What is account abstraction?

Key points

• Account abstraction (AA) is a technology that can expand wallet capabilities, strengthen security and improve the user experience.
• The concept is implemented by the ERC-4337 standard, activated in March. It turns user wallets into smart-contract accounts.
• Many developers believe that widespread adoption will accelerate the shift from Web 2.0 to Web3 and attract “billions” of users to Ethereum.

What is account abstraction?

Account abstraction is a way of configuring a blockchain whereby users’ assets are held exclusively in smart contracts rather than in External Owned Accounts (EOAs). Under this approach a crypto wallet becomes a unique smart contract that can be programmed for various purposes.

In March 2023 Ethereum developers activated the ERC-4337 standard via a smart contract called EntryPoint. It implements account abstraction and is compatible with all EVM networks such as Polygon, Optimism, Arbitrum, BNB Smart Chain, Avalanche and Gnosis Chain. The solution was audited by Open Zeppelin.

ERC-4337 turns user wallets into smart-contract accounts to make Ethereum addresses more user-friendly and prevent key loss.

The standard runs on top of the existing system and does not require major changes to blockchain infrastructure for full use.

Many in the crypto community argue that EOAs limit how users interact with Ethereum. For instance, external accounts complicate batching transactions. Participants also need to keep some ETH in their wallets at all times to pay gas for transactions.

AA is a path to solving these and other issues. It boosts account security, improves UX and unlocks many new options for developers.

How does AA work?

According to the documentation for ERC-4337, the key elements of AA are:

• UserOperation;
• Bundler;
• Sender;
• EntryPoint;
• Paymaster;
• Aggregator.

These components work together, enabling Web3 developers to build smart-contract-based wallets and compatible dapps.

UserOperation is a structure that characterises an action initiated by a user. Like a normal transaction, it contains parameters such as sender, to, calldata, maxFeePerGas, maxPriorityFee, signature and nonce. It also introduces additional elements like EntryPoint, Bundler and Aggregator.

UserOperations are sent to a separate mempool, where bundlers can wrap them into transactions before inclusion in a block.

A further feature of UserOperations is programmable transaction authentication.

Bundler monitors the alternative mempool created for UserOperations. It aggregates multiple user operations into a single transaction and submits it to the EntryPoint contract. Bundlers are rewarded by taking a portion of the gas fees.

Bundlers are critical infrastructure in the context of ERC-4337. In an AA-based ecosystem, they are the only participants who require EOAs.

EntryPoint is a special contract that verifies and then processes UserOperations received from bundlers.

During verification, EntryPoint checks whether the wallet has sufficient funds to pay for gas. When executing, the contract accesses the account via calldata defined through the UserOperation. EntryPoint also deducts funds from the smart-contract account to supply the bundler with the correct amount of ETH for gas.

Paymaster is an ERC-4337-based smart contract that implements different approaches to gas usage. It brings flexibility to resource use, removing the need to hold native tokens to pay transaction fees.

For example, ecosystem participants can cover gas with stablecoins such as USDC or USDT. It also enables sponsorship of users’ transaction fees.

Aggregator is an auxiliary contract for validating aggregated signatures. Optimised handling of many batched UserOperations helps save resources when working with calldata.

ERC-4337 builds on earlier EIPs — 2938 and 3074. The former set out the idea that smart contracts should function as “a top-level account that pays fees and initiates transaction execution”. One co-author of EIP-2938 is Ethereum co-founder Vitalik Buterin.

EIP-3074 introduced the idea of “delegating control over an EOA to a smart contract”.

EIP-4337 unifies the core theses of those proposals while adding an alternative mempool. Using the new standard does not require changes to the consensus layer.

What does AA enable?

Vitalik Buterin sees account abstraction as a catalyst that could bring a billion users to Ethereum.

He says integrating the technology will allow fees to be paid not only in ETH but also in other coins a user transfers. It also lets dapps “sponsor” transactions for their customers.

Thanks to “signature abstraction”, developers of rollups can compile signatures, significantly cutting gas costs.

Other advantages include:

• new security possibilities;
• account recovery options in case of key loss;
• transaction bundling (for example, approving and executing a swap in one click);
• broad scope to improve UX for wallet and application developers;
• scheduled and batched transactions;
• paying gas with stablecoins;
• alternative signature schemes;
• automation of operations: portfolio rebalancing, implementing a dollar-cost averaging strategy.

There are, however, challenges. Once all user accounts are smart contracts, the feature must work reliably in layer-two networks. Buterin also flagged potential issues integrating with biometric technologies and wallets.

How does AA enhance wallet security?

Today, the safety of user funds depends on how securely private keys and their closely linked seed phrases are stored. Anyone who gains access to this data effectively becomes the owner of the cryptoassets.

This means that if a private key is lost, control over digital assets is lost forever — either to someone else or to permanent lock-up. Unsurprisingly, phishing aimed at stealing seed phrases is rife.

Account abstraction addresses this by using smart contracts to hold assets and authorise transactions, while also improving the user experience.

For example, it becomes possible to create backup keys in case the primary ones are lost. Wallet data can also be entrusted to designated guardians. Under this model, it is far harder for a potential attacker to seize full control of a user’s funds.

AA can also be set so that small transactions are verified with a single signature, while larger ones require multiple signatures.

Smart wallets further enable:

• creating a whitelist of trusted recipient addresses (which can also protect funds if a private key is stolen);
• freezing an account from another authorised device if the primary device is lost;
• adding pre-approved accounts that can authorise new devices if a device or password is lost (“social recovery”);
• setting daily, weekly or monthly transfer limits.

How does AA improve the user experience?

Account abstraction implies protocol-level support for smart-contract wallets. This gives developers ample room to experiment with UX.

One obvious upgrade is grouping transactions to increase speed and efficiency. For instance, a token swap on a DEX can be completed in one click together with the spending approval.

Users will not need to worry about holding enough ETH to pay gas. Where necessary, the smart contract can swap tokens for ether and use it to cover fees.

AA also enables trusted sessions. This is useful in gaming applications, where it makes sense to approve a large number of small transactions for a short period.

Account abstraction can streamline purchases of different items, making the flow similar to traditional marketplaces. A user could fill a basket with items and buy everything in one click — the smart contract would handle intermediate transactions and approvals.

How far along is AA’s rollout?

Smart-contract wallets are under active development, with a focus on security and user experience.

In early March, developers of the digital-asset management platform Safe (formerly Gnosis Safe) unveiled an SDK already available across multiple networks.

The Safe{Core} stack enables AA as an alternative to traditional private/public-key wallets.

The tool was built in collaboration with payments giant Stripe and Web3 infrastructure providers Gelato and Web3Auth.

“Account abstraction is the key to attracting millions of new users. It is intended to make using Web3 as convenient as Web 2.0,” said Safe co-founder Richard Meissner.

In July, the project integrated ERC-4337 into the account-abstraction stack for developers in Safe{Core} version 1.4.1.

“ERC-4337 offers a simpler user interface, including capabilities such as log-in without filling out forms, social recovery, batch transactions, hybrid custody settings and much more,” representatives of Safe noted.

Related AA solutions are also being developed by Alchemy, Starkware and ConsenSys (the MetaMask Snaps platform).