Original title: “Unipass magistrate: Why AA wallets are the newer paradigm in Web3 wallets”
Original source: SevenUp DAO
Original author: Magistrate, founder of Unipass
1. Original Sin: A Review of the MetaMask Devcon Keynote Speech
Although MetaMask products have received widespread attention, they have been criticized for slow product update iterations and poor user experience. However, the developer team has a much stronger understanding of product iterations than ordinary users. Based on the huge number of users, MetaMask products The form actually has a certain role in shaping the current web3 application ecology, so this returns to the theme of “original sin”. Is the direction of our wallet (MetaMask) right? What changes do we need to make in the future?
The MetaMask development team believes that there is still a lot of room for improvement in the current wallet track. On the one hand, the high usage and installation thresholds prevent new users of web2 early adopters of encryption. On the other hand, there are security issues, even plug-in wallets cannot completely hinder The possibility of hackers exploiting loopholes.
In addition, it is difficult for Web2 users to understand web3 products. For example, the safekeeping of private keys is a common topic, but users are still not so sensitive to this. They can only regret it after the private key is really lost. The private key means web3 , which represents proof of ownership of the web3 world.
So, what should the new paradigm of Web3 products look like? Web2 users can successfully enter web3 without understanding the product. If users really understand the product before starting to use it, it will greatly increase the user’s learning cost. MetaMask gives their own thinking, and current web3 products rarely do it. to this point.
-
can prove it’s mine
-
It cannot be hacked or stolen
-
I have full control, revoke, restore account
-
The product interacts with my full knowledge
-
I can freely choose the way I interact with the outside world
And the most important thing in the wallet track must be honesty. The advantages and disadvantages of the solution must be clear to users. Stealing one’s ears and stealing bells is irresponsible for the product and users, so today’s topic, account abstraction and smart wallets are introduced.
MetaMask proposed three very important account abstraction proposals: ERC-4337, “Open the door to creativity for wallet design”, such as “multi-signature and social recovery”; EIP-3074, which can delegate the authority of EOA to a contract, Allows users to approve transfers, perform operations, and revoke approvals in one transaction, equivalent to changing from an EOA address to a smart contract address; EIP-5003, equivalent to the group version of 3074.
2. What is a smart wallet
1. Concept
Smart wallets are essentially wallets using smart contracts. Smart Contract Wallet is one of the two wallet forms currently supported by Ethereum, and the other is the commonly used EOA (externally owned address) wallet, EOA wallet is an address on the blockchain controlled by a private key, i.e. through the private key, the user can sign transactions from said address, but the user cannot authorize another key to sign for a given address, nor can they write custom on it Logic; in contrast, smart wallets can implement arbitrary logic by writing code. I have drawn a layered diagram of a cryptocurrency wallet before. The bottom layer is the key layer, the middle layer is the provider, and the top layer is the wallet. The main function of the key is to manage the public and private keys, import and export of keys, and The generation of signatures has nothing to do with the chain in essence. After all, it is a mathematical operation; the middle layer provider is related to which main chain it is in, and the address is generated according to the format of the main chain; the top layer mainly corresponds to the browsing of assets, The collection and distribution of tokens, so a wallet can basically be split into three layers.
The Ca wallet was originally translated as an internal wallet. It is more to correspond with the EOA external wallet. The EOA address cannot carry any assets. The highlight is the bookkeeping function. The assets are actually in the Ca account. , CA is called contract account in Chinese. Our common ERC-20 token contracts, DeFi business contracts, etc. have an address that looks very similar to EOA, which is CA.
2. What are the benefits of using contracts as wallets?
Ca can be used for the management of smart wallet assets. For example, the gnosis safe multi-signature wallet is actually a smart wallet, but multi-signature is not its essence, but uses the logic of smart wallets to do multi-signature. There are also many advantages of using contracts as wallets. The internal logic is customizable and flexible, and it can realize functions that traditional wallets cannot.
For example, when we talk about the contract wallet, everyone’s first reaction is where is its private key? In fact, this is the logic of the EOA wallet. The private key and the public key correspond one-to-one. This description is no problem in the EOA wallet, but like the gnosis safe multi-signature wallet, it is actually implemented through a kind of “logic”. For example, for 3/5 multi-signature wallets, the control of permissions depends on whether more than three of the five addresses can be authorized. Therefore, the asset management of the contract wallet is not controlled by the private key. The most important thing is the logic execution. Any key is set, but the logic of other CAs determines whether it can be unlocked, such as DeFi loan contracts, as long as the money is repaid, the pledged assets can be retrieved. Of course, it does not mean that only relying on logic does not require a public key, it just means that it adds a layer of security and operational logic.
