AA Wallets: User Experience, Security, and the Future

EIP-4337 standardized smart contact wallets and the related infrastructure. But Account Abstraction is still in its early stages and has low adoption. For example, many Layer2s have yet to support it. These constraints mean that users still face a deep learning curve and huge cost of use.

By introducing a proxy layer, Account Abstraction (“AA”) wallets aim to lower the entry barriers of personal wallets and offer users easier-to-use account systems. Particularly, AA wallets utilize smart contracts as their accounts and introduced a proxy layer between smart contracts and users, allowing the proxy to interact with the blockchain on behalf of users. As a result, AA wallets free end-users from the burden of handling complex blockchain concepts such as private keys and can be easily managed via emails or phones. AA wallets are programmable and offer higher flexibility in management and account behaviors. They are also upgradeable and highly customizable, allowing for new features and improvements to be introduced without upgrading to Ethereum’s entire consensus mechanism.

That said, we believe security is paramount for Account Abstraction. Given that transactions on the blockchain are tamperproof and irreversible, if a user’s account is compromised, irreparable losses may occur. Therefore, when designing AA wallets, the various aspects of security must be considered, including that related to account management and usage, storage and protection of private keys, and confirmation and authorization of transactions, etc.

In this article, we’ll look at the safety features and vulnerabilities of AA wallets, discuss how to strike a balance between user experience and security, and explore how will AA solutions evolve next.

Account Abstraction and Its Security Benefits
Many proposals have been made to improve and standardize Account Abstraction on Ethereum with EIP-4337 being the latest advancement, which later become ERC-4337. ERC-4337 offers an innovative approach that allows transactions to be initiated by smart contracts rather than Externally Owned Accounts (EOAs) without making changes to the protocol’s consensus layer. ERC-4337 creates an alternate mempool to process transactions separately from the main Ethereum network’s mempool. Accounts actions and their associated data fields are buddled and routed into the mempool, from which validators gather and handle them, create a “bundle transaction” and include them in Ethereum blocks.

The goal of EIP-4337 is to make wallets more flexible and upgradable, allowing for the introduction of features such as multi-signature and social recovery, as well as simpler and more efficient signature algorithms and post-quantum secure signatures. ERC-4337 wallets also enjoy increased flexibility in wallet verification logic, supporting arbitrary signature schemes and nonce verification logic.

These features bring important security benefits. In particular, the security of AA wallets is enhanced in the following aspects:

Verification logic: AA wallets ensure the legitimacy and security of user operations through more flexible and advanced verification logic, such as signatures.

Gated entry point contract: AA wallets outsource complex safety features to a global contract called the entry point which is gated in a way that only the trusted entry point can cause a wallet to perform any actions or pay fees.

Separated validation and execution layers: AA wallets use two separate functions to handle the verification and execution of user operations, increasing security and flexibility.

Validation and execution simulation: User operations will be checked for legitimacy through a simulated execution to ensure they can be included in a future block. This keeps AA wallets from DoS attacks.

AA improves the security and decentralization of wallets. By adding support for features such as multi-sig and private key storage and protection mechanisms, AA wallets can better safeguard the security of user assets and ensure the reliability of transactions. However, these safety measures do not provide 100% security against attacks and loopholes. There’s still room for continued research and improvement. Currently, the market’s focus remains more on the technological paradigm rather than user needs and experience.

Vulnerabilities of Account Abstraction Wallets
Private key storage is the most vulnerable link in a wallet. It’s imperative that AA wallets ensure users’ private keys are stored in secure locations and that ample measures are in place to prevent unauthorized access. Online attacks are another major threat to the security of AA wallets. Users’ private keys might be obtained by attackers through phishing, malware, and other means, resulting in their digital assets being stolen.

As mentioned earlier, in an AA wallet, the functionality of Ethereum’s transaction mempool is replicated in a higher-level system. Instead of directly submitting transactions to the blockchain, users send UserOperation objects to the alternate mempool, from which validators or Bundlers package them into a single “bundle transaction” and send it to the Entry Point contract. The Entry Point contract orchestrates the execution of contract accounts and makes sure the validator/Bundler is properly compensated for the transaction fee.

This scheme ensures the safety of a wallet by allowing only the trusted entry point to cause a wallet to perform any transaction or action such as paying the fee or incrementing the nonce. It also makes user accounts more “programmable”.

