO's collective assets.
delegation-scopes
DELEGATE.CASH
Delegation Scopes & Types
Delegate.cash is a public utility smart contract enabling secure, granular delegation of asset management rights without transferring ownership. It defines specific delegation scopes to control which assets a delegate can act upon.
01
Contract-Level Delegation
Grants a delegate authority over all assets a user holds within a specific smart contract. This is the broadest scope.
- Example: Delegating all your CryptoPunks (Contract:
0xb47e3...) to a gaming platform allows it to use any Punk you own. - Use Case: Simplifying management for power users or protocols interacting with a single collection.
02
Token-Level Delegation
Grants a delegate authority over specific token IDs within a contract. This is the most precise and secure scope.
- Example: Delegating only your Bored Ape #7999 to a rental marketplace, while keeping Ape #8000 undelegated.
- Use Case: Selective lending, fractionalization, or allowing a service to use one specific NFT without exposing the entire collection.
03
Wallet-Level Delegation
Grants a delegate authority over all assets across all contracts owned by a specific vault or cold wallet address. This scope operates at the address level.
- Example: Delegating from your hardware wallet (
0xVault...) to a hot wallet (0xHot...) allows the hot wallet to interact with any asset the vault holds. - Use Case: Security workflows where a cold storage address delegates broad authority to a more operational wallet.
04
Revocation & Expiry
Delegations are not permanent. Users maintain ultimate control through:
- On-Demand Revocation: The delegator can revoke any delegation at any time.
- Expiry Timestamps: Delegations can be set with a block timestamp expiry, after which they are automatically invalid.
- Gasless Revocation: Users can revoke delegations via a signed message, often without paying gas, depending on the integrating platform.
05
Use Case: NFT Lending & Renting
A primary application is enabling non-custodial NFT finance.
- A lender delegates a specific NFT (Token-Level) to a rental protocol.
- A borrower can then use the NFT's utility (e.g., gaming, membership) without the lender transferring it.
- The lender retains ownership and can revoke the delegation after the rental term.
primary-use-cases
DELEGATE.CASH
Primary Use Cases
Delegate.cash is a public utility smart contract that enables secure, non-custodial delegation of asset permissions from a cold wallet to a hot wallet. Its primary use cases revolve around separating asset ownership from operational interaction.
02
Gasless Gaming & Interactions
Enables a hot wallet to interact with blockchain games or dApps using NFTs held in a cold wallet, without moving the assets. The game contract checks the delegation registry to verify permissions.
- Key Benefit: Play a game with your valuable NFT character without risking it on a gaming-focused wallet that may sign malicious transactions.
03
Bridging & Staking Operations
Delegates the ability to stake, bridge, or deposit assets locked in a cold wallet. A hot wallet can perform these actions on behalf of the cold wallet, which remains the ultimate owner of the assets and receives any yield or bridged tokens.
- Use Case: Providing liquidity or staking from a hardware wallet without compromising its security for daily transactions.
04
Airdrop Claiming & Management
A hot wallet can claim token or NFT airdrops that are distributed to a list of cold wallet addresses. This prevents the need to load private keys for hundreds of wallets just to perform a simple claim transaction, streamlining operations for large holders or DAOs.
05
Revocable Smart Wallet Management
Provides a flexible framework for smart contract wallets (like Safe) or decentralized autonomous organizations (DAOs) to delegate asset control to operator addresses. Permissions can be revoked at any time, offering granular control over asset usage by agents or sub-teams.
06
Separation of Treasury & Operations
Ideal for projects where a treasury multisig holds assets but a separate team needs to use them for payments, rewards, or grants. The treasury delegates specific token permissions to an operations wallet, which can execute transfers up to a set limit without holding the treasury's keys.
ecosystem-usage
DELEGATE.CASH
Ecosystem Usage & Integration
Delegate.cash is a public utility smart contract that enables secure, non-custodial delegation of asset access rights, separating asset ownership from usage permissions.
01
Core Mechanism: Delegation Registry
At its heart, Delegate.cash is a delegation registry—a single, shared smart contract that maintains a public, on-chain record of delegations. A wallet (the delegator) can register another wallet (the delegate) to act on its behalf for specific NFTs or token types. This creates a permission layer without transferring ownership.
