1. Introduction
2. Blockchain's UX Issues and the Emergence of Account Abstraction (AA)
2-1. Poor UI/UX and the onus of self-custody hinder mainstream Web3 adoption
2-2. AA introduced as a solution
3. ERC4337: A Simplified Solution for AA
3-1. ERC4337 offers AA without the need for a hard fork
3-2. Key components of ERC4337: UserOperations, Bundler, Entrypoint, SCW, Paymasters, Aggregator
4. Rollups Forecasted as the Prime Beneficiary of ERC4337
4-1. UserOperations are most active within rollups
4-2. The primary reason for heightened on-chain ERC4337 activity on rollups is high gas fees
4-3. Blockchain UX is expected to rapidly improve, centered around the rollup ecosystem
5. Conclusion
1. Introduction
Following the EthCC event, a debate has surfaced regarding which sector, between infrastructure and dApps, must evolve for blockchain to achieve mainstream acceptance. It is undeniable that the present Web3 market is wanting in sustainable dApp services with genuine users, and there has been a comparatively lesser emphasis on service areas vis-à-vis infrastructure. Viewing it from this perspective, the argument for pivoting the focus from infrastructure to services certainly carries weight.
However, independent of this viewpoint, it's the author's conviction that blockchain technology still has numerous areas necessitating advancements. It's only with the maturity of such infrastructural development that a killer service, capable of serving hundreds of millions of users, can emerge. The current priorities in the Web3 market are scalability and improvement in the developmental environment. Nonetheless, from a user's standpoint, the UI/UX of blockchain services is equally pivotal. To address such challenges, the Ethereum community has turned its attention to Account Abstraction (AA). After extensive discussions and trial and error, the ERC4337 proposal has been adopted and integrated in the roadmap. This report delves into the concept of AA, explores the structure and significance of ERC4337, and scopes out its potential applications.
2. Blockchain's UX Issues and the Emergence of Account Abstraction (AA)
2-1. Poor UI/UX and the onus of self-custody hinder mainstream Web3 adoption
Two primary factors contribute to the perception of Web3 services as cumbersome and challenging from the user’s standpoint: 1) Suboptimal UI/UX, and 2) The inherent burdens associated with self-custody. The limited user experience in blockchain services isn't solely attributed to scalability constraints but fundamentally stems from the way blockchain mandates users to employ Externally Owned Accounts (EOA).
EOAs are non-programmable, restricted to a predefined mode of usage. This not only poses significant constraints but also necessitates users to possess an understanding of blockchain for seamless use. For instance, EOAs require transactions to be executed individually and necessitate personal key signatures for each transaction (instead of batching the transactions and signing it all at once). Consequently, even straightforward processes like NFT purchases can be time-consuming (refer to the provided illustration). Furthermore, without holding ETH in the wallet for gas fees, even basic transactions like transfers become infeasible. This stands in stark contrast to the Web2 environment, where users can effortlessly register with a single click through platforms like Kakao, Naver, or Google, and subsequently integrate with various apps to enjoy a plethora of services. Thus, for users accustomed to the Web2 service modality, the perceived intricacy and cumbersome nature of Web3 services are unsurprising.
*EOA - Blockchain accounts are divided into EOA and CA (Contract Account). EOAs are externally owned and used for initiating transactions, message signing (verification), and smart contract execution. Wallet services like MetaMask, Coinbase, and Phantom rely on EOAs, which are managed with a private key to only grant access to its possessor. If the private key is compromised, the EOA becomes vulnerable. So wallet users must be cautious not to lose or disclose their private key or seed phrase because once the private key is lost, it’s impossible to recover it. On the other hand, CAs are Ethereum accounts in the form of smart contracts, operating based on embedded code logic and lacking private keys. Therefore, CAs cannot issue transactions on their own and require relevant data from EOAs or other contracts to execute transactions.
Another pivotal concern for Web3 users arises from the self-custody challenges. Traditional financial institutions, like banks, offer built-in safety nets: forgotten passwords can be seamlessly reset after identity verification, and lost cards can be rapidly frozen and reissued through customer support like real-time ARS. In contrast, the Web3 paradigm, anchored by EOAs, doesn't afford such luxuries. The loss of a private key is irreversible. Storing private keys or seed phrases online escalates the risk of cyber-attacks, prompting users to resort to analog solutions like manually jotting them on paper. Even with such precautions, Web3 users are constantly challenged with phishing attempts, scams, and fraudulent schemes. No user, irrespective of their expertise, is immune. A momentary lapse can lead to catastrophic losses, even when the oversight stems not from the individual but from project vulnerabilities. For perspective, as of 2022, the crypto market witnessed an alarming surge in hacking incidents, with damages nearing a staggering $3.8 billion.
