Account Abstraction & Why it’s a Big Deal for Wallet Security

Account Abstraction & Why it’s a Big Deal for Wallet Security

As a clear leader in the blockchain space, Ethereum is once again making waves.

In 2021, Ethereum founder Vitalik Buterin and other blockchain pros released the account abstraction proposal, which strives to improve the UX and security of wallets, among other things. Today, in 2023, that proposal is now finalized and moves from EIP to ERC status and account abstraction is finally able to begin transforming the industry.

Account abstraction is a big deal for wallet security, as it not only simplifies the UX for users but also opens up pathways to a whole slew of new use cases that can help to enhance Ethereum and its related projects. Ultimately, this will help to make both wallets and the greater blockchain space more accessible and approachable to the everyday person.

In this article, we discuss what account abstraction is, what it means for wallet UX and security, and how it will impact Webacy’s products and wallet solutions.

Keep reading to learn all about account abstraction and what it has in store.

What is Account Abstraction?

Account abstraction is Ethereum’s latest solution for wallet security.

First announced in September 2021, the account abstraction proposal was written by several key blockchain professionals, including Ethereum founder Vitalik Buterin. This proposal came with several crucial objectives, including:

  • Elimination of EOAs: Externally owned accounts (EOAs) are wallet solutions that rely on a cryptographic pair of keys — one private and one public — to carry out wallet activities. Compared to code-based accounts that use smart contracts to validate wallet activities, EOAs tend to be less versatile and secure. Account abstraction aims to eliminate EOAs by enabling all users to use smart contract wallets as their primary accounts.
  • Decentralization: Account abstraction will help to further the decentralization initiative that lies at the core of blockchain and cryptocurrency technology. Among other things, account abstraction will enable all wallet activity to happen over a public mempool (a publicly available list of pending transactions) and limit access to direct communication addresses like IP addresses.
  • Support for Other Use Cases: Ultimately, account abstraction is considered a key feature to support additional Ethereum use cases, such as privacy-preserving applications, aggregated signatures, and atomic multi-operations. Account abstraction will likely prove to be an important addition to the Ethereum ecosystem that enables further scalability and evolution in the future.

What is arguably most important about this proposal is that it enables the creation of programmable smart contract wallets without requiring consensus from the Ethereum mainnet. This helps to improve user experience (UX) and improves the flexibility of the technology as well.

How Does Account Abstraction Improve Wallet Security?

Abstraction approval will undoubtedly have a vast array of effects on Ethereum and its related projects — but what effects is the average person even going to notice?

The most notable benefit of account abstraction for everyday users is increased wallet security.

As discussed above, one of the core goals behind the account abstraction proposal is to eliminate EOAs. EOAs come with a variety of limitations that make them difficult for people who are not blockchain experts to properly use and protect. Some of these limitations include:

  • No multi-signature validation options, making a centralized failure possible
  • No spending policies and minimal customization
  • Direct gas fees from the EOA
  • Lack of support for session keys
  • Less private transactions and communication
  • No option for batching operations
  • Costly on-chain reverts

While these limitations may not be too big of a challenge for an Ethereum pro to overcome, for the average joe who simply wants to participate in the blockchain and Web3 spaces, EOAs present many hurdles that can make wallet technology overly complex.

As a result, a wallet can end up insecure and vulnerable due to the owner not having a deep enough understanding of how to keep their assets and wallet safe.

By comparison, account abstraction provides the means to make this technology easier to work with.

With account abstraction, programmable logic is employed to set clear transactional rules that dictate the transactional activities of a wallet. For example, account abstraction could allow users to set limits on how much a wallet can spend before the user’s signature is required. In other words, logic can be determined as a layer on top of the wallet before the wallet performs its actions.

Another key benefit of account abstraction is that it greatly simplifies the UX of a wallet. For instance, batched signatures could be implemented to allow users to combine functions into a single signature, which reduces the overall gas consumption (and thereby the cost of gas fees).

Other potential benefits of account abstraction include:

  • Flexible key management and recovery
  • Arbitrary access control mechanisms
  • Abstracted gas fees and payments

The Limitations of Account Abstraction

Like all new things, account abstraction is not without its own set of limitations.

