For years, Bitcoiners have repeated the mantra “be your own bank.” But in truth, storing any type of crypto in a wallet has been a lot closer to stuffing cash under your mattress than to a complex financial institution like a bank.
Admittedly, it’s an improvement in that crypto can be transferred across the globe in minutes and it’s secured with cryptography — but it’s also a lot less user-friendly than a bank and doesn’t offer anywhere near as many features.
Your crypto could be stolen in a $5 wrench attack. You could lose the seed phrase and your funds forever. And that’s if you were technically minded enough to even figure out the complicated process of setting up a wallet in the first place.
That’s all set to change with the surprise announcement at WalletCon in Denver this week of “smart accounts,” also known as “account abstraction,” on Ethereum — and every other chain compatible with the Ethereum Virtual Machine (the EVM is the software responsible for executing Ethereum-based smart contracts).
Chains that can now take advantage of smart accounts include Polygon, Optimism, Arbitrum, BNB Smart Chain, Avalanche and Gnosis Chain.
Years in the making, the new ERC-4337 standard transforms a crypto wallet into something with all the features of a real bank.
“It gives you the same features a bank would without having to trust a bank,” says Ethereum Foundation security researcher Yoav Weiss, who was one of the co-authors of the Ethereum Improvement Proposal (EIP) alongside Vitalik Buterin.
“Account abstraction is a way to appeal to the next billion users.”
The benefits include two-factor authentication, signing transactions on your phone, the setting of monthly spending limits on an account, the use of session keys to play blockchain games without constantly having to approve transactions, decentralized recovery of wallets; smart accounts can be configured to autopay bills and subscriptions — the list goes on.
Ledger co-founder Nicolas Bacca tells Magazine he’s hugely impressed with the technology’s potential.
“Account abstraction will completely change the crypto user experience,” he says.
What does account abstraction mean?
Account abstraction is a complicated technical term for something that is actually incredibly user-friendly. Weiss and zkSync hope to replace it with the more descriptive term “smart accounts.”
“Account abstraction is a confusing term,” says Weiss. “The accounts are abstracted from the network; they are not abstracted from the user. The user is using a very concrete wallet that does very specific things. From the user’s perspective, it’s not account abstraction — it’s more like using a smart account.”
Alex Jupiter, senior product manager at MetaMask, says “account abstraction” means different things to different developers.
In part, that’s due to the fact that non-EVM scaling solutions, including StarkWare and zkSync, have implemented a modified version of ERC-4337 in the protocol itself, while Ethereum implements the standard on top of it.
“I would’t say Ethereum came up with a workaround that’s not quite as good,” Weiss explains. “We came up with a standard that can work everywhere, focusing on interoperability and defragmentation, and it can be implemented more efficiently at the protocol level, for example, by rollups.”
A variety of EIPs to add smart accounts to the protocol have been suggested but would have required a hard fork and did not get enough support, as they’d take attention away from more important upgrades, such as the Merge.
The native implementations upgrade all user accounts to smart accounts, while Ethereum’s new standard requires users to set up a new account. Weiss explains there will inevitably be a hard fork in future to enable the upgrading of all accounts, but “it’ll take a long time to get there.”
What are the benefits of smart accounts?
One of the biggest benefits for adoption is that it allows new users to onboard into the decentralized world of crypto without ever having to worry about complicated seed phrases or understand the technical process of setting up a wallet.
They can simply open a smart account via a smartphone app using a fingerprint or face scanner.
While there are plenty of crypto wallets currently available as smartphone apps, they come with numerous security risks and are unsuitable for holding larger amounts of cryptocurrency due to the risk of hacks. But because smart accounts enable the cryptographic keys to be stored on the phone’s hardware security module, phone wallets can now be almost as safe as a hardware wallet.
Magazine tries out the onboarding process for noobs at StarkWare Sessions in Tel Aviv, Israel where gaming wallet Cartridge is handing out limited edition Briq NFTs.