2-2. AA introduced as a solution
In computer programming, abstraction refers to the process of distilling the essence of complex data, modules, or systems. Essentially, it masks the technical intricacies of the underlying system behind a simplified API or a high-level interface. This concept is crucial for enhancing user experiences by shielding them from the system's inherent complexities. AA in the blockchain ecosystem embodies this philosophy. At a protocol level, AA ensures that account types remain invisible to the Ethereum protocol. From a user's standpoint, AA conceals the technicalities involved when interacting with Ethereum accounts behind higher-level interfaces. This cloaking act aims to deliver a seamless experience, akin to the user-friendly environments of Web2 platforms. The proposed mechanism to actualize this is the confluence of EOA and CA into a unified entity known as the Smart Contract Wallet (SCW) - sometimes referred to as a Smart Account. This innovative wallet connects the transaction initiation and authorization capabilities of an EOA with the logic execution of a CA. The upshot? A flexible account structure that can embed diverse features to mitigate the complexities of Web3 service usage. However, it's important to note that while AA streamlines protocol interactions, two things remain unchanged: 1) the wallet address that receives funds 2) the personal key granting access to those funds. In other words, while accounts get abstracted from the protocol, they are not abstracted from the user.
The introduction of AA, embodied through Smart Contract Wallets (SCW), unlocks a plethora of features that can significantly elevate the user experience on Web3 platforms. As SCWs can execute arbitrary logic like Contract Accounts (CA), they open up opportunities for custom functionalities tailored to user needs. Let's delve deeper into some potential applications:
- Transfer Limit Settings: Just as bank accounts have daily transfer limits, users can impose a cap on the amount transferable from their SCW. If a user wishes to transfer an amount exceeding the limit, the verification process can be made more rigorous, requiring additional authentication steps.
- Key Renewal & Account Freezing: Similar to freezing and reissuing a credit card after its loss, if a signing key is misplaced, users can freeze their account and get a new key.
- Session Keys: Users can set up temporary keys that can automatically sign transactions for a defined period. This feature could be especially handy for blockchain games, particularly fully on-chain games where micro-transactions might be frequent.
- Auto-Payments: Drawing parallels with automated bank transfers, SCWs can support regular automatic payments. Once this feature becomes mainstream, we can expect subscription models to gain significant traction in the Web3 market.
- Multi-Signature (Distinct from MPC wallets): Users can delegate transaction signing authority to trusted entities (friends, family, service providers, etc), enabling Multi-Factor Authentication (MFA) commonly found in Web2 platforms. While this seems akin to Multi-Party Computation (MPC) wallets, there's a fundamental difference: MPC utilize off-chain solutions, distributing keys and aggregating them off-chain for signing. In contrast, the multi-signature feature in SCWs automates key management on-chain via smart contract codes. Given the dichotomy between these two solutions (on-chain and off-chain), they can be viewed as complementary, potentially leading to the development of hybrid solutions that blend the strengths of both technologies.
- Gas fee Subsidization: This feature involves Paymaster service providers sponsoring or covering the gas fees for customers. For more details about Paymaster, please refer to Section 3-2.
- Subscription System: You can design a subscription service that combines automatic payment and gas fee sponsorship. In this off-chain approach, users' gas fees could be covered in exchange for subscription fees.
- Pay for Gas with ERC20 Tokens: This enables the payment of network fees using ERC20 tokens other than the native coin ETH.
- Social Recovery: In cases of lost private keys or seed phrases, this facilitates recovery through social accounts or other forms of personal authentication.
- Multicall: This feature groups multiple transactions together, allowing them to be signed and processed at once.
3. ERC4337: A Simplified Solution for AA
Efforts to implement Account Abstraction (AA) by the Ethereum community date back to 2017. Spearheaded by Vitalik Buterin, several proposals were discussed, including EIP86, EIP2938 (introducing EIP2718 type transactions, NONCE, and PAYGAS Opcode), EIP3074 (adding AUTH and AUTHCALL Opcode to delegate EOA authority to smart contracts), and EIP5003 (incorporating AUTHSURP Opcode). However, these proposals, requiring changes to the consensus layer protocol, were consistently deprioritized. By 2021, the Ethereum community devised a method to realize account abstraction without a hard fork, leading to the birth of ERC4337. Post the announcement of EIP4337, AA garnered significant attention within the Ethereum community. Two years hence, substantial progress has been made towards its integration.
