Interpretation of the ERC4337 review scheme for Ethereum account abstraction (Part 1)
foreword
first level title
At the WalletCon in Denver on March 1, 2023, it was officially announced that the ERC-4337 core contract designed and implemented by the developers of the Ethereum Foundation has passed the audit of OpenZeppelin and passed various tests. The audited contract has been successfully deployed on the Ethereum network. Fangzhunet and several testnets can be operated on various EVM compatible chains, including Polygon, Optimism, Arbitrum, BNB Smart Chain, Avalanche and Gnosis Chain.
first level title
1. The abstract background of the account
secondary title
1.1. Why is the separation of property rights the goal of account abstraction?
Currently, there are two types of accounts in Ethereum, namely external account (EOA) and contract account (Contract Account). The ownership of the external account and the signing right are theoretically held by the same individual unit; simply speaking, the person holding the private key not only has the "ownership" of the account, but also has the right to "sign and transfer all assets". Therefore, the current ownership and signing rights on Ethereum are integrated, and such an external account (EOA) design may lead to some issues worth discussing:
Difficult to protect the private key: The user loses the private key (lost, hacked, cracked in cryptography) means losing all assets.
Few signature algorithms: native protocols can only use ECDSA signature and verification algorithms for transaction verification.
High signature authority: no native multi-signature (multi-signature can only achieve collaboration through smart contracts), single-signature can perform any operation
Transaction privacy disclosure: One-to-one transactions can easily analyze the private information of account holders.
Secondly, the simple contract wallet (CA) also has certain problems:
The operation on the contract wallet must be initiated by EOA (essentially calling the contract), and each transaction will consume an additional 21,000 Gas. (The verification method of the current Ethereum transaction is fixed, only if it holds a valid ECDSA signature, Nonce value and sufficient
EOA needs to have enough ETH to pay Gas (manage two accounts), or rely on Relayer to pay Gas (leading to centralization).
Appeal constraints make it difficult for ordinary users to use Ethereum:
First, to use any application on Ethereum, users must hold ether (and bear the risk of ether price fluctuations)
Multi-currency restrictions: transaction fees can only be paid by ETH, and batch transactions are not supported.
account balance, a transaction is considered valid).
Secondly, users need to deal with complex fee logic. The concepts of Gas price, Gas limit, and transaction blocking are too complicated for users.Finally, although many blockchain wallets or applications try to improve user experience through product optimization, they have little actual effect.
The way to break the situation is to realize account abstraction,
Decoupling ownership (Owner) and signing rights (Signer) can solve the above problems one by one
Ethereum Account Abstract 4D Research Report: Dismantling 10 Related EIP Proposals and the Seven-Year Road to Breaking the Bottleneck of Tens of Millions of Daily Active Users
secondary title
1.2. Comparison between EIP-4337 and compromise solutions
text
1.2.1. Compromise 1-Multi-signature contract wallet solutionMulti-signature wallet, that is, a wallet contract account that uses smart contracts to implement multi-signature functions. Taking the Safe multi-signature wallet (formerly known as Gnoiss Safe) as an example, you can set the multi-signature rules of the wallet, such as three-person co-management, two-person signature execution transaction (2-of-3), and the Argent wallet is similar, innovative The point is to introduce the so-called Guardian mechanism, which is more user-friendly. Users can set other EOA accounts or email/mobile phones as guardians. Guardians can allow transactions, lock wallets, and assist in wallet recovery. This approach brings convenience to users, but due to the complexity of its wallet software, wallet contracts, and back-end programs, its solution is difficult to become a standard practice in the industry.
