paint-brush
EIP-4337 Based Account Abstraction: Why It Won't Work for Institutionsby@liminal
476 reads
476 reads

EIP-4337 Based Account Abstraction: Why It Won't Work for Institutions

by LiminalMay 23rd, 2023
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

EIP-4337 soft fork changes how users transact their crypto assets. The update brings Account Abstraction to the network. Account abstraction does away with the pain points of cryptocurrency storage and transaction. It lets users store their cryptocurrency on smart contract wallets operating at the protocol level. The programmability will allow the new breed of wallets to pack tremendous features.
featured image - EIP-4337 Based Account Abstraction: Why It Won't Work for Institutions
Liminal HackerNoon profile picture

The blockchain industry is presently witnessing a renaissance. The developments in the world of decentralization are aggressively growing at rates never previously witnessed. At the forefront, the Ethereum protocol leads blockchain innovation, with its recent updates positioning blockchain technology toward mass adoption. ‘The Merge’ triggered new interests and possibilities with the network. The ensuing updates continue to pique user interest thanks to the compelling features they bring.


One such update, represented as EIP (Ethereum Improvement Proposal)-4337, brings new horizons to the notion of wallets and asset security. Introduced with the goal of improving user experience while interacting with its dApp ecosystem, EIP-4337 changes how users transact their crypto assets. The update brings Account Abstraction to Ethereum, changing how wallets (or accounts) are utilized.

Reasons Behind Introducing Account Abstraction

Account abstraction capabilities introduced by EIP-4337 shifts the need for users to lean on EOAs (Externally Owned Accounts) – a fancy term for traditional cryptocurrency wallets with key pairs – to smart contract wallets. The reason for this move lies in how cryptocurrency wallets function. Essentially, crypto wallets operate with public and private key pairs generated from a mnemonic seed phrase unique to every wallet. Cryptocurrencies held in EOA wallets are transacted by signing transactions with their private keys. Otherwise, the transactions do not go through.


Losing your private keys means the cryptocurrency held in the wallet is trapped. The wallet seed can regenerate the lost keys, but it acts as a point of failure if ever accessed by the wrong individuals. That goes for private keys too. So, users resort to storing them on paper or sophisticated air-gapped devices immune from attacks due to them remaining offline.


However, such storage leaves users open to losing these credentials for various reasons. Paper wallets are easily prone to damage, and specialized storage devices may exceed the skill levels of users, among other reasons. Consequently, the use of complex cryptography can push assets away from holders.


Users who are not adept with cryptocurrency storage and transactions face a hard time using decentralized use cases. Often, expert users, too, confess the complexity. No wonder individuals are not too inclined to jump into the cryptocurrency world – yet.

What Is Account Abstraction?


Account abstraction does away with the pain points of cryptocurrency storage and transaction. Ethereum users will no longer have to rely on EOA wallets to utilize the network. Instead, the EIP-4337 soft fork lets them store their cryptocurrency on smart contract wallets operating at the protocol level. It introduces the ability for wallets to be programmed to create riveting transactional capabilities. Comparatively, EOA wallets are unidimensional, allowing users to do nothing more than initiate single transactions, one by one.


The programmability will allow the new breed of wallets to pack tremendous features, most of which are yet to be imagined. For now, smart contract wallets can implement social measures to recover funds when private keys are lost, native multi-signature configurations, whitelists for trusted wallets, and transaction limits. More innovative developments include payment of gas fees in tokens besides ETH, automated transaction initiation, bundling multiple transactions into one, and on-chain transaction relaying. None of these features are present in EOA wallets.


The ease-of-use account abstraction brings even those merely acquainted with cryptocurrency wallets the ability to have an uncomplicated experience. Account abstraction makes total sense for users handling smaller sums. Enterprises, on the other hand, operate with massive amounts of cryptocurrencies and are consequently constantly targeted by cybercriminals.


Account Abstraction Does Not Account for Enterprise Asset Security

If anything, the crypto sphere witnesses several CeFi and DeFi protocols crumbling due to smart contract bugs and errors. Hundreds of millions are siphoned away effortlessly by cyber criminals. Contract errors are to blame. Relying on smart contract wallets may not be a great idea for enterprises to store large volumes of assets. The added complexities with EOA wallets exist for a reason, especially when private keys are set aside in cold storage.


Moreover, additional measures to reclaim funds from smart contract wallets give rise to many more points of attack than before. Increased phishing attempts revolving around the new wallet recovery measures can be expected, causing a surge in cryptocurrency theft. Dealing with several points of failure can be an enterprise’s worst nightmare.


Similarly, enterprises interacting with DeFi protocols may be exposed to unknown vulnerabilities because account abstraction allows for automated transactional capabilities. Smart contract security across DeFi needs improvement, and entities holding large sums are better off not relying on such conveniences for the time being.


A level of redundancy while interacting with smart contracts and protocols is suggested. While account abstraction also introduces whitelisting of recipient wallets, we are yet to see how emerging vulnerabilities can intervene and disturb such features.


Despite the rapid developments, institutions and enterprises must remain conservative about implementing the change. There is a lot on the line, and exploits can lead to loss of trust and permanent reputational damages. What’s needed is a tried and tested solution that brings the best of account abstraction and some more.