3-1. ERC4337 offers AA without the need for a hard fork
ERC4337 is a proposal to achieve AA in Ethereum without modifying the consensus layer protocol. Instead of altering the bottom-layer transaction type and adding new protocol features, ERC4337 introduces a higher-level pseudo-transaction object called "UserOperation" and constructs a separate mempool for it (see figure below). Users then submit their UserOperations to this mempool, accompanied by other data necessary for transaction signature and verification. Thereafter, an entity known as the bundler aggregates these UserOperations into a single transaction for inclusion in an Ethereum block (similar to a rollup sequencer).
Source: Vitalik Buterin
3-2. Main components of ERC4337: UserOperations, Bundler, Entrypoint, SCW, Paymasters, Aggregator
To be more specific, ERC4337 consists of four main components (UserOperation, Bundler, Entrypoint, Contract Account) and two optional components (Paymasters and Aggregator). Each of these interact seamlessly with each other to implement AA.
Source: Blocto
UserOperations
UserOperation is a pseudo-transaction object that represents the user's intent. UserOperation may contain various instructions and additional data required to execute the smart contract call submitted by the SCW, and is generated by the DApp service at the request of the user. A UserOperation can be considered the starting point of an ERC4337 type transaction.
However, it is important to note that UserOperations should not be confused with regular transactions. UserOperations differ from regular transactions in three key aspects:
- Dedicated mempool: UserOperations are not sent to the conventional public mempool that hosts regular transactions, but to a separate high-level memory pool dedicated to UserOperations.
- Flexible validation: Unlike regular transactions, which require a private key signature for validation, UserOperations can program their validation methodology on a per-account basis.
- Additional field values: In addition to the "sender", "to", "calldata", "maxFeePerGas", "maxPriorityFee", "signature", and "nonce" values included in typical transactions, there are additional fields as shown below.
Source: ERC4337
Projects developing SDKs for UserOperation include Biconomy, ZeroDev, and Etherspot. Jiffyscan and Blocknative have released dedicated explorers for UserOperations, and Stackup is also working to facilitate the wider adoption of UserOperations by providing JS library for ERC4337 UserOperations, along with a guide on how to send an ERC20 token with ERC4337.
Bundlers
A bundler is an entity that monitors a mempool dedicated to UserOperations, validates UserOperations, and combines them into a single generic transaction to be included in an Ethereum block (similar to a rollup sequencer). The bundler selects UserOperations from a private mempool and submits them to the EntryPoint contract for validation. As an incentive, it receives a portion of the gas fee that users pay when they initiate transactions. The bundler then includes the transaction in the Ethereum block. For this reason, bundlers are often block builders themselves or work with block builders. Once account abstraction is widely accepted, bundlers will theoretically be the only entities that requires an EOA.
As of July 2023, there are over 1,000 projects with bundler clients in service, including Pimlico(Alto), Alchemy(Rundler), Biconomy, Stackup, Infinitism, Etherspot(Skandha), Silius(formerly AA-bundler), Candide(Voltaire). Among them, Pimlico, Alchemy, and Biconomy have a market share of 68.8%, 16.9%, and 8.2%, respectively. As the number of UserOperations skyrocketed in July, the bundler revenue reached $2.2K in July and $19.5K in August. Pimlico's exceptional performance is likely due to the $CYBER airdrop of Cyberconnect V3, a Web3 social middleware that uses the Pimlico bundler solution, which attracted a substantial number of airdrop hunters.
While each bundler client is currently using its own private mempool, causing fragmentation of UserOperations, a public P2P integrated mempool that enables a one-glance view of UserOperations is in development and is expected to launch around October 2023 at the earliest.
EntryPoint
EntryPoint, a Singleton contract for ERC4337 compliant SCWs and Paymasters, validates and executes UserOperations. As the word "singleton" implies, there is one EntryPoint contract per chain. The first EntryPoint contract on Ethereum was developed by the Ethereum Foundation and released in March of this year after a code audit by OpenZeppelin. After receiving feedback from the community, the updated EntryPoint 0.6.0 contract was released on April 12th (Link to Etherscan).
The figure below shows how EntryPoint handles the UserOperations sent by a bundler. By default, the EntryPoint contract must make two loops:
- Verification loop validates the UserOperation by checking the smart contract and the Paymaster contract. At the same time, EntryPoint also checks if either the SCW or the Paymaster contract can pay the gas fee for the UserOperation. If neither the SCW nor the Paymaster contract has enough funds to pay for the gas, EntryPoint rejects the transaction.
- Execution loop sends the call data of each UserOperation to the SCW. The EntryPoint contract calls the account with the calldata specified in the UserOperation and executes the UserOperation. It then withdraws ETH funds from the SCW or Paymaster contract to pay the gas fees for the transaction and provides them to the bundler. Here, the bundler only checks the validation loop and does not check if callData is executed.
EntryPoint transaction process | Source: ERC4337
Smart Contract Wallet/Smart Account/Contract Account
This is an account used by the user. To support ERC4337, the account must have two functions added: ValidateUserOp and op execution. (ValidateUserOp is a function that takes a UserOperation as input and validates the signature and nonce value of the UserOperation. The op execution function provides guidelines for what the SCW should do based on the instruction received via calldata). There are no fully validated SCW libraries on the market yet, but various projects are developing SDKs. Some of the known ones include the following (see Stakup docs):
- SimpleAccount.sol - An account that validates a single ECDSA signature. Developed by ETH Infinitism (Ethereum Foundation's AA team).
- BLSAccount.sol – An account that validates a BLS signature. Developed by ETH Infinitism (Ethereum Foundation's AA team).
- GnosisAccountFactoryAn ERC4337-based Gnosis Safe developed by the Ethereum Foundation.
- Candide WalletA Gnosis Safe fork with social recovery features.
- ZeroDev Kernel - A modular smart account developed by ZeroDev. The code was audited in April 2023.
- Blocto – A SCW with ERC4337 compatible components, e.g., Paymaster, Bundler, and Aggregator. It will offer both its own wallet and SDK.
- Biconomy – An SCW is included in the full-stack AA SDK. In addition to SCW, its offers Paymaster and Bundler SDKs.
- Permissive - A framework to manage the on-chain validation process, compatible with Gnosis Safe and Rhinestone. An early version of the framework is live.
- Soul Wallet – An ERC4337 account library for Soul Wallet.
Over the past two months, the number of SCWs across all chains has surged, with 290K and 144K created in July and August, respectively. Notably, Zerodev has a dominant market share with more than 90% of the deployments. Its dominance is attributed to Cyberconnect V3’s utilization of the Zerodev solution, just like the Pimlico case.
Paymasters (Optional)
Paymasters are smart contracts that process ERC4337-based fee logic. They can be configured in various ways, from paying for gas on behalf of users to allowing users to pay for gas with ERC20 tokens. Paymaster is usually operated by the entity that pays for UserOperation gas. It decides whether to accept UserOperation in the verification loop mentioned in EntryPoint and then processes the fee logic in the execution loop. However, unlike UserOperations, Bundler, EntryPoint, and SCW, Paymaster is not a mandatory component to execute ERC4337 transactions.
Currently, around 80 companies have launched Paymaster services, including Pimlico, StackUp, ZeroDev, Biconomy, and Blocto, with Pimlico leading the market share in terms of the number of UserOperations paid for by Paymasters as well as Bundlers. As of August 17, their gas fees exceed $200K.
Moreover, VISA, the world’s top electronic payment processor, recently announced that it has deployed its Paymaster service to the Goerli testnet. This move is seen as an attempt to take the lead in the on-chain electronic payment market, while also reflecting VISA's stance on the cryptocurrency market. The VISA Paymaster service will allow users to easily pay for gas (fees) for on-chain activities with their VISA card (off-chain) in the same way as they would for typical online payments. In building the Paymaster service, VISA utilized sample Paymaster contracts developed by Infinitism. The transaction cycle involving Paymaster is as follows (see figure below):
- The user creates a UserOperation with the intent (in calldata) and the maximum price a user is willing to pay for the execution of the transaction (gas fee-related parameter).
- The user wallet passes the UserOperation and the VISA card credentials to the off-chain Paymaster web service. During this process, the Paymaster web service calculates the cost to charge the user and decides whether to authorize the card payment based on the credentials provided.
- The Paymaster web service sends a digital signature with a set validity period to the user's wallet.