- Vault Wallet Pattern: Users keep valuable assets in a secure cold wallet (vault) and delegate usage rights to a separate, more frequently used hot wallet.
- On-Chain Verification: Any integrated application can query the registry to check if a connecting wallet has valid delegated rights for a specific NFT.
02
Delegation Scopes & Flexibility
The protocol offers three granular levels of delegation scope, providing flexibility for different security and use case needs.
- Contract-Level Delegation: The delegate can act for all NFTs from a specific collection owned by the delegator. Useful for full management of a collection.
- Token-Level Delegation: The delegate is authorized for a specific, single NFT (by token ID). Ideal for lending or temporary, precise permissions.
- All-Encompassing ("For All") Delegation: The delegate can act for all NFTs across all contracts owned by the delegator. This is the highest-trust mode, often used for complete wallet management by a trusted party.
03
Primary Use Case: Secure Asset Management
The dominant use case is separating asset custody from daily interaction, significantly improving security posture.
- Cold/Hot Wallet Setup: Users store high-value NFTs (e.g., Bored Apes, CryptoPunks) in a hardware wallet (cold) but delegate the rights to a hot wallet (like MetaMask) for activities like voting, staking, or displaying in a profile.
- Risk Mitigation: The hot wallet can be compromised without risking the loss of the underlying assets, as it only holds permissions, not ownership. The delegator can revoke access at any time.
04
Integration with dApps & Marketplaces
Hundreds of decentralized applications (dApps) have integrated Delegate.cash to respect delegated rights, unlocking functionality for vaulted assets.
- NFT Marketplaces: Platforms like Blur and OpenSea check the registry. A delegate can list, make offers, or buy on behalf of the vault wallet.
- Gaming & Metaverse: Games like Parallel and Pudgy Penguins allow delegated wallets to use in-game assets stored in cold storage.
- Governance & Social: DAOs and social platforms (e.g., Galxe) recognize delegates for voting or proving community membership via held NFTs.
05
Revocation & Security Model
Delegations are non-custodial and revocable at any time by the asset owner (delegator). This is a core security feature.
- Immediate Revocation: The delegator submits a transaction to the registry to remove a delegate's permissions. This change is effective immediately for all integrated applications.
- No Trust in Operators: The Delegate.cash contract is immutable and permissionless. There is no admin key or centralized party that can alter or seize delegations.
- User-Controlled: Security ultimately depends on the security of the delegator's private key.
06
Related Concept: ERC-4337 Account Abstraction
Delegate.cash and Account Abstraction (ERC-4337) address related problems—improving wallet usability and security—but through different architectural layers.
- Delegate.cash: Operates at the application logic layer. It's a specific smart contract that dApps choose to query for permissions. It works with any standard Externally Owned Account (EOA).
- Account Abstraction: Operates at the protocol/account layer. It replaces EOAs with smart contract wallets that can natively encode complex logic, like spending limits or multi-sig, directly into the account itself.
- Synergy: A smart contract wallet (ERC-4337) could be set as a delegator in Delegate.cash, combining the benefits of both approaches.
ACCESS CONTROL MODELS
Delegation vs. Custody & Lending
A comparison of different methods for granting third-party access to digital assets, focusing on security, control, and use cases.
| Feature | Delegation (e.g., Delegate.cash) | Custody (e.g., CEX) | Lending (e.g., NFTfi) |
|---|---|---|---|
Asset Ownership | Remains with holder | Transferred to custodian | Remains with lender |
Private Key Control | Holder retains keys | Custodian holds keys | Lender retains keys |
Access Scope | Precise, revocable permissions | Full administrative control | Time-bound collateral right |
Smart Contract Reliance | |||
On-Chain Verifiability | |||
Primary Use Case | Gaming, Airdrops, Utility | Secure storage, trading | Leverage, capital efficiency |
Counterparty Risk | Low (non-custodial) | High (custodial) | Medium (collateralized) |
Revocation Speed | Immediate (on-chain) | Varies by provider | At loan term end |
security-considerations
DELEGATE.CASH
Security Considerations
Delegate.cash is a delegation registry that separates token ownership from utility rights, enabling secure delegation of asset permissions without transferring custody. This introduces specific security models and attack vectors to evaluate.
