Building Meridian Pay: A Scalable Smart Wallet on Stellar
Author
Tori Samples
Publishing date
Meridian Pay activated
At Meridian 2025 in Rio De Janeiro, Brazil (M25) SDF introduced Meridian Pay, a smart wallet built on Stellar Mainnet. Attendees at M25 were able to set up a smart wallet in a couple of taps. They didn't need to worry about seed phrases, passwords, or installing an app, plus there were no user facing fees. In seconds, they were transacting onchain, claiming NFTs, redeeming event swag, and receiving and making payments. Behind the scenes, we combined three key components to achieve this:
- The Meridian Pay web wallet with passkey-based authentication designed to feel as simple as any Web2 experience
- Backend services to manage running a wallet at scale: the Stellar Disbursement Platform (SDP) for bulk wallet creation and asset distribution; and Wallet-Backend for fee sponsorship, submitting transactions to the Stellar network, and throughput
- Custom smart contracts: for smart wallet creation and recovery, NFT minting, token distributions, and bundled batch transactions
We’ll dive into how these components work together to create a production-ready smart wallet that takes away the complexities of blockchain for users, while remaining fully onchain.
A smarter wallet: simple UX, always onchain
Meridian Pay was built as a web-based experience, accessible from any browser without installing an app. Users are able to pin the link to their home screen for easy access.
When designing Meridian Pay, we knew we needed an instantaneous and secure onboarding experience that eliminated one of blockchain’s biggest hurdles: key management. We believe users shouldn’t be expected to remember seed phrases or worry about storing credentials securely in order to use a blockchain wallet.
This led us to passkeys, which solve authentication with WebAuthn. Meridian Pay users never have to see or manage their private key, or worry about seed phrases or passwords. Instead, they can authenticate using familiar methods they already trust like Face ID, Touch ID, or their device PIN. This made Meridian Pay feel like any simple web2 product while everything under the hood happened onchain.
If you can manage opening your phone’s home screen, you can manage using a wallet like Meridian Pay.
A bit more on passkeys:
Passkeys are a cryptographically secure solution created by the FIDO Alliance to be phishing-resistant, and to sync across devices through cloud providers. Meridian Pay uses passkeys for both initial login and signing transactions. If a user were to lose their device, they could reauthenticate using their cloud-synced passkey or an event-specific email recovery mechanism. This helped us prioritise speed, safety, and simplicity in the Meridian Pay design.
Here’s how it works:
1. Setup: When a user creates an account, the device generates a passkey keypair and the wallet contract stores the public key as its signer
2. Transaction Initiation: The user initiates a transaction (ex: to claim an NFT or make a payment) and the frontend constructs a WebAuthn challenge to be signed
3. Authentication: The device prompts the user for Face ID, Touch ID, or PIN and signs the challenge, creating an assertion
4. Verification: The account contract verifies the assertion’s signature against the stored public key for that user
5. Authorization and Execution: If valid, the transaction executes onchain
To the user, this looks like scanning a QR code, tapping a link, and authenticating with Face ID, with near-instant confirmation. In reality, those taps trigger wallet creation or transactions, fee sponsorship, and onchain contract execution all within a few seconds.
Backend services: powering wallets at scale
Behind the app, two backend systems made large-scale wallet orchestration possible: the Stellar Disbursement Platform (SDP) and the Wallet Backend.
The Stellar Disbursement Platform: scaling wallets and payments
The Stellar Disbursement Platform (SDP) is an open-source platform designed to make blockchain payments easy at scale. It is typically used by organizations that need to send hundreds, or thousands, of transactions at once.
The beauty of the SDP is that receivers don’t need to already have a blockchain based wallet. The sender uploads receivers via their email address and the SDP automatically facilitates inviting them to create an account.
Some capabilities of SDP include:
- Bulk disbursements: Send assets to thousands of recipients in minutes
- Account management at scale: Create wallets automatically for receivers who do not already have a Stellar wallet
- High throughput: Purpose-built for enterprise workloads and transactions at scale
At M25, SDP deployed smart wallets for over 1000 attendees, setting them up quickly and effectively. Using the email addresses provided during registration, SDP automatically generated wallet accounts for all attendees before the event began. SDP’s parallel processing capabilities made it possible to provision and fund thousands of wallets in minutes without manual coordination. We were able to deploy the wallets in advance because smart wallet addresses on Stellar are deterministic. We could know the attendees’ Stellar addresses even before they created their wallet, which allowed us to preemptively trigger disbursements and cue up further distributions.
Aside from wallet creation, SDP also enabled us to send assets like XLM and custom RWAs in bulk. Event-specific SWAG tokens were also disbursed to all attendees so that they could redeem conference swag from the moment they entered the venue.
Finally, SDP gave us an easy way to manage and track attendee wallets. The SDP provides an easy-to-navigate interface for viewing receiver wallet history and activity, which came in handy for answering questions and troubleshooting.
The wallet backend: invisible infrastructure, real impact
To create a smooth wallet experience, we kept complexity under the hood. The Wallet-Backend, developed partially to support Meridian Pay, is behind-the-scenes infrastructure that handles most of the heavy lifting for a smooth smart wallet experience on Stellar.