The whole process takes less than 30 seconds and is completely intuitive. Users scan a QR code, choose a username, and then create a passkey using the phone’s fingerprint scanner.
Existing crypto users will need to reconceptualize what they thought a crypto wallet was and how to access it. The noncustodial Cartridge Controller is actually a web-based wallet that interacts with StarkNet. Instead of private keys, it makes use of Android or Apple “Passkeys,” which are both based on the WebAuthn standard, an intiative to standardize user authentication for web apps using public-key crytography.
While a web wallet sounds like a scary proposition to long-term crypto users, Bacca is impressed with Cartridge’s implementation and says Ledger is building a similar web-based wallet that he says is secure thanks to WebAuthn.
Using a smartphone as a hardware wallet
There are a couple of catches to using a smartphone as a hardware wallet. The larger screen on a smartphone still presents a security risk, as it can be hacked to trick users into approving transactions.
However, this risk can be mitigated, as smart accounts enable users to set permissions requiring two-factor authentication for higher value transactions (using a hardware wallet, for example) or to set a daily, monthly or yearly spending limit from the account.
Bacca says Ledger is experimenting with this functionality now. “So, for example, you could use your phone when you only want to do a small purchase or you could use your hardware wallet when you want to do a bigger purchase, and this can be scripted in the account,” he says. “We are prototyping a web application for that.”
Should crypto projects ever negotiate with hackers? Probably
Crypto Twitter Hall of Flame
Tiffany Fong flames Celsius, FTX and NY Post: Hall of Flame
A bigger problem for using a smartphone wallet on Ethereum is that the security module uses a different cryptographic signing system (elliptic curve) than crypto. With smart accounts, the two systems can finally talk to each other, but it requires a lot of work and a lot of gas.
Motty Lavie, founder of StarkNet’s smartphone-based Braavos Wallet, explains it takes 240,000 computational steps to take advantage of the smartphone security module:
“On Ethereum, to implement that, each transaction would be very, very costly. On StarkNet, this is a marginal cost that’ll add a few cents to the transaction, which makes it viable.”
Ludicrously high gas fees are a problem unique to Ethereum, however, and gas costs are more than low enough on all the other EVM blockchains and layer 2s for smartphone wallets to work just fine. Various teams are also working on gas-optimized versions of the process and, longer term, a precompile could be added to Ethereum, making the process a cheap EVM operation rather than a smart contract. (A precompiled contract carries out common cryptographic functions without using a lot of bandwidth.)
“When these wallets gain traction and users get used to this great usability, it’ll be easier to promote this change in Ethereum itself,” says Weiss. “If we can add this precompile, it’ll be a game-changer for the ecosystem.”
How to recover your account
For crypto users who don’t trust the cloud, smart accounts also provide other recovery options than a seed phrase.
If a user loses their phone, time-locked social recovery means a group of trusted friends or even a commercial service can help them recover it without putting the enclosed funds at risk.
“You don’t ever expect to lose access [to a bank account] because if you lose your password you can always call your bank, they will verify your identity and reset your password,” Weiss explains.
“So, you can actually use a recovery service that lets you reset the password for your mobile phone — your wallet — but they cannot steal your wallet; they can only help you recover it.”
Braavos employs a version of a time-locked recovery process that involves creating a seed phrase. Unlike normal seed phrases, this one can only put in a request to regain access to the account after four days.
“Now the benefit here is that if your phone indeed gets lost or wrecked or whatever, then, you can get control on your account back in four days.”
“But if an attacker stole your seed, then you would automatically get notified that someone has got control over your account,” he adds, noting that’s plenty of time to withdraw the funds before the hacker can get them.
Braavos is also working toward using zero-knowledge proofs to put the seed phrase “under the hood” so that the user can just interact with a decentralized “forgot password”-style prompt.
“I think that will be a major move in terms of UX [user experience],” he says.
