The discussion started after Derek Chiang from ZeroDev shared his post about MetaMask’s new “Delegation Toolkit”.
accountless
“I found it a bit weird regarding session keys, ~ let’s not use them because they are hard. what? if we keep designing around the problem we aren’t delivering any solutions.
I don’t need to discuss it because no one really does here unless it’s about op codes, but ok. This is a perception. Also now we have all these universal wallets, and totally new frameworks… and teams with kits that won’t work together.
very cool abstractions indeed.”
Dror Tirosh | 4337
“If you read their doc, zksync was inspired by 4337… We did modify 4337 nonce scheme to be aligned with native aa (namely, the protocol itself validates nonce uniqueness, not the account code). Erc4337 was built as an erc, in top of existing networks, so you can say it is a bit hacky. Zksync protocol was added on day 1, which is a lot simpler as it doesn’t have any legacy accounts to support or migrate – which is what eip7702 comes to add.”
accountless
“How do u envision this in the front end with an app this one-time upgrade? Let’s say I want to do ten in a row that’s not a batch?
0xFirekeeper
“Yep though in simplicity there is beauty
Also thanks for the link didn’t know they were working on having an alternative to sequential nonces that’s cool x)
I just wanna also clarify I don’t think 4337 is hacky in and of itself, I think the extra steps being added at the moment from other eips are adding unnecessary complexity and not as focused on the user or even the developers, a lot of it is unrelated to core 4337 but feels like it’s delaying focus on the core obstacles you see with large scale prod dapps and games using aa (not talking about the spec itself)
Right now session keys and non (necessarily) sequential nonces are the main advantage of 4337 aa over other types of aa, maybe could throw in batching in there too, but every day I see a new helper contract everyone is trying to standardize that’s main purpose is to put a bandaid on a typically theoretical problem.
Imagine if you released 0.8 tomorrow, everyone starts feeling the tech debt again even if it has great features. That’s why I think core should be system level, and yes maybe 7702 will solve some of this, and if it does would be good to focus on user needs and get the best of both worlds is all I’m saying.
Better token paymaster support, gas cost optimization, native swaps, cross-chain communication, opt-in replayability features were cool from Coinbase for ex, cross-chain cross-ecosystem exports (registries?), maybe a bunch of adapters to popular protocols like Seaport etc – as opposed to separation of dapps and wallets and adding more middleman contracts. Most dapps took forever to support 1271 much less specific sca features, would prefer helping them integrate rather than giving them extra steps to communicate with a wallet. Login with XYZ Smart Wallet should be on every popular dapp but even today too many steps to be generic enough and can’t blame every provider that has customer needs for being slightly different eventually causing incompatibilities, needs to be solved in another way, and zksync was just an example.
I rambled too much, been up 24h writing rust so I’m grumpy but yeah I was always quick to integrate 4337 features and think it’s great, all I’m saying is more focus on real integrations and use cases vs debates on provider biased standards and the next middleman contract eip that just make things more complex for web2 users.”
accountless
“1271 is a great example for folks who think next billion users magically gonna come to smart accounts because they’re ‘better’. The dapps didn’t even care until Ambire team or Etherspot iirc made a shame wall website.
How do u envision this 7702 one time tx upgrade in the front end with an app. Let’s say I want to do ten in a row that’s not a batch? and if you don’t know the answer why is that really? what do users actually mean then? this is why privacy products often fail.
You know what Rhinestone realized early on? They didn’t have enough front-end support. it made me so happy. At least Konrad said that one Saturday at a hackathon. Not sure if they did anything about it tho.
Honestly baffled that all the ux and chain abstraction talking led by protocol engineers mostly.
Is there even a designer here who chips in? I bet they are scared to do so. how about a front-end dev? We had gads of chatter about all this stuff it blew up the chats.
no designer. no fe dev. Just back-end folks talking about how UX should be for the last 8 years using EOA accounts that don’t rotate keys. Really frustrating.”
Alex Watts | FastLane Labs
“The experience that most founders are trying to create is “nerdsnipe the VCs so that I can raise a lot of capital”
More than half of our last deck (from December 2023) was dedicated to UX issues (because that’s what matters). We spent about 300 engineering hours building out a real frontend, two separate solvers on isolated infra (one in Europe one in the USA), a real relay, and launched all the contracts on Sepolia. We gave a link to the front end and a fairly long explainer-doc to the VCs.
There is a domain called “usable security”.
– https://www.usenix.org/system/files/soups2019-reese.pdf
– https://ieeexplore.ieee.org/document/6234436 (PS Table1)
Please note authors are engineers and security experts.”
CHANCE
“That’s a pretty reductive take. “Security” outside the base layer is simply often paternalistic beliefs based precisely around user experience.
With 3074/7702 even this has gone out of the window anyways so not sure one can even say the base layer prioritizes security anymore + being trustless has very very little to do with “security”
Outside of the base layer like widely adopted standards, this absolutely couldn’t be further from the case…”
noam | alchemy
“Actually, they probably won because of DevX more so than UX or security. When they launched many of them didn’t (and still don’t) have working proof systems, so it’s probably not the security or censorship-resistant angle. But it was a lot easier for devs to build their own versus bootstrapping a validator set, and obviously, the narratives help too. Not a knock on any approach but making things easy for developers goes a long way, and we’re all aware of this, but narratives (rollup-centric roadmap) are powerful. Both bootstrap an iterative approach in this direction.”
Alex Watts | FastLane Labs
“If you’re b2b or marketing to devs, devX is everything. And having good security means you have good devX because your users (devs) don’t have to worry about it as much”
Derek Chiang | ZeroDev
“Yeah in the context of rollups the “users” I had in mind were developers, so we are aligned here”
0xFirekeeper
“An insecure product wouldn’t make it in this industry either way, at least longer term (take this with a grain of salt, can still sign once and get rugged in 2024 lol). Rollup was a good example. I agree that depending on the type of dev you ask you’ll get different answers.
Further I’d say there’s an extra type of dev here.
You have the devs building the lower level systems for other devs to productize it as usable tools and adapt for diff platforms and os, the latter is also building and distributing to app devs, and the app devs are building for users
We don’t need to make all these kinds of devs strive for the same thing, but we shouldn’t focus on one either; so when you say UX or dx you could be talking about any of these, providers sometimes also build the UI users will see, and system level determines the type of data they see too, so it’s not all on app devs
Dx I’d say is its own axis and isn’t really related to the products being developed, great dx is more important at a business level (mattered with RaaS and Embedded Wallets for ex)
What matters the most after security of a product is the people who actually give you a reason to build that product in the first place, the end user, and that’s the key part imo, we’re building things for people to use not trying to win a security hackathon so have to find the balance
Everyone’s doing their jobs I get it but at the end of the day if we focus on one axis only you end up with other products just as secure but better designed and then everyone’s like “oh this feels better” and even if even the largest monopolies and standards crumble then, we’ve seen this a lot with some 2021 chains, no more users to talk about how much more secure your product is, market does its job eventually
Point is developing something that isn’t literally at the EVM core system level shouldn’t be choosing security, dx, UX and all their variants in a sequential way (i.e. oh we can make it feel better later, this’ll make sense eventually) but rather in a parallel way (especially when other players in the industry have partially achieved the same thing you’re trying to achieve but with better UX) to avoid making the next dev’s life harder with restrictions that don’t make as much sense as x or y’s alternatives
Anyway back to staying silent for a few months while I catch up with your 7702 links and integrate aa in a smart fridge
Also my apologies to Cardano feelings I may have hurt in this unorganized wall of text”
Source: The Telegram AA Mafia group.
Get In Touch:
Website | Twitter | Discord | Github | Telegram
Powered by Etherspot
BUIDLer React Component | TransactionKit | Pillar Wallet | AirdropMe