In short, many of the advantages here come from the highly customizable ability of the contract itself, and the same disadvantage is that it depends on the EOA account as the administrator to drive,This is essentially a limitation of the signature algorithm.It only needs to be bound to the algorithm signed in the contract
(Ensure that the contract can be unsigned, but not limited to only based on ECDSA and secp 256 k 1 signatures), and the signing itself can be implemented with a variety of algorithms, different algorithms have different performance and interaction modes, and this will bring The core change is, such as better transferring the signature function to the mobile device side to realize a portable hardware wallet. The main challenge of this point is that Android and other devices are too open, it is impossible to store the private key in the mobile phone, and a separate signature chip is required.
text
1.2.2. Compromise 2-yuan transaction standard
This optimization compromise is aimed at the fact that users must rely on the existing ETH as a handling fee to perform on-chain behaviors. After adopting the meta-transaction standard
In terms of user experience: Although the user does not have ETH in the account (actually the native token MATIC without the Polygon chain), they can still cast NFT through the web interface: the user only needs to sign, and we create a transaction and pay for it. , Submit it to the chain for execution.
Behind the scenes on:
The user signs the structured data, and the data and the signature require the NFT contract to cast an NFT to him
Data and signature are sent to the relayer (Relayer)
The off-chain repeater (an EOA account) initiates a transaction to the chain and sends it to the trusted forwarder contract (Forwarder) on the chain
The NFT contract is customized, and the original initiator in the transaction passed in this way will be regarded as the user, not msg.sender
Therefore, in the final NFT contract, the object obtained by executing NFTMint is not the transaction initiator in the original standard
For example, the recently popular Lens gas-free solution is a very standard meta-transaction execution mode, and there have been tens of millions of payment transactions
This scheme works, but has two drawbacks:
It introduces an off-chain role relayer (Relayer) that we must trust. If he is down, or has malicious motives (or private keys are stolen), there may be risks.
The contract we ultimately interact with (that is, the NFT contract) must be customized. This results in the inability to interact with uncustomized contracts that already exist on the chain, which greatly reduces the scope of application.
Further reading:
https://research.web3 caff.com/zh/archives/4660
EIP-4337 Standard Smart Wallet Practice Research Report: Panoramic Presentation of 4337 Standard Example Implementation Process and Opportunity Discussion
first level title
2. Why can 4337 realize the separation of property rights?
Now there is no free trust in the decentralized field, and identity verification must be based on cryptographic proofs, so no matter which proposal needs to manage a certain sense of private key, and to achieve a compromise in experience, the first thing to break is That is, the current account permissions are too concentrated, and the overall transformation method can be divided into three general directions according to the targeted objects or links:
Transform transaction types on the chain (EIP-101, EIP-86, EIP-859, EIP-2718)
Transformation of main objects on the chain (EIP-2938, EIP-3074, EIP-3607, EIP-5003)
Transform the packaging process of on-chain transactions (EIP-4337, EIP-5189)
In the figure below, the EIP-4337 scheme is included in the latest roadmap, which also declares that Ethereum has finally made a decision on these two paths.EIP-4337 is by far the best solution for AA.Avoid consensus layer protocol changes entirely
, using the new transaction object UserOperation proposed in the standard, the user sends this object to the memory pool, and the bundlers package and deliver the contract in batches from the miner dimension to execute the transaction. It is a decentralized model where anyone can develop contracts on the chain, and anyone can run the bundler themselves.
2.1, 4337 operating principle
Follow-up in-depth understanding of the difficulties and challenges faced by the latest progress still requires an understanding of the principles. Let’s sort out the roles involved, the division of labor, and compare the execution process of traditional transactions.
text
2.1.1, Roles involved in the 4337 standard
ERC-4337 has five main components: UserOperation, Bundler, EntryPoint, Wallet Contract, and Paymaster Contract.
UserOperations is a user operation object, which is a pseudo transaction object used to perform transactions with contract accounts. These are created by the creator's application.
Bundlers A bundler, possibly a miner, bundles UserOperations from the mempool and sends them to participants of the EntryPoint contract on the blockchain.
Wallet Contracts are the on-chain identities that users ultimately own and belong to smart contract accounts.
Paymaster Contracts are optional payment smart contracts.
text
2.1.2, Execution process of 4337 transactions
Let's re-according to the process of completing an Ethereum transfer to sort out what the transaction according to ERC-4337 is like:
Open the wallet: the user manages the private key tools held by the user, such as Metamask, Bitkeep, Bitizen, etc. (this step remains unchanged).
Transaction signature: Use the private key to sign several new fields, which is called UserOperation user operation object (the instruction remains unchanged, but the content fields change, and a non-ECDSA signature algorithm can be selected).
Sending transactions: called Bundlers or bundlers, the essence is still operated by a certain miner who is responsible for producing blocks (the sending remains unchanged, and the sending object is changed to a designated miner).
Miner packaging: After bundlers analyze and verify the operation signature sent by the user, the miner will sign a transaction to wrap the user's instruction, and forward the user's operation instruction to a certain contract wallet in batches, and then the contract will verify the user's signature and Execute (overhaul).
Since the transaction is signed and sent by the miner, from is the miner, and the original user's signature and instruction are among the parameters.
The package is sent to the smart contract as a router, the verification is performed and further forwarded to each user's independent contract wallet.
Entry Point Contract Verification: EntryPoint is a smart contract that handles transaction verification and execution logic. It will repeatedly interact and verify with the user's contract account to ensure that the final packaging on the chain must be successful, otherwise all transactions will be rolled back.
Block production process: completely unchanged.
2.2. Function example: entry point contract
After moving to 4337, the scheduling of any account needs to go through the entry point contract first, what he needs to solve is
If the user's "wallet contract" has not been deployed, use the initCode field in UO to deploy the contract (users can customize the final contract function)
UserOperation in cyclic verification combination transaction
Existing off-chain simulation verification (eth balance, token balance, payment on behalf)
Manage Staking Fees
Calculate the gas cost, both for charging users and compensating the bundler for failed transactions
first level title
3. Why should we continue to pay attention to ERC-4337?
The high development investment and rapid iteration progress of ERC-4337 show that it can quickly become the final proposal, be widely accepted by various applications, and truly become a de facto industry standard. The core value it brings is to greatly reduce the use of Web3 by ordinary users. Applied Threshold.
At that time, whether an application is compatible with ERC-4337 will affect whether it can use other components of the entire Ethereum ecosystem to develop rapidly. Subsequent DApp applications will also inevitably need to be compatible with users who have transferred from account subjects to ERC-4337.
It is the users themselves who ultimately verify the market, and the implementation scheme is complicated, which is only complicated for the application side
For the users themselves, what they can finally see is:
A smoother transaction experience, similar to a shopping cart, can be packaged in one transaction even in the face of 10 markets.
More secure access entrance, with the help of 4337's custom signature algorithm capability, using the mobile phone's exclusive security chip without carrying a hardware wallet,
A more immersive game environment, with the help of paymaster's payment ability, it is even possible to define that transactions that do not exceed XX amount within half an hour are exempt from signatures, avoiding a game being interrupted off-site.
The real main body on the chain can be recovered by social interaction, the private key password can be changed, and the risk of transactions can be stratified and graded, which is compatible with safety and convenience.
The previous part was more about the operation mechanism and background of ERC-4337."shisi"15-day membership extension for referral code).
The next part will describe in detail the advantages and disadvantages of the current audited scheme and the implementation details, but it involves more underlying layers of Ethereum, so it is difficult to read. It is submitted on the research channel of the Web3 Caff platform (the paid research platform at the head, and is in progress for 14 Jun fans joint activities, available
15-day membership extension for referral code).
https://cointelegraph.com/news/ethereum-erc-4337-smart-accounts-launch-at-walletcon-account-abstraction-is-here
https://blog.openzeppelin.com/eip-4337-ethereum-account-abstraction-incremental-audit/#conclusions
https://blog.openzeppelin.com/eth-foundation-account-abstraction-audit/
https://eips.ethereum.org/EIPS/eip-4337
https://hackmd.io/@erc 4337/test-suite
https://www.youtube.com/watch? v=eyT 6 WzJmWyc
https://notes.ethereum.org/@yoav/unified-erc-4337-mempool#What-does-censorship-resistance-require-of-ERC-4337
https://github.com/eth-infinitism/account-abstraction/issues/188
https://notes.ethereum.org/@yoav/unified-erc-4337-mempool
https://github.com/eth-infinitism/account-abstraction/blob/develop/reports/gas-checker.txt#enroll-beta
