From EOA to Account Abstraction: Will the Next Leap of Web3 Happen in "Account Systems"?

On November 13, Vitalik Buterin announced the signing of "The Trustless Manifesto," which aims to rethink the Web3 trust model and proposes three laws for judging whether a system is trustless: no critical secrets (the steps of the agreement do not depend on the private information of a single actor), no indispensable intermediaries (participants are replaceable and open), and no unverifiable results (state changes can be reproduced from public data).

It is worth noting that on November 18, the Ethereum Foundation's Account Abstraction team proposed the "Ethereum Interop Layer" (EIL) solution, which is based on the ERC-4337 Account Abstraction standard and the Trustless Declaration principle.

While the market has been critical of Ethereum's decision-making process, objectively speaking, this is not just a matter of philosophical discussion. If we want Web3 to reach billions of people, are the existing account models "accessible" enough? When users permanently lose their assets due to the loss of their private keys, have we truly achieved "self-sovereignty"? These are all crucial questions.

This article will also start with the Manifesto and attempt to explain why Ethereum needs Account Abstraction (AA), what the limitations of EOA are, and what kind of next-generation account experience AA represents.

1. What are the problems with traditional accounts (EOA)?

As is well known, the vast majority of accounts on the Ethereum network to date are still EOAs (Exclusive Accounts), controlled by a public-private key pair, typically expressed as a 12 or 24-word "mnemonic phrase." This constitutes the most prominent feature of cryptocurrency security in the eyes of newcomers—"private key/mnemonic phrase is asset."

As long as the user holds the private key/mnemonic phrase of that address, the assets belong entirely to the user. No one, whether it's an exchange or a miner, can freeze, confiscate, or operate on your behalf.

However, this complete decentralization is also a double-edged sword, setting an extremely high barrier to the widespread adoption of assets:

• Cognitive threshold: Users must understand basic concepts such as public key/address, private key/mnemonic phrase, and gas fees;
• Risk of loss: Under the traditional EOA model, ownership is actually extremely fragile. Since "private key = account", once the private key is lost or stolen, your ownership is instantly lost and cannot be recovered. There is no customer service or platform recovery service.

To put it simply, under the EOA mechanism, everyone is primarily responsible for the security of their own assets. This is why new users are often repeatedly reminded that they cannot take screenshots of their mnemonic phrases or save them to cloud storage; it is best to copy them by hand and make multiple backups.

In addition, EOA has another typical feature: to send any token, the account must have ETH as a gas fee. This means that many novice users can't do anything even if they have 1,000 USDT in their account because they don't have ETH.

Objectively speaking, this experience of "having to buy another kind of money in order to spend money" has greatly hindered the popularization of Web3.

Finally, there is the cumbersome process that is almost like "signing and sealing," because the logic of EOA is "hard-coded" on the blockchain, and its functionality is very limited.

For example, when you buy or sell tokens on a decentralized exchange (DEX), you often need to click "Approve" once, sign your name once, and pay a fee once; then click "Swap" once, sign your name once, and pay a fee once more. The whole process is not only cumbersome but also costly.

In the Trustless Manifesto, there is an important concept called "Accessibility". If a system is technically trustless, but its operation is so complex that only geeks can use it, then it is difficult for it to truly serve the public and cannot be called a "trustless public infrastructure".

It is precisely because of the aforementioned inherent flaws in EOA that explorations have taken place in areas such as Account Abstraction (AA).

II. What is Account Abstraction (AA)?

To put it simply, if a traditional EOA account is like a single-function "old-fashioned Nokia", then an AA (smart contract account) can be understood as an upgraded "smartphone".

From a developmental perspective, AA's underlying technical standards have undergone multiple iterations and expansions, including proposals such as ERC-4337, EIP-7702, and EIP-3074. However, as ordinary users, we only need to remember the essence of AA, which is to decouple the account from the private key, turning the account into a piece of code (smart contract).

Because accounts are essentially transformed into code, their logic is no longer rigid but programmable.

