Ethereum ERC 4337 Account Abstraction

Owned by jimm1
Last updated: Aug 21, 2023
6 min read

Key Points

  1. Account Abstraction is a concept that turns users' wallets into smart contract accounts, in order to make Ethereum wallets more user-friendly and to prevent any loss of crypto keys


References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________


https://medium.com/infinitism/erc-4337-account-abstraction-without-
ethereum-protocol-changes-d75c9d94dc4a

ERC 4337: account abstraction without Ethereum protocol changes



https://eips.ethereum.org/EIPS/eip-4337EIP 4337







Key Concepts


EIP 4337 concepts

https://eips.ethereum.org/EIPS/eip-4337

An account abstraction proposal which completely avoids the need for consensus-layer protocol changes. Instead of adding new protocol features and changing the bottom-layer transaction type, this proposal instead introduces a higher-layer pseudo-transaction object called a UserOperation. Users send UserOperation objects into a separate mempool. A special class of actor called bundlers package up a set of these objects into a transaction making a handleOps call to a special contract, and that transaction then gets included in a block.


What is EIP 4337 ? video



 https://www.youtube.com/watch?v=Nsqyt7YYvgg

EOA - Externally Owned Account can use a Wallet service instead of a physical wallet reducing risks, providing better governance

SCA ( Smart Contract Account ) can be used as someone's primary account

q>> can an EOA have multiple SCAs?

yes, EOAs map to SCAs as owners



 


ERC 4337: account abstraction without Ethereum protocol changes

https://medium.com/infinitism/erc-4337-account-abstraction-without-ethereum-protocol-changes-d75c9d94dc4a

ERC 4337 account abstraction without Ethereum protocol changes.pdf link

ERC 4337 account abstraction without Ethereum protocol changes.pdf file


Account abstraction has for a long time been a dream of the Ethereum developer community. Instead of EVM code just being used to implement the logic of applications, it would also be used to implement the verification logic (nonces, signatures…) of individual users’ wallets. This would open the door for creativity in wallet designs that could provide some important features:

  • Multisigs and social recovery

It is possible to do all of these things with smart contract wallets today, but the fact that the Ethereum protocol itself requires everything to be packaged in a transaction originating from an ECDSA-secured externally-owned account (EOA) makes this very difficult. Every user operation needs to be wrapped by a transaction from an EOA, adding 21000 gas of overhead. The user needs to either have ETH in a separate EOA to pay for gas, and manage balances in two accounts, or rely on a relay system, which are typically centralized.

What a 4337 wallet contract does

A wallet is a smart contract, and is required to have two functions:

  • validateUserOp, which takes a UserOperation as input. This function is supposed to verify the signature and nonce on the UserOperation, pay the fee and increment the nonce if verification succeeds, and throw an exception if verification fails.

To simplify the wallet’s logic, much of the complicated smart contract trickery needed to ensure safety is done not in the wallet itself, but in a global contract called the entry point. The validateUserOp and execution functions are expected to be gated with require(msg.sender == ENTRY_POINT), so only the trusted entry point can cause a wallet to perform any actions or pay fees. The entry point only makes an arbitrary call to a wallet after validateUserOp with a UserOperation carrying that calldata has already succeeded, so this is sufficient to protect wallets from attacks. The entry point is also responsible for creating a wallet using the provided initCode if the wallet does not exist already.

Bundlers and mempool nodes can use logic similar to today’s Ethereum transaction handling logic to determine whether or not to include or forward a UserOperation.


Restrictions on the wallet contract operations in mem pool

There are some restrictions that mempool nodes and bundlers need to enforce on what validateUserOp can do: particularly, the validateUserOp execution cannot read or write storage of other contracts, it cannot use environment opcodes such as TIMESTAMP, and it cannot call other contracts unless those contracts are provably not capable of self-destructing. This is needed to ensure that a simulated execution of validateUserOp, used by bundlers and UserOperation mempool nodes to verify that a given UserOperation is okay to include or forward, will have the same effect if it is actually included into a future block.

How it works - bundle user operations in a mem pool

Instead of modifying the logic of the consensus layer itself, we replicate the functionality of the transaction mempool in a higher-level system. Users send UserOperation objects that package up the user’s intent along with signatures and other data for verification. Either miners or bundlers using services such as Flashbots can package up a set of UserOperation objects into a single “bundle transaction”, which then gets included into an Ethereum block.


The bundler pays the fee for the bundle transaction in ETH, and gets compensated though fees paid as part of all the individual UserOperation executions. Bundlers would choose which UserOperation objects to include based on similar fee-prioritization logic to how miners operate in the existing transaction mempool. A UserOperation looks like a transaction; it’s an ABI-encoded struct that includes fields such as:

  • sender: the wallet making the operation

What properties does this design add, maintain and sacrifice compared to the regular Ethereum transaction mempool?

Maintained properties:

  • No centralized actors; everything is done through a peer-to-peer mempool


New benefits:

  • Verification logic flexibility: the validateUserOp function can add arbitrary signature and nonce verification logic (new signature schemes, multisig…)

Weaknesses:

  • Slightly increased DoS vulnerability despite the protocol’s best effort, simply because verification logic is allowed to be somewhat more complex than the status quo of a single ECDSA verification.

Sponsorship with paymasters

Sponsored transactions have a number of key use cases. The most commonly cited desired use cases are:

  1. Allowing application developers to pay fees on behalf of their users

This proposal can support this functionality through a built-in paymaster mechanism. A UserOperation can set another address as its paymaster. If the paymaster is set (ie. nonzero), during the verification step the entry point also calls the paymaster to verify that the paymaster is willing to pay for the UserOperation. If it is, then fees are taken out of the paymaster’s ETH staked inside the entry point (with a withdrawal delay for security) instead of the wallet. During the execution step, the wallet is called with the calldata in the UserOperation as normal, but after that the paymaster is called with postOp.

Example workflows for the above two use cases are:

  • The paymaster verifies that the paymasterData contains a signature from the sponsor, verifying that the sponsor is willing to pay for the UserOperation. If the signature is valid, the paymaster accepts and the fees for the UserOperation get paid out of the sponsor’s stake.

Note particularly that in the second case, the paymaster can be purely passive, perhaps with the exception of occasional rebalancing and parameter re-setting. This is a drastic improvement over existing sponsorship attempts, that required the paymaster to be always online to actively wrap individual transactions.

How far along is this proposal? > running in mainnet in March 2023

ERC 4337 can be found here. There is an implementation in progress here.

Potential Value Opportunities



Potential Challenges



Candidate Solutions



Step-by-step guide for Example



sample code block

sample code block



Recommended Next Steps