Open in app

Sign up

Sign in

Write

Sign up

Sign in

Account Abstraction & ERC-4337, a Web3 Cultural Reset

NEFTURE SECURITY I Blockchain Security
6 min readMar 3, 2023

When Gershon Ballas, Founder at Ginger Security, was asked what account abstraction is, he replied that it was no less than “the future of blockchain and what will bring mass adoption. […] the greatest thing that happened to crypto since smart contracts, […]”

A very enthusiastic response shared by most in the web3 ecosystem.

Account Abstraction, or as some already call it “ Smart Account”, is a brand new paradigm.

A cultural reset that allows blockchain accounts to become programmable.

This paradigm shifts user authentication from the network to the smart contract, providing wallet designers with the freedom to determine how they want to authenticate their users.

Okay. It may not appear that significant at first glance, but it is a revolution in the making.

Today, Ethereum offers two categories of accounts — Contract Accounts and Externally Owned Accounts (EOA), with the latter serving as regular user accounts. To execute any operation on the blockchain, an EOA must initiate and fund the transaction.

To govern an EOA, you need its private key, which you can employ to generate a signature that validates your account’s identity to the blockchain.

But, private keys are extremely vulnerable!

In our previous analysis, we covered how almost 1 billion were lost in 2022 to private key exploits, making it the second most lucrative hack of that year.

Other allegedly safer alternatives are as risky.

Be they multi-signature smart contract wallets or custodial accounts, they are almost as susceptible to hacking as well as social engineering scams.

To put it bluntly, up until this point, the blockchain ecosystem only offered imperfect and dissatisfactory solutions to an unresolved major security challenge.

However, today, by means of ERC-4337 and account abstraction, the Ethereum Foundation may have found the long-awaited answer to this conundrum.

On September 21, 2021, Vitalik Buterin, Yoav Weiss, Kristof Gazso, Namra Patel, Dror Tirosh, Shahaf Nacson, Tjaden Hess authored the proposal for ERC-4337.

Less than 2 years later, on March 2nd, 2023, ERC-4337 went live and allowed new users to “longer need to learn about complicated seed phrases or the technical process of setting up a wallet to onboard into the decentralized world of crypto”, according to Yoav Weiss, one of the architects of ERC-4337.

He adds:

“The next billion users are not going to write 12 words on a piece of paper. Normal people don’t do that, […] We need to give them better usability, they shouldn’t need to think about cryptographic keys. […] It gives you the same features a bank would without having to trust a bank.”

ERC-4337 is designed to offer the incredible possibility for web3 users to have a “tailor-made wallet” that will completely change the way they interact with wallet services.

From an EOA Paradigm to a Smart Contract Paradigm

As previously stated, the majority of Ethereum’s wallets are known as externally owned accounts (EOAs), which includes hot wallet providers such as MetaMask, as well as hardware wallets like Ledger.

With the implementation of account abstraction, instead of EOAs, smart contracts hold the assets.

And what can smart contracts do that EOAs can’t ?

Be coded to one’s heart content.

They enable users to use smart contract wallets with arbitrary verification logic and implement flow, opposedly to EOAs.

In short, the possibilities are just limitless and “make the account flexible to match users needs” according to Weiss.

The Endless Possibilities of ERC-4337

The benefits can range from two-factor authentication to autopay bills and subscriptions!

“For some users, this may simply mean getting the user experience of a bank — where someone can always help recover your bank account even if you lose your password. […] For more sophisticated users, it could mean adding more controls or features to your account. […] Or, adding two-factor authentication to spend more than $5,000 dollars, ” claims Weiss.

Users will be able to use the cryptographic signature of their choosing, setting a monthly spending limit on an account, have a keyless wallet, add and remove devices and include recovery options with a friend or a lawyer, authorize transactions securely through cell phones, and so on and so forth.

As we said, limitless.

It’s a far cry from having to write 12 words on a piece of paper and pray to the Crypto God not to lose it.

“Account abstraction will completely change the crypto user experience”, Weiss said and really, it’s difficult to argue on that.

It seems like ERC-4337 makes us step into a brand new world.

And a new world means new rules to play with and even new actors: bundlers.

The Introduction of Bundlers

While there have been numerous discussions over the years about implementing account abstraction through an Ethereum hard fork, ERC-4337 was ultimately selected and it comes with its peculiarities.

ERC-4337 introduces a new mempool, a node’s mechanism for storing information on unconfirmed transactions waiting to be added to a block on a blockchain network, as well as “bundlers” to operate them.

Bundlers are similar to validators and miners.

A user submits a user operation (rather than a transaction) to the mempool, and bundlers will take it from the mempool and include it in blocks on Ethereum or any other EVM chain.

The bundlers cover the gas (transaction fee) costs and are compensated either by the user’s contract account or a third-party paymaster, such as Dapps or wallet providers.

Weiss claims that this system is “permissionless; anyone can run a bundler, […].It’s not censorable.”

So how will this seemingly perfect piece of blockchain creation be made available to all?

ERC-4377 Adoption

“Developers won’t need to think about how each blockchain works, the wallet only needs to support ERC-4337, and it can be deployed and used on any EVM chain,” Weiss reports.

ERC-4337 will be accessible on all EVM compatible networks, such as Polygon, Optimism, Arbitrum, BNB Smart Chain, Avalanche, and Gnosis Chain, with the initial production bundler deployed on mainnet by Stackup. A wallet and infrastructure provider that will enable developers to create personalized Web3 transaction flows and wallets with the latest ERC-4337 smart contract.

While Stackup was the first to implement the technology, others are expected to soon follow suit.

Until today, interacting with the blockchain relied on EOAs.

For users, this translated into the critical, stressful and sometimes tragically unsuccessful task of safeguarding a password.

ERC-4337 operates a complete shift of how users will now interact with the blockchain.

It offers a tailor-made solution that will allow users to free themselves from this burden and create a much more positive blockchain experience.

Will ERC-4337 be the keystone to onboard the “next billion users”?

Only time will tell.

But one thing is for sure, ERC-4337 is maybe one small step for Ethereum, but it sure is one giant leap for web3.

About us

Nefture is a WEB3 Cybersecurity Company that keeps your wallet safe with our Metamask Extension. Register for the beta here!

We also allow brands to tap into web3 through 360° support on their blockchain project:

We specialize in blockchain technologies to make your project come to life and cybersecurity to completely secure your web3 journey: from building Smart Contracts, Audits, Minting websites, Dapps, Discord Audits and Securing,… to Security Breaches Investigation and Management!

Start your web3 journey with us: https://agency.nefture.com/

Nft
Defi
Bitcoin
Ethereum
Blockchain

--

--

NEFTURE SECURITY I Blockchain Security
Follow

Written by NEFTURE SECURITY I Blockchain Security

348 Followers

DeFi and Wallet Security - nefture.com

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams