Everything About Account Abstraction: SafePal CEO on Web3, Alchemy’s fresh guide, Lit & AA

Everything About Account Abstraction: SafePal CEO on Web3, Alchemy’s fresh guide, Lit & AA

Written by


February 22, 2023

Welcome to our weekly rundown on account abstraction, where we explore the latest developments in this innovative technology that is revolutionizing the way we interact with the blockchain.

SafePal CEO: insights on the future of Web3

In a recent interview, SafePal CEO Veronica Wong shared with CoinTelegraph her thoughts on the current year.

She claims that the abuse of centralized platforms has indeed become a catalyst for self-custody solutions:

 “This should not be just a temporary surge of interest, but a key incentive to increase the adoption of asset self-government, which is often neglected, but which is a key foundation of cryptography. While self-protection is liberating, it also means that users must be responsible for protecting their assets from malicious attacks and adhere to best practices, including wallet hygiene, security measures, and more.

She also shared that the overall economic outlook is still in the recovery phase, but efforts to develop meaningful crypto projects continue. “Advances in MPC technology and account abstraction improve usability and security, while solutions such as the EIP4844 enable more affordable gas charges, lowering barriers to implementation and scalability”, she added. 

Veronika Wong highlights the emergence of so-called ‘wallet wars,’ where more cryptocurrency wallets are created than ever before. She deems this trend positive as it demonstrates industry-wide recognition of the importance of self-storage, driving innovation, and user value, which will eventually revive interest in crypto in 2023.

Alchemy releases a guide on Account Abstraction

Alchemy, a blockchain scaling platform that allows developers to securely build, test, and control their DApps, has also taken their turn to talk about AA.

The company updated its blog with a series of guides on Account Abstraction. At the time of writing, the series consists of 4 parts:

As for the content, the authors warn their readers that the guides are somewhat more tech-oriented:  

The target audience for this article is those who have some understanding of smart contracts but no specific knowledge of account abstraction.

Alchemy is sure that account abstraction will completely change how we interact with the blockchain. But ERC-4337’s version of the account abstraction, in particular, is hard to understand. That’s why the company decided to publish such an extensive guide. 

In this guide, the author walks through the process of developing the simplest version of the account abstraction and, step by step, arrives at the ERC-4337 version. 

PEEPanEIP #100: Account Abstraction Using Alt Mempool with Yoav Weiss

The recent video from PEEPanEIP, a YouTube program by EthCatHerders (an organization that is part of the Ethereum Foundation), presents another guide on ERC-4337 that is worth taking a look at. 

The speakers provide introductions and talk about the key challenges of ERC-4337 and its various features, such as UserOperation, bundling, and storage validation rules. They also discuss the importance of code and signature aggregation validation, as well as simulation and external audit features. 

Overall, the video provides a comprehensive overview of ERC-4337 and its potential impact on the Ethereum ecosystem.

Lit meets AA

Lit, a decentralized network for multiparty computation, shared the thoughts of implementing AA into their product.

To start with, the company describes account abstraction as something that takes cryptography from the current “one account for all” approach, where someone can lose everything due to a small mistake, to the future, where an account can be tailored to people’s needs: “AA is a very effective solution for serious user interface issues in Web3.”

Now let’s see where Lit and AA meet. According to the company’s blog, there are 5 basic examples of how Lit Actions and Programmable Key Pairs (PKPs) can be utilized with account abstraction:

  1. Conditional gas payments. The PKP wallet pays gas fees subject to certain conditions.
  2. User registration. Creating a smart contract account for a beginner in Web3. The signer can start as an MPC key authorized through a Web2 account.
  3. AA wallet authorization for PKP. Smart contract accounts with the ability to sign via PKP.
  4. Non-ECDSA AA wallet with PKP wallet. Allows the signature verification scheme without restrictions.
  5. Adding PKP as a signer to AA wallet, where PKP is the spending account and AA wallet is the treasury for the DAO.

Fairyproof studies security checkpoints for implementing EIP-4337

Fairyproof, a blockchain security company, has studied EIP-4337 in the hope of finding all security checkpoints to consider when auditing an EIP-based implemented solution.

They have studied the concepts and the proposed implementation details. The findings are as follows:

  • UserOperation. Attackers can launch DOS attacks by sending invalid UserOperations to force the EntryPoint to perform those operations without paying any fees. Therefore, the UserOperations check cannot be ignored in all interfaces.
  • EntryPoint. EIP assumes the possibility of updating the EntryPoint contract. An address with access control to update a contract must be managed carefully and cautiously. If compromised, the EntryPoint is exposed to enormous risks.
  • IAggregatedAccount. The “userOp” parameter in the validateUserOp interface must be validated.
  • IAggregator. Devs should check the “userOp” parameter in the validateUserOpSignature, aggregateSignatures, and validateSignatures interfaces.
  • Paymaster. This must be a valid smart contract address if introduced.

To conclude, Fairyproof doesn’t claim these are the only potential security issues that may arise. More vulnerabilities are supposed to be covered soon.

Start exploring Account Abstraction with Etherspot!

❓Is your dApp ready for Account Abstraction? Check it out here: https://eip1271.io/

Get In Touch:

Website | Twitter | Discord | Github | Telegram