- The wallet adds the digital signature and on-chain address received from the web service to the Paymaster parameter of the UserOperation and sends it to the Paymaster contract.
- The Paymaster contract verifies the data and, if everything is in order, proceeds to execute the UserOperation. If any information is incorrect, such as an invalid digital signature or expired validity, the transaction is declined.
VISA Paymaster payment process | Source: VISA
Paymaster snippet by the ETH Infinitism team | Source: Github
Aggregator (Optional)
Aggregator is a smart contract that combines multiple UserOperation signatures into a single digital signature. Aggregators help reduce calldata costs by combining multiple signatures into one.
4. Rollups Forecasted as the Prime Beneficiary of ERC4337
4-1. UserOperations are most active within rollups
As of August 17, 2023, a total of 91.7 million UserOperations is generated, and the number of wallets with AA functionality stands at 380,000, according to Sixdegree Labs. More than 90% of these transactions and wallets were created in the last two months, indicating that interest in account abstraction has exploded since this summer.
While the surge in ERC4337-related on-chain activity can be attributed to leaps in infrastructure development, including the deployment of the EntryPoint contract, the release of the SCW SDK, and the launch of the Bundler and Paymaster services, the aforementioned CyberConnect V3 airdrop announced on July 26 played a bigger role. Indeed, CyberConnect V3 on-chain activity spiked around the time of the July 26 airdrop announcement and the August 15 airdrop claim (see figure below). In this regard, the recent spike appears to be a short-term movement, and it may be premature to say that AA is in bloom. However, my assessment is that CyberConnect's move to include many AA-related features in the protocol, such as a chain-agnostic unified social ID, social recovery as well as the introduction of Paymasters for gas sponsorship and $CYBER as a means of fee payment, has considerable significance. This, in turn, primes us to anticipate a proliferation of new use cases that will come in tandem with the evolution of the underlying infrastructure.
Meanwhile, it's interesting to note that most of the on-chain activity is happening on top of rollups and L2 chains, not the base layer. By May, the number of UserOperations on the Ethereum base layer accounted for less than 1% of the total, with Polygon and Optimism dominating the ERC4337 market.
4-2. The primary reason for heightened on-chain ERC4337 activity on rollups is high gas fees
The predominant reason behind the prevalence of on-chain activity within rollups for ERC4337 transactions is gas fees. Since ERC4337 transactions (UserOperations) use contract wallets rather than EOAs, creating a wallet or sending tokens (contract call) incurs higher gas fees than regular transactions. The increased fees at the base layer can be prohibitive for users. According to the table below sourced from Stackup, the estimated gas fee for generating an ERC4337 transaction at the base layer can vary from 1.4x to 4x compared to EOAs. Moreover, while EOAs allow for wallet creation at no cost, creating a new ERC4337 wallet costs approximately 385K gas.
In rollups, on the other hand, the cost for such gas-intensive ERC4337 transactions can be significantly reduced (see figure below). This makes rollups a far more compelling choice for ERC4337 transactions compared to a base layer.
4-3. Blockchain UX is expected to rapidly improve, centered around the rollup ecosystem
Some argue that with advancements in transaction batching and signature aggregation, ERC4337 transactions could become more widespread at the base layer. While this is not incorrect, it should also be noted that such reduction in gas fees will extend to rollups as well. Regarding this, Vitalik Buterin wrote that data compression (e.g., Optimism Bedrock upgrade) and ERC4337 signature aggregation could reduce the gas fee of rollups by up to 7x. Most importantly, the upcoming Dencun upgrade later this year will introduce EIP4844 (proto-danksharding). The upgrade will create a separate data storage space for rollups called a blob, further reducing the cost of UserOperations (For those who are interested in more details about EIP4844’s impact on the rollup economy, please refer to my previous article, “EIP4844 and Its Impact on Rollup Economics.” As a result, ERC4337 transactions will likely continue to take place primarily in rollups, leading to a rapid UX improvement in the blockchain space driven by the rollup ecosystem.
Source: Vitalik Buterin
5. Conclusion
ERC4337 is an upgrade that will enable account abstraction without the need for a hard fork. Its primary goal is to dramatically enhance user experience, a persistent challenge within the blockchain space. Once the adoption of ERC4337 begins to gain traction, blockchain services will be able to provide Web2-like UX and spark new business models and use cases. This is why ERC4337 is described as the epicenter of UX innovation.