Building blocks: Gen Y can use tokens to get on the property ladder
Connecting the Dots: Collectivism and Collaboration in the Crypto Art World
Blockchain gaming smart wallet
Bacca explains that Ledger is already working along with Argent and Cartridge on “plugins” that enable gamers in StarkWare to set a session key, enabling numerous low-value transactions to go through automatically so they don’t have to painstakingly approve each one.
“You could load a small piece of code to your account so it will modify the way it’s acting with a specific game. So, you could say, ‘If I am going to play that game…’ actions can be signed automatically for one hour,” he says.
“That’s why I’m thinking that account abstraction will completely change the crypto user experience.”
As an added bonus, smart accounts mean the game developer could decide to become the “paymaster” and cover the cost of the transaction fees to encourage use.
Transactions can also be bundled together to save on gas fees, explains Jupiter. “Like a shopping cart scenario, I’m going to reserve these 10 items and then pay for them all at once,” he says.
MetaMask is building a new addition called Snaps that will crowdsource development of new features for the wallet. This will likely enable innovative uses of smart accounts that nobody’s even thought of yet. A Snap that enables smart accounts was built at ETH India where it won “Best ERC-4337 Tool.”
Smart accounts make crypto subscriptions possible
Back in December, Visa’s crypto research team published a paper demonstrating how smart accounts on StarkWare can be used to pay а mortgage, TV subscription and utility bills automatically from self-custodial crypto wallets.
They gave a hypothetical example of someone who wants to go on holidays and have their bills paid automatically from their crypto wallet, after they get paid in two weeks’ time.
You can already do this from bank accounts of course, or via a custodial wallet, but both require trusting a centralized service. The paper explains that the difficulty doing it on Ethereum is because it has two types of accounts: user accounts (also known as externally owned accounts, or EOAs) and smart contract accounts.
“A user account, controlled by a private key, can send transactions,” explains Visa Crypto. “A smart contract has associated code that can be executed, however, a smart contract cannot initiate transactions on its own. Transactions must always originate from a user account and be signed by the user.”
So, if you get paid in crypto every two weeks, you have to manually initiate “push” transactions to pay each bill after funds are deposited into your wallet.
Smart accounts make “pull” payments, initiated by a biller, possible. So, for example, an electricity company could set up an auto payment smart contract on its website and list out its functions — e.g., it will only initiate one transaction per month and set a maximum amount that it will charge. The user can then approve these conditional pull payments via their smart account, enabling automated bill payments after their bi-weekly pay comes in.
Suddenly, crypto becomes useful for a whole host of new payment applications.
Bacca created the world’s first Bitcoin wallet and argues that Bitcoin already lets you be your own bank. But he adds, “The problem is the lack of things you can do with your money.” That’s one reason he’s excited about recurring payments.
“Basically, saying ‘Okay, so I am buying a subscription for a service,’ and then the wallet will start sending money directly matching the subscription for a given period of time,” he says.
“If you can script your account, there are a lot more use cases that come to mind and that are similar to what we do in Web2.”
How ERC-4337 works
Some of the functionality that smart accounts enable was already available via smart contract wallets from Gnosis and Argent; however, these solutions require centralized components called relays to pay transaction fees for the operations.
The new ERC-4337 standard on Ethereum decentralizes that part as well with new decentralized infrastructure called “bundlers.”
The process works like this: A smart wallet signs a “user operation,” which gets fired to a special mempool, which is basically just an organized queue of transactions (albeit a different queue to Ethereum’s normal mempool).
Bundlers are like miners or validators and take user operations from the mempool and deliver the desired result back to the wallet. The bundlers also pay for the gas (transaction fee) required and are compensated by the user’s contract account, or by a third party known as a “paymaster.” This could be a decentralized app or it could be a wallet provider.
The first production grade bundler to be deployed on mainnet is from wallet and infrastructure provider Stackup, but more will be available soon. As it’s decentralized and permissionless, anyone can run a bundler.
The most engaging reads in blockchain. Delivered once a