Background
One of the significant obstacles to the mass adoption of cryptocurrency remains the security of funds and the potential permanent loss of funds due to irreversible blockchain transactions.
According to a Bitcoin.com article, about 1500 bitcoins are lost daily; these losses often happen due to owners' private keys being compromised.
The potential threats and security vulnerabilities in how users interact with cryptocurrencies inspired the development of the ERC-4337 (Ethereum Request for Comment 4337) standard by Vitalik Buterin and other Ethereum researchers.
Previous Attempts to Solve Wallet Security Problems
Hardware Wallets
Hardware wallets are the safest way to keep your crypto. However, a significant problem with the delivery model is the high risk of a Supply Chain or Man in Middle attack. Hardware wallets pass through different entities before they get to the end user.
A malicious actor could have gained access and compromised these wallets during this process.
Although hardware wallet providers have checks to prevent tampering with these devices, the potential loss would be devastating, supposing a malicious actor gets a hand on a batch of hardware wallets.
Multi-Sig Wallets
Multi-sigs (Multi-Signature Wallets) is another way to secure your funds; the ERC-4337 draws influence from it. With a Multi-sig, multiple accounts must sign off on any transaction before it can be processed. This seems safe; however, losing private keys is still a problem.
Losing the key to your multi-sig means your assets will be permanently locked in the wallet without a way of retrieving them.
What Is ERC-4337?
The ERC-4337 standard allows account abstraction and facilitates wallet recovery via Social Recovery. The ERC-4337 lets you regain access to your wallets after compromised or misplaced private keys. Don't fret if you do not understand some of these terms yet.
We will explain what they mean in this article.
What Is Account Abstraction?
According to the Ethereum Improvement Proposal 2938 (EIP-2938), there are two types of accounts: Externally Owned Accounts (EOA) such as MetaMask, and Smart Contract accounts.
However, only EOA can pay gas and send transactions; a smart contract can only send a transaction if an authorized EOA initiates it.
Account abstraction gives EOAs smart contracts capabilities; that way, you can add custom logic to help secure your wallets whilst being able to initiate transactions directly.
The most crucial logic is the social recovery logic, which lets the wallet owner assign at least three EOA as custodians of the recovery method.
These custodians assign a unique key the wallet owner can use to sign transactions. Once this key is compromised, the owner can contact these custodians to help reset and change the signing key. Custodians can be friends, family, or service providers.
Account abstraction was first introduced in the EIP-2938. However, EIP-4337 implements abstraction without changing the Ethereum consensus layer. Also, the ERC-4337 lets you customize how you transact. For instance, you can set a daily limit on transactions.
It also enables you to add an extra key, which needs to sign off on transactions; this key can be held in the custody of a service provider who checks the transaction's destination and verifies if it's secure to interact with.
A service provider can quickly contact you to confirm whether you are trying to conduct transactions. Some wallet providers, such as Argent, already provide some capabilities of the ERC-4337, such as social Recovery.
Post Quantum Security
There are many talks about the future of blockchain post-quantum computing since today's algorithms are not immune to quantum attacks. ERC-4337 takes a pre-emptive measure by featuring post-quantum safe signature algorithms.
In Vitalik Buterin's post, he explains how ERC-4337 will help create wallets with signatures that are safe against quantum attacks and make the execution layer of Ethereum secure against possible quantum attacks.
Conclusion
The ERC-4337 may not be the perfect solution for wallet security. However, it is the most comprehensive solution right now. It also gives DeFi a boost due to several features included, such as support for sponsored transactions, which lets developers pay their users transaction fees, thereby lowering the barrier to entry into DeFi.
Furthermore, due to the programmable nature of ERC-4337, you can automate transactions and write custom applications in your wallets. In a future article, we will examine how the standard helps DeFi. You can find the technical specifications of the ERC-4337 here.
Feature Image by Aaron Olson from Pixababy
