Account Abstraction draws a distinction between Keys and Accounts, abstracting the authentication utility of a key from other account functionalities.
Account abstraction in the Ethereum blockchain, specifically in the context of EIP-4337, is a major proposed upgrade that fundamentally changes how users interact with their accounts and smart contracts on the network. Essentially, it allows for more flexibility and control over account behaviour compared to the traditional model.
Account and Blockchain
On a blockchain, an account is a unique identifier that represents a specific entity, such as an individual or an organization. Accounts are used to store and manage digital assets, such as cryptocurrencies or tokens, and to facilitate transactions within the blockchain network. On the Ethereum blockchain, there are two types of accounts:
- Externally Owned Account
- Smart Contract Account
Externally Owned Account
EOAs are the primary way that humans interact with the Ethereum network. They represent the external entities that initiate transactions, hold balances, and interact with smart contracts. While contract accounts can also hold balances and perform actions, they are controlled by code rather than private keys. An example of this account is the account created in the Metamask wallet.
Smart Contract Account
A smart contract account on Ethereum allows code to be executed on the blockchain in a way that is persistent, replicable, automated, and safe from manipulation. The contract logic becomes like a programmatic agreement, allowing complex conditions, transactions, and decentralized applications without centralized enforcement. Unlike a standard user account, it is controlled by code rather than a private key.
What account abstraction aims to achieve is to use the smart contract account as the principal account and the externally owned account as the key that authorizes actions taking place on the smart contract account.
What is the Why?
Ideally, your next question would be: why go through the stress of working with an abstract account? Isn't the EOA doing fine? Here are a few reasons why the expedition into Abstract Accounts is necessary.
- Enhanced Security: Abstract account wallets introduce the possibility of multiple signatories of an account and social recovery, greatly reducing the points of failure.
- Power and Flexibility of Programming: Because this wallet is a smart contract, programmatic functionalities users are used to in the Web2 world become possible — a payroll system or a streaming subscription fee can be removed programmatically from the user's account as the user deems fit.
- More Seamless User Experience: One of the greatest barriers to onboarding new users in web3 is gas fee payment. EIP-4337 introduced the concept of Paymasters, a smart approach to paying gas fees for execution on behalf of an AA wallet.
- Seamless Ownership Transfer: With smart contract accounts, ownership can be transferred in a single function without revealing a private key at any point. The coolest part is the concept of inheritance — the timed transfer of an account, secured by the logic in the smart account wallet.
Components of the EIP-4337 System
- Key (wallet)
- Bundlers
- Entry Point
- Paymaster
- Smart Contract Account
Key (Wallet)
This key represents any means of authentication that a userOperation is acknowledged by a user; this validation check is done in the Entry Point. This key (wallet) in most cases is a Metamask account, which would be used to sign the userOperation in a signature scheme supported by the smart contract account. Examples of such signature schemes are:
- ECDSA
- BLS
- Another elliptic curve aside from the native secp256k1.
Bundler
The bundler is an important innovation introduced by EIP-4337; it is the core structure holding this implementation. The bundler is responsible for collating userOperations, validating them, and forwarding them to the Entry Point for execution. The bundler pays the initial gas needed for the batch execution; during the lifecycle of the user operation, the user pays the bundler the execution fee plus an extra "bundler fee". The bundler can simulate the userOperation before execution to be certain the user will pay these fees after execution, and for this reason some opcodes cannot be used when verifying a userOperation.
My concern about this architecture is "bundler downtime" — should the bundler experience downtime, the userOperation sent to it would not be pushed to the Entry Point for execution.
The Entry Point
Think of the Entry Point contract as the central hub for EIP-4337 transactions. It's a single smart contract on the blockchain that acts as the gatekeeper for all UserOperations (UserOps) submitted by wallets.
What it does
- Validates: It checks if UserOps are correctly signed and authorized by the user's wallet and any additional paymasters or aggregators involved.
- Executes: If valid, it executes the instructions in the UserOp, interacting with other smart contracts as needed.
- Bundles: It can batch multiple UserOps together for efficiency.
Paymaster
Imagine a friend covering your bill at a restaurant (blockchain transaction) without needing your cash (Ethereum) directly. That's the magic of Paymasters in EIP-4337! A paymaster's main functions are:
- Cover gas fees: Paymasters are smart contracts that sponsor transactions for users, eliminating the need for users to hold native tokens like ETH for gas.
- Flexible payment options: They can accept payment in various ways, like:
- Native tokens: ETH or other blockchain native currencies.
- ERC-20 tokens: Pay in USDC, DAI, or any other supported token.
Smart Contract Account
This is the main account (the structure that stores and controls value). As explained earlier, the AA wallet abstracts the key for authentication from the account. This account lives onchain and is secured by code.