This means we can write all sorts of complex logic into the account, such as "who can use it", "how much money can be transferred per day", and "who pays the transaction fees", which were previously impossible to achieve in EOA itself and had to rely on complex external contract wrapping.

Therefore, there are many ways to use AA accounts. For example, the security of traditional EOA relies entirely on the piece of paper with the mnemonic phrase written on it. If it is lost, it is lost and there is no way to recover it. However, AA accounts support "social recovery". You can set up n guardians (your other device, a trusted friend, or even a third-party organization). When you lose the key, you can generate a new key through the guardian's signature and regain control of the account.

Meanwhile, traditional EOA requires ETH in the account to pay gas fees for sending any tokens, which is a huge hurdle for new users. In contrast, AA accounts support Paymaster (a payment mechanism), allowing applications to pay gas fees for you, or you can directly pay gas fees with USDT in your account, and even achieve seamless interaction.

That's why if EOA is a single-function "old-fashioned Nokia", then AA (smart contract account) is a programmable "smartphone". By decoupling the account from the control logic, the account is no longer controlled solely by the private key, but by code (smart contract), which allows for the addition of more functions and security.

After all, if Web3 wants to reach billions of people, it must bring more behaviors onto the blockchain and reduce the psychological burden and operational costs for users to do so.

III. What benefits can an AA account bring to ordinary users?

In general, for ordinary users, we don't actually need to understand the underlying code logic. We just need to know that upgrading to an AA account will bring the following significant improvements to our Web3 experience:

Firstly, thanks to mechanisms such as social recovery, it is hoped that we can completely say goodbye to mnemonic word anxiety.

This is also one of AA's core values. Because the account and private key are unbound, you can set up more user-friendly security logic, such as setting up 3-5 "guardians" (such as another phone/address of yours, a friend you trust, etc.).

Based on this, if you accidentally lose your current phone, you can simply use the Guardian to generate a "new key" to regain control of your original account.

In short, the account is still there, the assets are still there, only the key has changed, which is closer to the experience of modern financial services.

In addition, AA accounts support a feature called Paymaster, which completely breaks the "must hold ETH" curse.

For example, any project that wants to promote its services can proactively pay the gas fees for potential customers in order to attract users, and users can use it just like using a Web2 App without even realizing that the gas is there.

Of course, if your account only contains USDC, AA also allows you to pay your gas fees directly with USDC. The exchange will be completed automatically in the background, so you no longer need to buy ETH specifically for the purpose of transferring funds.

Furthermore, through smart contract accounts, multiple operations can be packaged into a single transaction (atomic), saving time and money. Taking the DEX transaction mentioned above as an example, previously it required "authorization -> signature -> transaction -> signature", but now AA can complete all steps with one click.

Furthermore, since it is an atomic transaction, it means that either all steps will succeed at once, or all steps will fail. There will be no loss of gas on the chain due to the failure of a certain step, making it safe and efficient.

Finally, because it has its own smart contract logic, the AA account can achieve fine-grained permission management, just like our bank account.

This means we can categorize different accounts and set "daily limits" based on actual circumstances—for example, exceeding 1000 U requires multi-signature, while less than 1000 U allows password-free payments; or we can set up "blacklists and whitelists" to only allow interaction with specific secure contracts.

Even if your private key is stolen by a hacker, due to limits and whitelist restrictions, it will be difficult for the hacker to transfer all your assets in a short period of time.

Conclusion

As advocated by the Trustless Manifesto, a truly "trustless" system should not belong only to cryptographers and geeks, but should be readily accessible.

Account abstraction (AA) is not intended to overthrow Ethereum, but rather to return to a "human-centric" approach. Through the flexibility of its code logic, it compensates for the natural weaknesses of humans in managing keys, clearing the last hurdle for the large-scale adoption of Web3.

With wallets like imToken gradually supporting AA features, we have reason to believe that the future Web3 will be a free network that offers a smooth experience similar to Web2 while upholding "self-sovereignty".

And all you need to do is enjoy this change.