Compared with other proposals such as EIP-2938 and EIP-3074, EIP-4337 comes closest to full account abstraction without any consensus layer changes. However, it splits the transaction process into several steps, leading to added complexity and more gas overhead than regular transactions. And it also gives rise to potential loopholes. What’s more, as it’s incompatible with the workflow of existing wallet protocols, its adoption might be affected.

To address the aforementioned security issues, AA wallet solutions might employ various measures to further enhance security while maintaining a good user experience. Multi-sig is one of them. Namely, confirmation from multiple users is required to execute a transaction. This will significantly reduce the likelihood of successful attacks. Using hardware wallets to store users’ private keys can also enhance security because hardware wallets protect private keys from being stolen by keeping them isolated from Internet-connected devices.

Striking a Balance between User Experience and Security
In the design of AA wallets, security should be a primary consideration. While it’s important to provide a good user experience, defects in security might expose user assets to safety dangers and risks, resulting in serious consequences. How should developers strike a balance between security and user experience? We believe it’s necessary to consider at least the following four aspects.

Private Key Management: It’s important that users' private keys are safely managed in AA wallets to protect their assets from potential attacks. This can be achieved by using measures like encryption algorithms, hardware wallets, and multi-factor authentication. However, overly stringent security measures might result in a decrease in user experience, such as requiring frequent identity authentication or multiple steps of authentication. Therefore, developers need to find a balance between the two to ensure both the safety of private keys and the convenience of the authentication process for users accessing their assets.

Transaction Confirmation: AA wallets need to provide timely transaction confirmation and fast transaction processing to deliver a good user experience. Meanwhile, they must be able to detect and reject double payments and other fraudulent activities. Technological measures such as could be used to balance the safety and transaction speed requirements, ensuring both asset safety and a smooth user experience.

Multichain Support: Multichain compatibility is a trend for all Web3 products. Future-proof AA wallets should be able to support multiple blockchains to meet users’ needs on various blockchains. However, each ecosystem is adopting AA with slight variations, which creates uncertainty around what the ultimate implementation of AA will be like for each chain and VM. Thus, when adopting Account Abstraction, it might be necessary to consider the work required to achieve interoperability among different ecosystems. Also, each chain has its unique security features and user experience requirements, which should also be paid attention to while trying to strike a balance between security and user experience.

Cost: The cost of on-chain transactions can be a prohibitive factor to application development. Even if we assume most transactions will happen on Layer2s and the fees will be subsidized, the cost for deployment and upgrades at scale might still be expensive. Particularly with AA wallets, upgrading wallets requires upgrading the underlying smart contracts, which can introduce new vulnerabilities and get very pricey.

The Future of Account Abstraction Solutions
Considering factors such as user experience and security, we believe AA wallet solutions on Ethereum have the largest potential for growth and gaining traction. AA solutions in the Ethereum ecosystem, such as zkSync, Fuse Network, and zkSafe, are typically flexible, safe, and easy to use in their design, providing a good user experience. But they are also faced with security challenges and scalability issues, including safety risks associated with smart contracts and challenges to their capacity to handle high transaction workloads. Also, it should be noted that Account Abstract is still in its early stages with a low adoption rate, and further innovation and development are required to drive its adoption and maturation.

AA wallets create an open market by introducing a permissionless network of public nodes including Bundlers, Paymasters, and Signature Aggregators, enabling users to get high-quality services with the lowest fees. From a short and mid-term perspective, infrastructure providers’ ability to deploy Bundlers, Paymasters, and Signature Aggregators quickly and in a customized way will be put to the test. The resulting competition will encourage innovation and ultimately lead to the optimization of both security and user experience.

Meanwhile, infrastructure providers such as StackUp will likely develop modular Bundler and Paymaster services and gradually make them permissionless. Also, there is a pressing need for scaffolding tools to speed up front-end developments so developers can focus more on business logic. Related libraries for dapp development like ether.js are also needed. They could encapsulate functions such as wallet creation with Web2 socials or emails, fast deployment of Paymasters and Signature Aggregators, as well as the creation, signing, and sending of UserOperations and related event monitoring, etc. These tools will simplify dapps' integration with different wallets.

From a mid and long-term perspective, new account standards will emerge and some of them might even be able to separate account authentication from smart contract wallets, allowing users to transport their account data from one wallet to another. And as technological barriers lower and new products become more and more homogeneous, competition for AA wallets will intensify. More progressive innovations, including, for example, permissionless and modular infrastructure services, integration with existing services, dapp SDKs, and independent account layers, will be required to upgrade flexibility and user experience to the next level.
erc4337Trend Analysis

Also on:

Disclaimer