- Fee sponsorship: The backend sponsors transactions in real time using the Stellar fee-bump mechanism so users never see or pay transaction fees directly
- Throughput scaling: Channel accounts enable parallel submission of many transactions
- Data access: Onchain account history is indexed and exposed through a GraphQL API to provide instant wallet updates without polling Horizon
Technical detail:
When a user initiated a transaction, the backend:
- Constructed the raw transaction from the client.
- Wrapped it in a fee-bump envelope, adding its own signature and paying the fee.
- Submitted it through an RPC node.
- Monitored results, indexed updates, and streamed confirmations to the front end via WebSocket.
This is how users are able to use a smart wallet that “just works.” Tapping “send”, or “claim” feels quick and easy - underneath, fee-bumps and instant feedback are happening at scale.
Contracts: programmable logic and seamless actions
Meridian Pay relied on Stellar smart contracts for programmable wallet behavior. Here's a little more on what was happening behind-the-scenes.
Account contract with passkey authentication
Each user's wallet was managed with an Account Contract, which defined how authentication and recovery worked. The Meridian Pay Account Contract acted as a programmable wallet that authorized user actions based on WebAuthn credentials, rather than static keys. Traditional Stellar accounts use a static ed25519 keypair for authorization. Smart wallets go a step further: they can implement custom authentication logic through a special contract function called __check_auth that validates WebAuthn signatures. When a user first sets up their wallet, their passkey's public key is registered in the Account Contract, allowing future transactions to be signed via biometrics or device PIN and validated on-chain.
This made wallets seedless, recoverable, and designed to be phishing-resistant. If a user lost their device, they could reauthenticate via a cloud-synced passkey or an event-specific email recovery flow.
For Meridian Pay, recovery was done by authorizing two distinct servers to sign jointly (multi-sig) in order to recover the account. However, lost passkeys can be replaced in multiple ways. In practice, smart wallets can define any logic they want for recovery, including recovery passphrases, distributed multi-sig services, hard wallet signers, etc.
Multicall contract: bundled transactions
For developers used to bundling operations into a single transaction on Stellar, the constraint of only being able to execute a single contract invocation at a time may seem foreign. We knew Meridian Pay users would need to perform multiple actions at once and did not want to sacrifice user experience by making them sign with their passkey for each individual action.
Enter: the Multicall Contract. Based on Creit Tech's Stellar Router Contract, the Multicall Contract allows multiple contract invocations to execute in a single on-chain transaction. The contract validates authentication, then executes all bundled actions atomically. This allowed us to bundle multiple contract invocations into a single transaction, with the user authenticating one time and all actions being executed at once on-chain.
This was used for actions like redeeming multiple swag items in a single transaction or transferring many NFTs at once. It improved both performance and user experience, reducing multiple round-trips to a single blockchain interaction.
Merkle distributor: efficient bulk claims
To support large-scale distributions, Meridian Pay also included a Merkle Distributor Contract. We built this contract to facilitate sending tokens to thousands of people in a single moment, without collecting their addresses in advance, as a total surprise to the receivers. This allowed for a special moment on stage at Meridian when Stellar Development Foundation CEO and Executive Director Denelle Dixon announced in her opening keynote that all attendees could open their phones to claim 500 XLM with Meridian Pay. Attendees went to the Meridian Pay website and were prompted to claim their XLM with their passkey. They immediately received the XLM in their wallet. The best part? The engineering team wasn't managing or monitoring 1000 separate transactions. All the administrative work had been done in advance. The Merkle tree with eligible addresses had been set up early, even before attendees created their Meridian Pay wallets, and operated smoothly as attendees verified and claimed their tokens.
This was possible because contract addresses are not random keypairs. They are deterministically derived from the deployer address and a salt. For Meridian Pay, we used registered email addresses as the salt, meaning we could calculate every attendee's wallet address before the wallet was created and without any interaction with users. This allowed us to confidently set up a Merkle Tree of wallet addresses for the mass distribution.
Generally, Merkle Trees let you prove a value is on a list without storing the entire list. You store the root hash onchain, enabling minimal storage costs, and then users prove eligibility by submitting a cryptographic "receipt" (a Merkle proof) to claim funds. The contract is pre-funded, which allows receivers to claim en masse or asynchronously on their own time. Unclaimed tokens stay in the contract and can be clawed back after a certain time period, which prevents sending tokens into inactive addresses. Using this structure allows for turbocharged distributions with almost no limit on the number of people you can pay at once.
The combination of efficient scalability, lightweight user participation, hands-off administration, and the protection of unused funds makes Merkle Tree contracts ideal for controlled distributions. We used Merkle Trees for distributing XLM and SWAG tokens when users participated in a selfie machine activation by Checkpoint and Refraction that was at Meridian on-site. However, the sky is the limit. Whether initiating airdrops, rewards, or even something like aid distributions to people affected by disasters, using a Merkle Tree to manage payments onchain can help you distribute efficiently to the correct receivers with minimal costs and administrative overhead.
The future of smart wallets on Stellar
Meridian Pay is a production-ready showcase of what's possible with smart wallets on Stellar. It proved that smart wallets can deliver simple UX with fully onchain transactions. Meridian Pay wasn’t just a demo it was a proof that simple, secure, scalable wallets on Stellar are already here.
Over a thousand people at M25 used the wallet seamlessly. With its success and ease of use, we brought the experience to Stellar House Miami in December of 2025 and aim to continue to showcase it at future Stellar events!
For builders, all the same components are open source and ready to use. We encourage you to dive in and can’t wait to see what you build next: Stellar Wallet Demo App