If you are interested in blockchain technology and protocols, you probably heard about account abstraction, the hottest topic in the last few months. ERC-4337, the new standard for Ethereum, has been deployed via a secure smart contract called EntryPoint. Yoav Weiss, a security fellow at the Ethereum Foundation, has confirmed this, and the contract has undergone a full security audit.
Before we dig into account abstraction and see why it is a big deal, we need to understand how accounts work in Ethereum.
What is the difference between EOAs and Contract accounts?
Essentially, Ethereum accounts are of two types: externally owned accounts (EOA) and contract accounts (CA).
Externally Owned Accounts (EOAs)
EOAs (Externally Owned Accounts) are a fundamental concept in the Ethereum blockchain, and they are accounts controlled by private keys and owned by individuals or entities. For example, any account created with Metamask is EOA (note don’t mix wallet and account, it is not the same thing).
If you want to participate in the Ethereum blockchain and sign transactions, you must have EOA. The transaction can send ETH or other tokens from one account to another or interact with a smart contract (deposit, swapping, etc.). Transactions are signed using the private key associated with the EOA, which proves ownership and authorizes the transaction to be executed. This is the reason why we always need to keep the private key secret. Once we lose it, anyone with a private key controls our account, and we cannot do anything to fix it. All is lost!
In summary, EOAs are a key component of the Ethereum blockchain and are used to send and receive ether or other tokens, interact with smart contracts, and sign transactions on the network. And that is it. They are not doing any complex logic. Creating EOA is free (no gas fee).
Contract accounts (also known as smart contracts)
Contract accounts in Ethereum are known as smart contracts. Unlike EOAs, contract accounts are controlled by code and don’t have private keys, giving you control over the account. Once a contract is deployed, it cannot be altered. Since creating Contact accounts uses network storage, deploying it costs some ETH (gas fee). Also, contract accounts can create a new contract account (smart contract).
Each contract has its address, and transactions are sent to this address. Once a transaction is sent to a contract account, the smart contract’s code is executed, and the state of the contract is changed accordingly. The updated state is then stored on the Ethereum blockchain. It is important to know that contract accounts cannot initiate transactions – they can only send transactions in response to a transaction received. Only EOA can initiate transactions.
An excellent example of this type of account is the Gepek project that we did.
Two users having EOA create an agreement about a delivery, and that agreement is written in a contract account, which contains rules and a set of actions that need to be met. Once delivery is completed, the deliverer can get the money from the contract. So the contract account holds the tokens/money (acts as escrow service). Only when everything is complete or all requirements are met can the deliverer initiate a transaction to get the Tokens from the contract account. The contract account responds to that transaction by sending tokens to the EOA of the user. The user, of course, needs to pay gas for this.
So, what is Account Abstraction?
Let’s first start with the biggest problem in the blockchain space – poor UX and security.
It is challenging for new users to get on the board. Install the wallet; it can be a custodial or non-custodial wallet. Is it a hot or cold wallet? A wallet is not an account? Now you need an account, create one, save the seed phase somewhere offline where nobody can find it, and never expose it online. Never share your private key with anyone because that is the proof of the ownership of your account, and you are signing transactions with it. Now add some funds to your account via address, but double check the address cause if you send it to the wrong one, you will lose your funds forever. And yes, you need to pay a transaction gas fee for interacting. This is a nightmare for everyone, tech freak or not. And it takes some will and time to get used to it. But problems don’t stop here.
You always need to be on guard and take care of security. Hackers are very creative, and even smaller mistakes can lead you to lose your private key. So, double-check each transaction, correct URL, check each smart contract you are interacting with (yes, you will need some at least basic understanding of smart contracts to be safer), etc. If someone stoles your private key, they have full access to your account. If you lose or forget your private key, there is no way to recover it. If something happens to you, your family cannot access your account without the private key.
Pain in the ass!
Account Abstraction to the rescue!
Unlike EOAs, account abstraction enables users to use smart contract wallets with arbitrary verification logic eliminating the need for two types of accounts. The key thing here is that contract accounts are code, which means anything written in code is possible in a contract account. This removes any need for users to use EOAs to perform transactions. Each smart contract can define different rules and configurations within its code, giving us a powerful tool.
ERC-4337 will introduce a new mempool for user operations. This mempool is serviced by “bundlers” — similar to validators and miners — but on an accounts function level. So rather than submitting a transaction, a user would submit a user operation to the mempool, and bundlers will take it from the mempool and include it in blocks on Ethereum or any other EVM chain. One of the first protocols to comply with the ERC-4337 standard for bundlers is Stackup.
So what are the possible use cases and improvements:
Wallet recovery – there is no private key, so you can write down any type of logic in the code how the wallet can be recovered. Or just implement Social wallet recovery where you will have your closest friends as guardians
Bundle transaction – Turn many transactions into one click by bundling them into User Operations, saving time and money (gas fee).
Gasless (free) transactions – Pay the gas fee for your users or just allow them to pay in stable or any other ERC-20 tokens. Same as you can sponsor transactions for your users, you can apply any custom fee structure
Walletless web3 login – allows users to login in any way they want, even if they don’t have a wallet. They can log in with any social account or email; you can outsource signature logic to an aggregator. Moreover, you don’t need to use web3 terms; you can use normal language terms like signup, login, recover password…
Multi-sig account – CEO and CFO both need to sign a transaction before it is executed or any other custom rule. No problem; this is now native with abstract accounts. Moreover, you can, for example, set up a master account without the limitation and then subaccounts which, for example, require an additional signature or 2FA for spending over 5000USD.
Permission controls – create different types of accounts based on roles and permissions in any way you want
Improved privacy (privacy-preserving transactions): Meta-accounts, such as delegated or multi-sig accounts, can help improve privacy by enabling transactions without revealing the sender’s identity. This can be useful for applications that require anonymity or privacy.
Autopay options: automate your payments as subscriptions
No more excuses for bad user experience in web3.
With ERC-4337, we don’t have any more excuses for building bad and unusable applications only for hard-core web3 crew. This allows boarding anyone to web3 and even in a way where the user is unaware that in the background is blockchain.
Imagine having a bank where you log in with your email, password, and 2FA. You can recover your account anytime, even if you lose your phone and login account. You can create sub-accounts for your kids with rules about how much, when, and where they can spend. You get notifications when you need to sign or approve something. The cost of transactions is much lower than today, and you can pay with any currency you want, including stablecoins. And for your business account, if the transaction is bigger than 1000 USD, you and your partner (or multiple partners) need to sign it. It sounds like traditional banks, but it is only user experience from that world because everything else is decentralized. This is all now possible with abstraction accounts.
The future is bright! Do you agree?