3. What is AA-Account Abstract?
1. Concept
The abstract concept of account is to change the current situation that most people are using EOA, and hope that users will turn to SCW (Ca as an address wallet solution, smart wallet), and completely remove the ecological dependence on EOA.
At present, many chains actually have relatively complete account abstraction functions built-in, such as public key collection, permission control, contract logic, etc. In fact, various public chains have certain account abstraction capabilities since eos, and the address of eos is actually a character. String, it is no longer a public key, it has an obvious internal structure, two public keys, one with high-level permissions belongs to the owner, and the other is used for execution. In fact, Ethereum does not have the concept of account abstraction. It can be traced back to some discussions in 2015. At that time, Vitalik believed that at least the cryptographic algorithm used by Ethereum to verify transactions should be replaced, and the third party behind it. Pay for gas, signatures, etc., but Ethereum is difficult to “modernize” due to historical reasons. Many things are written and fixed. Therefore, if the Ethereum ecosystem wants to expand account abstraction, it can only use smart wallets and applications. layer to make up for it.
What the account abstraction is doing is to abstract the account layer and the key layer, and users can customize the logic inside, such as mechanical locks in reality (only physical keys can be unlocked) and electronic locks (integrated fingerprints, passwords, facial features) etc.), abstraction can bring multi-dimensional scalability. Smart wallets are currently the most promising method to realize account abstraction in Ethereum. It does not need to be improved from the consensus layer and the bottom layer. ERC-4337 allows the application layer to do account abstraction.
2. What kind of changes can smart wallets bring?
There are many analogies between smart wallets and smartphones. Smartphones integrate more advanced capabilities, such as capacitive screens, gyroscopes, multi-touch, gps, etc. The upgrade of these capabilities brings about the construction of upper-layer applications. It will greatly enhance the user experience, and at the same time will reduce the user’s entry threshold, allowing the elderly, young people, and children to get started with smartphones, because the birth of smartphones allows more users to enter the mobile Internet. ; At the same time, smart phones have great scalability, not limited to communication devices, more scenes are listening to songs, videos, navigation, games, etc. The scalability has brought about a paradigm shift, and users are also accustomed to this cognition Transfer, “default” we will use the smartphone for these natural scenarios.
Comparing smart wallets and EOA wallets, the four advantages summarized through smartphones still apply. The first one is stronger functionality, such as the internal logic of signatures, gas fee payment, and batch transactions. Realization, these are actually in line with the existing scenarios for everyone to understand, EOA wallet does not support batch transactions, the same transaction can only do one thing, but smart wallets can do batch transactions, it can approve and swap to complete, so You approve as much as you need to spend each time, while still maintaining security.
The second point is that it is easier to use, so that the threshold for users is very low, and social recovery can be used to replace the backup key. These are all new changes that can be brought, including gas payment. Those who specifically buy each chain use third-party services, so that some people who do not have the ability to understand wallets, manage private keys, or even do not want to deposit funds can enter web3 through smart wallets.
The third is greater scalability. You can install operations similar to installing plug-ins to make more functions. For example, nft transactions need to authorize approve. If you don’t go through approve, there is no way for both parties to trade. There is a game of trust in the middle. It is a difficult problem, but it is possible to enter nft into the contract account and set the logic of withdrawal through a third-party contract, such as receiving payment, etc., and then the transaction can be completed without the need for third-party trust. The smart wallet is essentially a contract, so It is extensible by itself. The fourth point is paradigm shift. Just like smartphone users, the previous default state was “disconnected”, and the current default state is “connected”. With smart wallets, many traditional concepts before EOA will be overwritten, such as private key public keys. Corresponding keys, need to pay gas, or need to continue to approve, these scenarios can be broken, everyone will gradually get used to some new situations and default.
Here are a few examples to demonstrate the scaling potential of smart contract wallets:
Gnosis safe uses smart contract wallet architecture to implement multi-signature logic;
Users can send different tokens to multiple addresses at the same time in an on-chain transaction, or they can complete approve and swap in one transaction when using uniswap, so as to achieve as much authorization as needed and avoid security risks caused by excessive authorization.
Users can set different operating permissions for different assets, such as setting a higher operating threshold for PFP than ordinary ERC-20 tokens (for example, an admin key managed by a hardware wallet is required to transfer), so that even if the daily environment is crypto If the key is leaked, hackers cannot transfer high-value assets, and strike a balance between security and convenience.
Users can sign an offline authorization “Whoever can give me 100 ETH, I can transfer one of my BAYCs”, so that users can complete atomic transactions P2P with others without authorizing a third-party contract.
