This paper is available on arxiv under CC 4.0 license.
Authors:
(1) Qin Wang, CSIRO Data61, Australia;
(2) Shiping Chen, CSIRO Data61, Australia.
In this paper, we explore the notion of account abstraction (featured by EIP-4337), which is formally involved the sixth stage of Ethereum’s roadmap. We study its operating mechanism, key features, and surrounding developments. We also examine its security by assessing a set of related criteria. Our results reveal the scope and extent of the security improvements introduced by the adoption of account abstraction. To our knowledge, this work provides the first formal AA study.
[1] G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum project yellow paper, vol. 151, no. 2014, pp. 1–32, 2014.
[2] @jmcook1186, “Ethereum accounts,” Retrived https://ethereum.org/en/developers/docs/ accounts/ , 2023.
[3] “Ethereum: ERC-4337,” https://www.erc4337.io/ , 2023.
[4] Ethereum, “Ethereum roadmap: Account abstraction,” https://ethereum.org/en/ roadmap/account-abstraction/ , 2023.
[5] T. T., “Ethereum EVM illustrated,” https://takenobu-hs.github.io/ downloads/ethereum evm illustrated.pdf , 2023.
[6] A. K. Singh, I. U. Hassan, G. Kaur, S. Kumar et al., “Account abstraction via singleton entrypoint contract and verifying paymaster,” International Conference on Edge Computing and Applications (ICECAA), pp. 1598– 1605, 2023.
[7] C. Colin, “Biance research: A primer on account abstraction,” https:// research.binance.com/static/ pdf/ a-primer-on-account-abstraction.pdf , 2023.
[8] A. Emmanuel, “Account abstraction: Past, present, future,” https://metamask.io/news/latest/ account-abstraction-past-present-f uture/ , 2023.
[9] Alchemy, “How ERC-4337 supports account abstraction,” https://www.alchemy.com/learn/ account-abstraction, 2023.
[10] Moderate, “Coinmarketcap: Account abstraction,” https://coinmarketcap.com/ alexandria/glossary/account-abstraction, 2023.
[11] aleksandrmalyshev, “What is account abstraction and why is everyone talking about it?” https://hackernoon.com/what-is-account-abstraction-and-why-is-everyone-talking-about-it, 2023.
[12] Q. Wang, R. Li, Q. Wang, S. Chen, M. Ryan, and T. Hardjono, “Exploring Web3 from the view of blockchain,” arXiv preprint arXiv:2206.08821, 2022.
[13] S. Park, J. H. Lee, S. Lee, J. H. Chun, H. Cho, M. Kim, H. K. Cho, and S.-M. Moon, “Beyond the blockchain address: Zero-knowledge address abstraction,” Cryptology ePrint Archive, 2023.
[14] Q. Wang, R. Li, Q. Wang, and S. Chen, “Non-fungible token (NFT): Overview, evaluation, opportunities and challenges,” arXiv preprint arXiv:2105.07447, 2021.
[15] “Sapienz wallet,” https://www.sapienz.xyz/ , 2023. [16] B. Andrew, G. Catherine, R. Srini, M. Mohsen, and K. Ranjit, “Visa: Auto payments for self-custodial wallets,” https://usa.visa.com/solutions/crypto/ auto-payments-f or-self-custodial-wallets.html, 2023.
[17] “Safe wallet,” https:// safe.global/wallet, 2023.
[18] “Argent wallet,” https://www.argent.xyz/ , 2023.
[19] “Bravvos wallet,” https://braavos.app/ , 2023.
[20] H. Chen, M. Pendleton, L. Njilla, and S. Xu, “A survey on Ethereum systems security: Vulnerabilities, attacks, and defenses,” ACM Computing Surveys (CSUR), vol. 53, no. 3, pp. 1–43, 2020.
[21] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 67–82.
[22] L. Su, X. Shen, X. Du, X. Liao, X. Wang, L. Xing, and B. Liu, “Evil under the sun: Understanding and discovering attacks on ethereum decentralized applications,” in USENIX Security Symposium (USENIX Sec), 2021, pp. 1307–1324.
[23] P. Tolmach, Y. Li, S.-W. Lin, Y. Liu, and Z. Li, “A survey of smart contract formal specification and verification,” ACM Computing Surveys (CSUR), vol. 54, no. 7, pp. 1–38, 2021.
[24] W. Zou, D. Lo, P. S. Kochhar, X.-B. D. Le, X. Xia, Y. Feng, Z. Chen, and B. Xu, “Smart contract development: Challenges and opportunities,” IEEE Transactions on Software Engineering (TSE), vol. 47, no. 10, pp. 2084–2106, 2019.
[25] J. Krupp and C. Rossow, “teEther: Gnawing at Ethereum to automatically exploit smart contracts,” in USENIX Security Symposium (USENIX Sec), 2018, pp. 1317–1333.
[26] L. Brent, N. Grech, S. Lagouvardos, B. Scholz, and Y. Smaragdakis, “Ethainter: a smart contract security analyzer for composite vulnerabilities,” in Proceedings of the ACM SIGPLAN Conference on Programming
[27] Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo, and X. Yang, “Smart contract security: A practitioners’ perspective,” in IEEE/ACM International Conference on Software Engineering (ICSE). IEEE, 2021, pp. 1410–1422.
[28] X. Zhang et al., “Time-manipulation attack: Breaking fairness against proof of authority Aura,” in Proceedings of the ACM Web Conference (WWW), 2023, pp. 2076–2086.
[29] Q. Wang, B. Qin, J. Hu, and F. Xiao, “Preserving transaction privacy in Bitcoin,” Future Generation Computer Systems (FGCS), vol. 107, pp. 793–804, 2020.
[30] A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, “Hawk: The blockchain model of cryptography and privacy-preserving smart contracts,” in IEEE Symposium on Security and Privacy (SP). IEEE, 2016, pp. 839–858.
[31] R. Li et al., “SoK: TEE-assisted confidential smart contract,” Proceedings on Privacy Enhancing Technologies, vol. 3, pp. 711–731, 2022.
[32] G. Yu, X. Wang et al., “Towards web3 applications: Easing the access and transition,” arXiv preprint arXiv:2210.05903, 2022.