01
Delegation Scopes & Attack Surface
Delegate.cash defines three delegation scopes, each with a distinct security profile:
- Contract-level: Delegates can interact with any contract on behalf of the vault. This is the most powerful and risky scope.
- Token-level: Delegates can interact with specific token IDs (e.g., Bored Ape #1234). Limits exposure but requires precise management.
- Wallet-level: Delegates can act for all tokens in the vault. Broad utility but increases the blast radius if a delegate is compromised. Understanding the scope is critical for assessing the permissions being granted.
02
Revocation Mechanisms & Timelocks
Security depends on the ability to revoke access. Delegate.cash offers two primary methods:
- Direct Revocation: The vault owner can instantly revoke any delegation. This is the standard and safest model.
- Expiring Delegations: Delegations can be set with a block number expiration. After the specified block, the delegation automatically becomes invalid. This is useful for temporary, trust-minimized access. A key consideration is that revocations are not retroactive; any transactions signed by the delegate before revocation may still be valid if included in a later block.
03
Vault Compromise vs. Delegate Compromise
The system creates two distinct threat models:
- Vault Private Key Compromise: If an attacker gains control of the vault wallet, they can revoke all legitimate delegations and create new, malicious ones. This is a catastrophic failure equivalent to losing the assets.
- Delegate Private Key Compromise: If a delegate's wallet is compromised, the attacker gains the delegated permissions but not ownership of the vault's assets. The vault owner must revoke the delegation to neutralize the threat. The risk is scoped to the permissions granted (e.g., only staking, not selling).
04
Smart Contract & Integration Risks
The security of the entire system depends on:
- Delegate.cash Registry Integrity: The immutable, audited core contract that maintains the delegation list.
- Integrating Protocol's Validation: Any protocol accepting delegations must correctly query the registry. A bug in the integrator's code could allow unauthorized actions.
- Front-running Revocations: In a mempool, a malicious delegate could see a revocation transaction and attempt to front-run it with a malicious transaction using their soon-to-be-revoked permissions. Users should consider using private transactions (e.g., Flashbots) for critical revocations.
05
Phishing & Social Engineering
Delegation introduces new phishing vectors:
- Fake Delegation Requests: Users may be tricked into delegating to a malicious address, granting it permissions to interact with their assets on integrated platforms.
- Impersonation of Trusted Delegates: Attackers may create wallet addresses similar to well-known delegate services (e.g., gaming guilds, rental platforms).
- Signature Farming: Malicious dApps may request signatures for transactions that inadvertently create a delegation. Users must verify exactly what they are signing, as a delegation signature grants ongoing permissions, not just a one-time transaction.
DELEGATE.CASH
Common Misconceptions
Delegate.cash is a critical infrastructure for secure NFT delegation, yet its purpose and mechanics are often misunderstood. This section clarifies the most frequent points of confusion.
Delegate.cash is neither a wallet nor a custodian; it is a delegation registry that operates as a smart contract on the Ethereum blockchain. It does not hold user assets or private keys. Instead, it maintains a public, on-chain record of delegation links, mapping a delegator's cold wallet address to a designated hot wallet address. This allows the hot wallet to act on behalf of the NFTs in the cold wallet without the assets ever leaving the secure vault. The system is non-custodial and permissionless, meaning users retain full control and can revoke delegations at any time.
DELEGATE.CASH
Frequently Asked Questions
Delegate.cash is a public utility protocol for managing token delegation on the Ethereum blockchain. These questions address its core mechanics, security model, and common use cases.
Delegate.cash is a public, non-custodial registry smart contract that allows Ethereum wallet owners to securely delegate access rights for their NFTs and other tokens to another wallet, known as a delegate or vault, without transferring ownership. It works by creating on-chain records that link a user's cold wallet (holding assets) to a designated hot wallet (for daily use). Applications that integrate the protocol can check this registry to grant the delegate wallet permissions—such as voting in a DAO, accessing a gated community, or using an NFT in a game—based on the tokens held in the linked cold wallet. This separation enhances security by keeping valuable assets in secure storage while enabling their utility.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall