Everything About Account Abstraction: Safe{RecoveryHub}, ERC-2771 Spoofing Threat, Vitalik Buterin’s compression discussion, and Polygon 2.0

Everything About Account Abstraction: Safe{RecoveryHub}, ERC-2771 Spoofing Threat, Vitalik Buterin’s compression discussion, and Polygon 2.0

Written by


December 13, 2023

We are welcoming you to our weekly digest! Here we discuss the latest trends and advancements in account abstraction.

Please fasten your belts!

Safe launches Safe{RecoveryHub} with Sygnum Bank and Coincover

Safe, a premier smart wallet infrastructure, has announced its collaboration with Sygnum Bank and Coincover to launch Safe{RecoveryHub}. It should become a pioneering platform with a diverse array of crypto recovery options.

Safe{RecoveryHub}, integrated with Safe’s robust smart account infrastructure, provides wallet users, including those with Safe{Wallet}, an array of recovery choices, ranging from fully self-custodial to custodial, including social recovery.

This development comes in response to the growing issue of inaccessible digital assets, notably over 900K ETH (approx. $1.92 billion), primarily due to forgotten keys. The platform aims to mitigate these losses by offering a comprehensive recovery solution catering to both institutional and individual digital asset holders.

Users can designate personal backup devices, family, friends, or collaborators for “social recovery” or opt for trusted third parties like Sygnum Bank and Coincover.

Sygnum, a Swiss-regulated bank, boasts over $4 billion in assets under institutional-grade custody, while Coincover is a UK-regulated recovery service provider.

Lukas Schor, co-founder at Safe, emphasized the platform’s flexibility since it offers users a choice beyond the traditional binary of self-custody or custodial experiences.

Thomas Eichenberger, Chief Product Officer at Sygnum Bank, highlighted the growing demand for reliable institutional recovery solutions in the expanding self-custody market.

Morgan Williams, Head of Product at Coincover, expressed the collaboration’s aim to cater to both existing crypto users and newcomers.

Safe{RecoveryHub} is now available to all Safe{Wallet} users, with partner solutions expected to launch in early 2024.

Vitalik Buterin discusses custom compressors for 4337 ops in the 4337 Mafia chat

Vitalik Buterin recently initiated a discussion with developers in the 4337 Mafia chat on Telegram about custom compressors for 4337 operations.

He shared a link to a GitHub repository where he’s experimenting with a basic compression algorithm.

This algorithm utilizes a dictionary and a bitfield, allowing for different dictionary use for each value and calldata treatment with an offset. The aim is to optimize compression for each value separately.

Buterin’s method achieved 4.75x compression, surpassing the 4.10x compression of traditional dictionary-based approaches. He also highlighted the need for clients to adopt more standardized gas and gas price values to enhance efficiency.

Vitalik also emphasized wallet-side standardization for more efficient compression and briefly mentioned potential changes to Ethereum’s memory gas costs.

On the flow and evolution of the compression dictionary Buterin mantioned the following possible approaches:

  1. The first is to compute and publish the dictionary once, keeping it fixed until the next protocol version changes.
  2. The second approach involves creating an on-chain data structure to track the frequency of each address or chunk usage, using the top 192 values from this data in the dictionary.

Critical vulnerability in ERC-2771 and multicall integration

A serious vulnerability has been identified in the integration of two blockchain standards, ERC-2771 and Multicall, as reported by OpenZeppelin. This vulnerability poses a significant threat to a variety of common smart contracts across the Web3 ecosystem.

The issue, disclosed by Thirdweb on December 4, 2023, affects several pre-built contracts, including:

  • DropERC20
  • ERC-721
  • ERC-1155
  • AirdropERC20

OpenZeppelin’s investigation revealed that the vulnerability arises from the ability to override certain call functions within the ERC-2771 standard, potentially allowing attackers to spoof calls and extract the sender’s address information.

An attacker could exploit this by wrapping multiple spoofed calls within a single multicall, thereby compromising contract integrity.

OpenZeppelin identified 13 sets of vulnerable smart contracts and advised the Web3 community to undertake a 4-step mitigation process. This includes:

  1. disabling every trusted forwarder
  2. pausing the contract and revoking approvals
  3. preparing an upgrade
  4. evaluating snapshot options

Additionally, Thirdweb has released a mitigation tool enabling users to check if their contracts are vulnerable.

Despite the urgency of addressing this vulnerability, the integration of AI in auditing smart contracts offers a glimmer of hope.

AI has shown promising results in detecting contract vulnerabilities with high accuracy, supplementing human auditors’ efforts in fortifying contract security.

However, experts caution that while AI can enhance the auditing process, human oversight remains crucial in ensuring the effective deployment and management of smart contracts.

This incident is a stark reminder of the complexities and risks inherent in the world of decentralized finance.

Polygon 2.0 as a new era of interconnected blockchain networks

Polygon is preparing for a major leap in 2024 with the launch of Polygon 2.0, aiming to integrate its various Ethereum layer-2 networks using zero-knowledge proofs (ZK-proofs) to enhance cross-chain coordination.

This integration is expected to leverage ZK-proofs for increased scalability, shared liquidity, and composability among different networks.

Polygon co-founder Jordi Baylina has indicated that 2024 will be a key year for Polygon 2.0, with a focus on connecting the various networks within the ecosystem and sharing liquidity and composability between networks with different flavors.

The networks in Polygon’s ecosystem feature their own tokens, sequencers, and data availability solutions, and Polygon 2.0 will include several upgrades to unify these different protocols with ZK-proof technology into continuous, unbounded blockspace.

The concept of Polygon 2.0 was introduced in June 2023, outlining an ecosystem comprising four protocol layers:

  1. staking
  2. interop
  3. execution
  4. proving

These layers are intended to create an interconnected ecosystem of chains that enable fast value transfer and information sharing.

Polygon released its open-source zkEVM mainnet beta in March 2023, reducing transaction costs and increasing the throughput of smart contract deployments. This technology allows for batching thousands of transactions off-chain, with cryptographic proof containing a minimal data summary posted to the Ethereum mainnet.

The release of Polygon’s chain development kit (CDK) in September 2023 opened the ecosystem to new development, allowing developers to launch bespoke ZK-powered layer-2 protocols on Ethereum tailored to the requirements of their projects.

This includes automatic access to liquidity across all of Polygon’s chains and the broader Ethereum ecosystem with an on-demand scale without fragmenting liquidity.

The transition of Polygon proof-of-stake to a zkEVM validium will expedite the scaling of the network and allow ecosystem protocols to become interconnected.

🐞This digest is sponsored by TransactionKit

Bring your dApp to the next level with TX Kit! Plug-and-play React components, transaction batching, cross-chain compatibility, gasless transactions, and complete UI design freedom. Fast and simple Web3 development is possible.

Learn more!

Start exploring Account Abstraction with Etherspot!

  • Learn more about account abstraction here.
  • Head to our docs and read all about the Etherspot SDK.
  • Skandha  - a  developer-friendly Typescript ERC4337 Bundler.
  • Explore our TransactionKit, a React library for fast & simple Web3 development.
  • For a plug & play integration, review the BUIDLer react component.
  • Follow us on Twitter and join our Discord.

 Is your dApp ready for Account Abstraction? Check it out here: https://eip1271.io/ 

Subscribe to Etherspot’s Everything About Account Abstraction Newsletter!

Get In Touch:

Website | Twitter | Discord | Github | Telegram

Powered by Etherspot

TransactionKit | BUIDLer React Component | Pillar Wallet | AirdropMe