Though account abstraction offers a host of benefits that can vastly improve the experience of users when striving to secure their accounts and grapple with the technical complexity, these smart contract wallets still come with some downsides, such as:

  • Higher Gas Fees: Smart contracts require greater computational effort to carry out, which can ultimately lead to higher gas fees for users with smart contract wallets. However, the clear trade-off is that users get more control over the specifics of their transactional smart contract rules, as well as benefiting from an easier-to-use UX.
  • Limited Compatibility: Since account abstraction smart contracts are new to the scene and essentially function as the wallets themselves, it is highly likely that abstracted wallets will not be compatible with existing smart contracts. This can potentially present a number of difficulties, such as making it more expensive to interact with the blockchain network.
  • Adoption Challenges: Currently, the Ethereum ecosystem is largely built around the idea that most people have EOAs rather than smart contract wallets. As a result, the initial adoption of abstracted wallets is sure to take time and developmental effort, as exchanges and applications work to get up to speed with this new feature and implement compatibility with the right use cases.

Current Account Abstraction Proposals to Know About

Several account abstraction use cases are already underway, helping to pave the way toward account abstraction adoption and the shift away from EOAs.

These account abstraction development proposals include:

  • EIP-86: EIP-86 would implement a set of changes that abstract out signature verification and nonce checking, allowing users to create account contracts that perform the desired signature or nonce checks rather than using the current transaction processing mechanisms.
  • EIP-2938: EIP-2938 is the proposal that enables account abstraction to create contracts as the top-level accounts from which gas fees are paid and transaction executions begin. This proposal forms the basis of the “smart contract wallet.”
  • EIP-3074: EIP-3074 introduces new EVM instructions — AUTH and AUTHCALL. AUTH sets a context variable based on an ECDSA signature, while AUTHCALL sends a call as the authorized account, delegating the control of an EOA to a smart contract.
  • EIP-4337: EIP-4337 is the proposal we have discussed throughout this article that eliminates the need for consensus-layer protocol changes. This crucial proposal introduces a higher-layer pseudo-transaction called a UserOperation that can send objects into a separate mempool.

What Account Abstraction Means for Webacy

At Webacy, we are excited for the many excellent opportunities account abstraction presents.

For starters, account abstraction enables a wallet to become the smart contract, rather than needing to leverage smart contracts to help with the management of EOA wallets. From Webacy’s standpoint, this means several of our core features — such as the Panic Button and Backup Wallet — can be moved directly into the abstracted wallet.

Additionally, users can approve assets to the abstracted wallet in a way that makes it an affiliated wallet, rather than an entirely separate wallet. As a result, the risk of losing keys is much lower, as you can swap out of your wallet with greater ease in the event of a compromise or if you lose access.

Here is an overview of Webacy’s proposed structure for account abstraction. If you’re an engineer and you have thoughts on our proposal, feel free to open a ticket in our Discord so that we can discuss with you. We want feedback from our community.

Diagram

Description automatically generated

Final Thoughts: Preparing for the Adoption of Account Abstraction

For any wallet users unsure of what the future of account abstraction may look like, Webacy is here to help you ensure the safety of your wallet and assets using the latest technology available to us.

The adoption of account abstraction gives Webacy many new ways to simplify the complexity of wallet management for our users. By creating smart contracts that act as wallets, Webacy users can utilize features like the Panic Button and Backup Wallet with much greater ease. As ERC-4337 wallets become more widespread in adoption, we will begin to introduce them to our users. In the interim, our products are already live in existing traditional EOA wallets.

That’s not all Webacy has to offer either — with Webacy Wallet Watch, you can keep a close eye on your assets and transactional activity, receiving notifications for key events, including approvals. Plus, Webacy enables you to integrate your entire self-custody management system including browser wallets, hardware wallets, cold wallets, and vaults.

With Webacy, you can sleep peacefully knowing your wallet is well-protected and that you will be immediately alerted should any suspicious activity occur.

For enterprises, make sure to check out Webacy’s enterprise solutions which include a full feature suite, API integrations, onboarding support, and more.

Get started with Webacy today to ensure the future of your digital assets.

You can connect with Webacy on Instagram and Twitter.