Rob Behnke
February 15th, 2024
Account abstraction — implemented as Ethereum Request for Comment (ERC)-4337 — has the potential to dramatically change how Ethereum functions. One of the most significant effects is changing how end users interact with the blockchain, opening up a range of new opportunities and expanding the potential user base of blockchain technologies.
ERC-4337 is an Ethereum standard enacted in 2023 that implements account abstraction. While previous account abstraction proposals existed, they required making changes to the underlying Ethereum protocol, while ERC-4337 did not.
Traditionally, Ethereum has had two types of accounts. Contract accounts have code associated with them that users can interact with. All Ethereum users interacted with the blockchain via Externally Owned Accounts (EOAs). EOAs are managed via private keys, which adds complexity to interacting with the blockchain. Ethereum users are responsible for managing and securing their own private keys, creating a barrier to entry to the blockchain.
On the Ethereum Network, all transactions need to begin from an EOA and have gas sent along with them to pay for the transaction. This makes the system less usable and forces users to have an EOA to do anything on Ethereum.
With ERC-4337, Ethereum users can interact with the blockchain via UserOperations. These are pseudo-transactions that are collected into an Ethereum transaction by a Bundler. This Bundler sends the transaction to the EntryPoint smart contract on the Ethereum network, which validates and executes each operation contained within the bundle.
ERC-4337 implements account abstraction by creating a new transaction layer on top of the Ethereum network. Before a UserOperation reaches the Ethereum blockchain as part of a transaction, it is submitted to an alt-mempool and verified by a Bundler.
The goal of ERC-4337 was to expand the possibilities for Ethereum accounts by moving from EOAs to smart contract wallets. These are some of the main ways that account abstraction changes Ethereum account management.
Private key management is one of the main challenges and barriers to blockchain usage and adoption. The need to maintain and secure private keys makes DApps less usable than traditional Web2 solutions.
With ERC-4337, there is no need for a user to maintain an EOA with a private key to interact with the Ethereum blockchain. Instead, they can use UserOperations to perform transactions. Bundlers can accept a range of authentication options, including security enhancements such as multi-factor authentication (MFA).
Traditionally, all Ethereum transactions need to include a certain amount of gas to execute. This gas is used to reward the validators responsible for maintaining the blockchain’s ledger and making the system work.
However, there are scenarios where paying for each individual transaction may be undesirable or create friction for a user. For example, a protocol trying to onboard new users or bridge the gap between Web2 and Web3 might want to pay for its users’ transactions or consolidate payments into a single subscription fee. Alternatively, users might want to be able to pay transaction fees using ERC20 tokens rather than Ether.
With ERC-4337, the paymaster is responsible for paying for the gas fees associated with a bundle of transactions. These paymasters can then be reimbursed by users with different currencies, at different intervals, etc.
ERC-4337 eliminates the requirement for users to have EOAs. Instead, users can create UserOperations and authenticate their identity in various ways.
This abstraction of the authentication process enables wallets to be created that have functionality that would be difficult or impossible to implement with EOAs.
Some examples include:
Social Recovery: One common application of account abstraction is the creation of wallets with support for social recovery. If a user loses access to their account for some reason, they can regain access with the help of some predefined contacts. For example, authorization by three friends or family members could allow a password reset for a user's wallet.
Multi-Signature Wallets: With an EOA, there is a single private key managing the account, and implementing multi-sig wallets adds complexity. With ERC-4337, abstraction wallets can be configured to have multi-sig built-in and verified by the bundler.
Alternative Signature Schemes: Ethereum requires all transactions to be digitally signed using ECDSA, which is less efficient than alternative signature schemes and vulnerable to quantum computing. ERC-4337 allows for the use of other types of signatures, enabling more efficient and quantum-safe transactions.
Smart contract wallets existed before ERC-4337. However, they needed to be set up before use, which required an EOA, gas to pay the fees, etc.
With ERC-4337, wallets are created automatically by a UserOperation if one doesn’t exist already. This streamlines the process of wallet creation and removes barriers to entry.
With account abstraction, every user's wallet is a smart contract. This means that management of the wallet can be implemented as code, and the code can be upgraded as needed (if implemented using delegatecall).
Code-managed wallets introduce new possibilities for blockchain transactions. For example, users can schedule automatic transactions for payments or subscriptions. While this is possible with an EOA, it requires a program to have access to the account’s private key, creating the potential that it might be leaked.
Account abstraction unlocks new possibilities within the Ethereum ecosystem. Instead of users being tied to EOAs and private keys, they can easily deploy smart contract wallets. These contract wallets have numerous potential applications and redefine the Ethereum user experience.
However, this evolution to smart contract wallets only amplifies the importance of smart contract security on the Ethereum blockchain. With smart contracts maintaining complete control of a user’s Ethereum-based assets, programming vulnerabilities and other security risks have the potential to cause significant losses.
Like all other smart contracts, smart contract wallets implemented using account abstraction should undergo security audits before deployment. For more information on securely taking full advantage of the capabilities of account abstraction and ERC-4337, get in touch with Halborn.