4. Uni-pass: a traceless, gas-free, non-custodial, smart wallet that supports social recovery
1. Email-based social recovery
When we send emails, it is similar to the medieval times where letters need to be sealed with wax, and the authenticity of the information needs to be proved. For example, emails are signed by the sending server. For example, in G-mail, google will publish DKM in its domain name. Public key, use the private key of this public key to sign each email, and the recipient then verifies that Google’s DKM signature and hash can pass the email. The social recovery process of Uni-pass is the same, except to check whether the signature and hash of an email DKM can pass in the contract, which can prove the authenticity of the email, and can also change the key in the contract, weight or additional Logic is also possible.
This is why social recovery of accounts can be done in uni-pass. We verify that the user is actively authorized by sending emails. Simply accepting the verification code is not meaningful. It is essentially sent by a centralized server. Sending and receiving emails means that the user grants different permissions to the server, which can be more powerful. Limits ensure safety.
2. Cooperate with MetaMask to lower the threshold for users
We currently connect with a wide range of customers, including nft platforms, game companies, social platforms, or organizations that want to do some incentives through FT. All of them can use our smart wallet to improve user experience, improve conversion rates, and reduce costs.
Speaking of MetaMask, they are currently not lying flat, but are working hard towards the goal of ecological painting, similar to a small program that integrates a plug-in. For users, they do not need to install so many wallets and plug-ins to integrate what they want The functions of these snaps cannot be relied on with official development, but can only be built together with ecological developers. MetaMask provides traffic, developers provide technology, and a win-win situation.
In fact, uni-pass is also the same idea. They will not do the concept of account abstraction by themselves. We have cooperated with MetaMask and have delivered the second version of the Demo. In fact, this is not a conflict. We do the contract layer, and they do the EOA layer. The contract wallet and the EOA wallet are not competition, but more inclined to cooperation and coexistence. For example, we can embed in the EOA wallet. At this time, I feel troublesome and don’t want to do it. At this time, we can retain users through the email method provided by us. In addition, existing users can also use the function of smart wallet, and use the current address to control the smart wallet with one click, which can make the process flow. smoother.
Audience Q&A:
Q: Based on the current logic of Ethereum, will the Ca wallet complete the logic trigger corresponding to the EOA address? Does the smart wallet Gas fee require Layer2?
A: In fact, this statement is correct, but it is still a bit narrow. The most important thing is to see how to control the wallet. We can use the method of verifying the signature or other logic, such as the logic executed by the loan contract in DeFi, There is a premise, that is, whether the user has completed the use and repayment of funds, and then the transfer of funds will be completed according to the contract. It can be seen that this process does not verify the signature, and the contract layer does not verify the signature, but based on the user’s behavior and logic verification, but the consensus layer will verify the signature.
The transaction processing of the consensus layer and the contract layer will generate gas fees. At present, most of the customers we receive are not connected to the eth main chain, but to projects on layer2 or other high-performance public chains. Smart wallets actually It can greatly reduce the cost, especially batch processing can reduce the cost both in theory and practice, and the fixed cost is also greatly reduced.
Q: At present, many dapps do not support Ca wallets, so how should smart wallets break the deadlock from the perspective of scene expansion?
A: The main incompatibility is the DeFi Smart Pool and Dogecoin, to prevent the project party from taking a one-size-fits-all approach. The second incompatibility is the scenario where the signature needs to be verified. If you use a smart wallet, you need to implement EIP-721 , although there is a threshold, it can still be achieved, and opensea can be compatible with this aspect and realize pending order transactions.
In fact, our customers, whether they are playing games or spending, have no such restrictions, and there is no reason to restrict the use of smart wallets. It does not conflict with their goals. In the medium term, the problem of compatibility can be solved, because The smart wallet itself is to solve the pain point of compatibility.
Q: Can the synthesis of NFT and the issuance of SBT smart wallets be realized?
A: This scenario can be implemented without wallet support, as long as there is a signature authorization, this logic can also be placed in a smart wallet, similar to inserting a small app into the wallet, so that the complex interaction of traditional wallets is not required. , the whole process is more convenient and efficient.
Q: From the perspective of To B, where are the customer needs mainly concentrated, and is the degree of customization high?
A: It is mainly based on the project situation. If you understand the history of encryption development, some projects attach great importance to the needs of customer security; for customers with relatively large volumes and strong funds, it makes sense to start a custody solution from the beginning. It can also give users a good experience. If you can accept unmanaged solutions and want to greatly reduce the threshold for use, you can do it with us.
Customization is actually collecting general needs from customers. If we judge that most customers need solutions at this level, we will do it. For example, the project SDK that we received at the beginning did not have native needs, but later the needs became It is very common, everyone wants to embed the SDK into their own app, then we started to do this solution, and we introduced stss when we made the SDK. Later, we thought that many games of our customers are made with Unity, and we directly use the engine level The SDK may be more suitable, that is, we will continue to adjust the customized services, and the flexibility provided by our SDK is also sufficient to meet the needs of customization.