User Operation Lifecycle
This section explores the lifecycle of a user operation from when it has been signed to when it is executed. Before diving into that, we'll explore the native transaction lifecycle first — just a quick refresher.
The Ethereum Transaction Lifecycle: From Click to Confirmation
Every Ethereum transaction — whether sending ETH, interacting with dApps, or deploying smart contracts — follows a fascinating journey. Here's a breakdown of its key stages:
- Initiation:
- You, the user, initiate a transaction from your wallet (like MetaMask).
- The transaction includes details like recipient address, amount, data (for smart contracts), and gas settings.
- Your wallet signs the transaction with your private key, creating a unique identifier (transaction hash).
- Broadcasting:
- Your wallet broadcasts the transaction to the Ethereum network.
- It enters the "mempool," a temporary pool of pending transactions.
- Miners compete to select transactions and include them in new blocks.
- Validation and Inclusion:
- Miners verify the transaction's validity (signatures, gas fees, etc.).
- They pack verified transactions into a new block, along with their mining solution.
- This block is broadcast to other nodes on the network.
- Confirmation:
- Other nodes validate the new block by verifying the miner's solution.
- Once enough nodes agree, the block is considered "confirmed," and the transactions within it are considered successful.
- Completion:
- The changes associated with the transaction (ETH transfer, smart contract execution) take effect.
- Your wallet and other wallets involved are updated with the latest information.
EIP-4337 User Operation Lifecycle
The user operation, from the user's perspective, has quite a similar experience to the native transaction, with a few differences.
- Sign UserOp: Using a wallet like Metamask, the user signs the user operation to be processed; this signature is verified by the smart contract account before it is executed.
- Broadcast UserOp: The user pushes this transaction to a bundler, which temporarily holds user operations and is responsible for pushing them to the blockchain after some checks have been done.
- Verification: The bundler takes the user operation, verifies that it will indeed succeed and that the fee for pushing it will be paid, after which it is ready to be dispatched to the Entry Point.
- At the Entry Point: The Entry Point contract plays a crucial role in validating and executing user operations (UOs):
- Receiving User Operations: Bundled UOs, containing multiple user transactions, arrive at the Entry Point. Each UO holds information like the sender, recipient, call data, and gas parameters.
- Validation and Verification: The Entry Point performs several checks on each UO — signature verification, paymaster and aggregator authorization, gas fee sufficiency, and nonce checks to prevent replay attacks.
- Access Control and Execution: For each valid UO, the Entry Point calls the designated executor — invoking the execute function for smart contract accounts, or simulating directly in the EVM for EOAs.
- Paymaster Interaction: If paymasters are involved, their logic and funding are activated during execution, both pre-execution (adjusting gas fees, modifying call data, security checks) and post-execution (refunds, fee collection, additional actions).
- State Updates and Finalization: Once all UOs are executed, the Entry Point updates the blockchain state, refunds users for unused gas, and distributes rewards to bundlers and paymasters.
Enhanced User Experience
- No private key management: Users interact with their Abstract wallet, eliminating the need to understand and manage complex private keys, reducing the risk of loss or theft.
- Simplified transactions: Signing becomes a seamless click-through process within the wallet, removing the need for intricate gas estimations and approvals.
- Social recovery options: Mitigate lost-password risks by enabling trusted contacts to help regain access — a crucial feature for newcomers.
Improved Security
- Reduced attack surface: Eliminating private keys from direct usage minimizes the potential for phishing and social engineering attacks.
- Programmable controls: Smart contracts governing accounts allow for custom security rules and spending limits, adding an extra layer of protection.
- Enhanced transaction privacy: User addresses are not directly exposed on the blockchain, improving privacy for individual actions.
Advanced Functionality
- Multi-party approvals: Require multiple signatures for high-value transactions, increasing security and transparency.
- Automated transactions: Set up recurring payments or conditional actions within the smart contract for increased convenience.
- Seamless account switching: Easily manage multiple accounts and switch between them within the wallet interface.
Overall Benefits
- Lower barrier to entry: Streamlined onboarding attracts new users by removing technical hurdles and focusing on intuitive actions.
- Increased trust and adoption: Enhanced security and control foster trust, encouraging wider participation in the blockchain ecosystem.
- Foundation for innovation: The flexible infrastructure enables developers to build user-friendly dApps with advanced features.
However, it's important to remember:
- EIP-4337 is still under development, and user experience may vary depending on implementation.
- Understanding smart contracts and their implications remains crucial for secure and responsible usage.
Overall, EIP-4337 holds significant potential for simplifying user onboarding and unlocking new possibilities in the Web3 space. As the technology matures and user-friendly interfaces evolve, it can play a key role in attracting mainstream adoption and fostering a more secure and accessible blockchain experience.